CWE-117 · Improper Output Neutralization for Logs

101 CVEs classified under CWE-117 (Improper Output Neutralization for Logs). Browse by severity and year.

Top CVEs for CWE-117
CVESeverityScorePublishedSummary
CVE-2023-46322Critical9.82023-10-23iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not sanitize ssh hostnames in URLs. The hostname's initial character may be non-alphanumeric. The host…
CVE-2023-46321Critical9.82023-10-23iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not sanitize paths in x-man-page URLs. They may have shell metacharacters for a /usr/bin/man command l…
CVE-2026-25548Critical9.12026-02-18InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A critical Remote Code Execution (RCE) vulnerability exists…
CVE-2024-0095Critical9.02024-06-13NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where a user can inject forged logs and executable commands by injecting arbitrar…
CVE-2024-29022High8.82024-04-12Xibo is an Open Source Digital Signage platform with a web content management system and Windows display player software. In affected versions some request hea…
CVE-2024-25047High8.62024-05-02IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.2 is vulnerable to injection attacks in application logging by not sanitizing user provided…
CVE-2023-4571High8.62023-08-30In Splunk IT Service Intelligence (ITSI) versions below below 4.13.3, 4.15.3, or 4.17.1, a malicious actor can inject American National Standards Institute (AN…
CVE-2023-3997High8.62023-07-31Splunk SOAR versions lower than 6.1.0 are indirectly affected by a potential vulnerability accessed through the user’s terminal. A third party can send Splunk…
CVE-2023-32712High8.62023-06-01In Splunk Enterprise versions below 9.1.0.2, 9.0.5.1, and 8.2.11.2, an attacker can inject American National Standards Institute (ANSI) escape codes into Splun…
CVE-2025-57564High8.22025-10-07CubeAPM nightly-2025-08-01-1 allow unauthenticated attackers to inject arbitrary log entries into production systems via the /api/logs/insert/elasticsearch/_bu…
CVE-2026-45565High8.12026-06-10Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, EscapedString (app/modules/roxywi/class_m…
CVE-2022-22151High8.12022-03-11CAMS for HIS Log Server contained in the following Yokogawa Electric products fails to properly neutralize log outputs: CENTUM CS 3000 versions from R3.08.10 t…
CVE-2019-14846High7.82019-10-08In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to…
CVE-2026-34478High7.52026-04-10Apache Log4j Core's Rfc5424Layout https://logging.apache.org/log4j/2.x/manual/layouts.html#RFC5424Layout , in versions 2.21.0 through 2.25.3, is vulnerable to…
CVE-2026-24308High7.52026-03-07Improper handling of configuration values in ZKConfig in Apache ZooKeeper 3.8.5 and 3.9.4 on all platforms allows an attacker to expose sensitive information s…
CVE-2025-54813High7.52025-08-22Improper Output Neutralization for Logs vulnerability in Apache Log4cxx. When using JSONLayout, not all payload bytes are properly escaped. If an attacker-sup…
CVE-2024-9606High7.52025-03-20In berriai/litellm before version 1.44.12, the `litellm/litellm_core_utils/litellm_logging.py` file contains a vulnerability where the API key masking code onl…
CVE-2025-27111High7.52025-03-04Rack is a modular Ruby web server interface. The Rack::Sendfile middleware logs unsanitised header values from the X-Sendfile-Type header. An attacker can expl…
CVE-2024-47083High7.52024-09-25Power Platform Terraform Provider allows managing environments and other resources within Power Platform. Versions prior to 3.0.0 have an issue in the Power Pl…
CVE-2020-25646High7.52020-10-29A flaw was found in Ansible Collection community.crypto. openssl_privatekey_info exposes private key in logs. This directly impacts confidentiality