Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-117

CWE-117

Medium likelihood

Improper Output Neutralization for Logs

Parent: CWE-116 - Improper Encoding or Escaping of Output

The product constructs a log message from external input, but it does not neutralize or incorrectly neutralizes special elements when the message is written to a log file.

98 vulnerabilities with CWE-117

CVE-2026-20260 MEDIUM

Log Injection through HTTP Request Paths in Splunk SOAR

CVE-2026-45565 HIGH

Roxy-WI: EscapedString validator skips its '..' block when stripping (root cause for several path-traversal/RCE vectors)

CVE-2026-9016 MEDIUM

Debug Log Manager <= 2.5.0 - Unauthenticated Improper Output Neutralization for Logs via log_js_errors AJAX Action

CVE-2026-5078 MEDIUM

morgan vulnerable to Log Forging via unneutralized control characters in :remote-user

CVE-2026-45679 MEDIUM

OpenTelemetry eBPF Instrumentation: Redis error text is exported in span status messages

CVE-2026-6494 MEDIUM

Aap-mcp-server: aap mcp server: log injection allows social engineering attacks via unsanitized input

CVE-2026-34478 HIGH

Apache Log4j Core: Log injection in Rfc5424Layout due to silent configuration incompatibility

CVE-2026-25548 CRITICAL

InvoicePlane 1.7.0 - RCE via LFI & Log Poisoning

CVE-2026-1337 MEDIUM

Neo4j < 2026.01 - Cross-Site Scripting via Query Log Unicode Character Escaping

CVE-2025-14684 MEDIUM

IBM Maximo Application Suite - Monitor Component uses Log Forging which is vulnerable to .

CVE-2025-59784 HIGH

2N Access Commander <3.4.1 - Log Pollution

CVE-2025-12755 MEDIUM

IBM MQ Operator 3.2.0-3.8.1 - Log Injection

CVE-2025-11537 MEDIUM

Keycloak Quarkus Server < 26.6.0 - Sensitive Header Exposure in Verbose Log Format

CVE-2025-66577 MEDIUM

cpp-httplib <0.27.0 - Log Poisoning

CVE-2025-20384 MEDIUM

Splunk <10.0.1-9.2.10 - Info Disclosure

CVE-2025-36159 MEDIUM

IBM Concert <2.0.0 - Info Disclosure

CVE-2025-11627 MEDIUM

Site Checkup Debug AI Troubleshooting with Wizard and Tips for Each...

CVE-2025-36081 MEDIUM

IBM Concert Software <2.0.0 - Info Disclosure

CVE-2025-57564 HIGH

CubeAPM nightly-2025-08-01-1 - Code Injection

CVE-2025-58580 MEDIUM

SICK Enterprise Analytics - Log Injection via API Endpoint

CVE-2025-10217 MEDIUM

Asset Suite - Info Disclosure

CVE-2025-59476 MEDIUM

Jenkins < 2.516.3 and < 2.528 - Log Forgery via Line Break Injection

CVE-2025-54813 HIGH

Apache Log4cxx <1.5.0 - Info Disclosure

CVE-2025-54812 MEDIUM

Apache Log4cxx < 1.5.0 - Cross-Site Scripting in HTMLLayout Logger Name

CVE-2025-54389 MEDIUM

Advanced Intrusion Detection Environment < 0.19.2 - Log Tampering via Terminal Escape Sequences

Page 1 of 4 Next

Details

Vulnerabilities 98

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy