A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 & 3.13 that…

A denial of service vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in ASN…

The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and …

The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains…

RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications tha…

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. T…

Mozilla Firefox before 2.0.0.6, Thunderbird before 1.5.0.13 and 2.x before 2.0.0.6, and SeaMonk…

Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regar…

In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06.2-ee-23 and 18.x before 1…

An information disclosure and remote code execution vulnerability in the slinger web server of …

Apache Airavata Django Portal allows CRLF log injection because of lack of escaping log stateme…

Nuclio is a "Serverless" framework for Real-Time Events and Data Processing. Prior to version 1…

A sanitization vulnerability exists in Rocket.Chat server versions <3.13.2, <3.12.4, <3.11.4 th…

wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape seq…

Apache Sling Commons Log <= 5.4.0 and Apache Sling API <= 2.25.0 are vulnerable to log injectio…

A remote code execution vulnerability has been identified in the User Defined Tags module of CM…

A vulnerability in input validation exists in curl <8.0 during communication using the TELNET p…

Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.…

A sequence injection vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 which could a…

A vulnerability has been identified in Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo…

Improper output neutralization for Logs. A specific Apache Superset HTTP endpoint allowed for a…

The (1) get and (2) log methods in the AgentController in Red Hat CloudForms 3.0 Management Eng…

An authentication bypass exists on CyberPower PowerPanel Enterprise by failing to sanitize meta…

Power Platform Terraform Provider allows managing environments and other resources within Power…

Unsanitized input in the default logger in github.com/gin-gonic/gin before v1.6.0 allows remote…

A flaw was found in Ansible Collection community.crypto. openssl_privatekey_info exposes privat…

Revive Adserver before 3.2.5 and 4.0.0 suffers from Special Element Injection. Usernames weren'…

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition …

Sending specially crafted commands to a MongoDB Server may result in artificial log entries bei…

In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it…

In generator-jhipster-kotlin version 1.6.0 log entries are created for invalid password reset a…

Improper Output Neutralization for Logs vulnerability in Apache Log4cxx. When using JSONLayout,…

The information disclosure vulnerability present in B&R GateManager 4260 and 9250 versions <9.0…

Mocodo Mocodo Online 4.2.6 and below is vulnerable to Remote Code Execution via /web/rewrite.ph…

XWiki Commons are technical libraries common to several other top level XWiki projects. Startin…

Deno is a simple, modern and secure runtime for JavaScript and TypeScript that uses V8 and is b…

Improper Output Neutralization for Logs vulnerability in Apache Log4cxx. When using HTMLLayout,…

WoodWing Elvis DAM v6.98.1 was discovered to contain an authenticated remote command execution …

lldptool version 1.0.1 and older can print a raw, unsanitized attacker controlled buffer when m…

Triangle MicroWorks SCADA Data Gateway Event Log Improper Output Neutralization For Logs Arbitr…