CWE-117 · Improper Output Neutralization for Logs
101 CVEs classified under CWE-117 (Improper Output Neutralization for Logs). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-46322 | Critical | 9.8 | 2023-10-23 | iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not sanitize ssh hostnames in URLs. The hostname's initial character may be non-alphanumeric. The host… |
CVE-2023-46321 | Critical | 9.8 | 2023-10-23 | iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not sanitize paths in x-man-page URLs. They may have shell metacharacters for a /usr/bin/man command l… |
CVE-2026-25548 | Critical | 9.1 | 2026-02-18 | InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A critical Remote Code Execution (RCE) vulnerability exists… |
CVE-2024-0095 | Critical | 9.0 | 2024-06-13 | NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where a user can inject forged logs and executable commands by injecting arbitrar… |
CVE-2024-29022 | High | 8.8 | 2024-04-12 | Xibo is an Open Source Digital Signage platform with a web content management system and Windows display player software. In affected versions some request hea… |
CVE-2024-25047 | High | 8.6 | 2024-05-02 | IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.2 is vulnerable to injection attacks in application logging by not sanitizing user provided… |
CVE-2023-4571 | High | 8.6 | 2023-08-30 | In Splunk IT Service Intelligence (ITSI) versions below below 4.13.3, 4.15.3, or 4.17.1, a malicious actor can inject American National Standards Institute (AN… |
CVE-2023-3997 | High | 8.6 | 2023-07-31 | Splunk SOAR versions lower than 6.1.0 are indirectly affected by a potential vulnerability accessed through the user’s terminal. A third party can send Splunk… |
CVE-2023-32712 | High | 8.6 | 2023-06-01 | In Splunk Enterprise versions below 9.1.0.2, 9.0.5.1, and 8.2.11.2, an attacker can inject American National Standards Institute (ANSI) escape codes into Splun… |
CVE-2025-57564 | High | 8.2 | 2025-10-07 | CubeAPM nightly-2025-08-01-1 allow unauthenticated attackers to inject arbitrary log entries into production systems via the /api/logs/insert/elasticsearch/_bu… |
CVE-2026-45565 | High | 8.1 | 2026-06-10 | Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, EscapedString (app/modules/roxywi/class_m… |
CVE-2022-22151 | High | 8.1 | 2022-03-11 | CAMS for HIS Log Server contained in the following Yokogawa Electric products fails to properly neutralize log outputs: CENTUM CS 3000 versions from R3.08.10 t… |
CVE-2019-14846 | High | 7.8 | 2019-10-08 | In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to… |
CVE-2026-34478 | High | 7.5 | 2026-04-10 | Apache Log4j Core's Rfc5424Layout https://logging.apache.org/log4j/2.x/manual/layouts.html#RFC5424Layout , in versions 2.21.0 through 2.25.3, is vulnerable to… |
CVE-2026-24308 | High | 7.5 | 2026-03-07 | Improper handling of configuration values in ZKConfig in Apache ZooKeeper 3.8.5 and 3.9.4 on all platforms allows an attacker to expose sensitive information s… |
CVE-2025-54813 | High | 7.5 | 2025-08-22 | Improper Output Neutralization for Logs vulnerability in Apache Log4cxx. When using JSONLayout, not all payload bytes are properly escaped. If an attacker-sup… |
CVE-2024-9606 | High | 7.5 | 2025-03-20 | In berriai/litellm before version 1.44.12, the `litellm/litellm_core_utils/litellm_logging.py` file contains a vulnerability where the API key masking code onl… |
CVE-2025-27111 | High | 7.5 | 2025-03-04 | Rack is a modular Ruby web server interface. The Rack::Sendfile middleware logs unsanitised header values from the X-Sendfile-Type header. An attacker can expl… |
CVE-2024-47083 | High | 7.5 | 2024-09-25 | Power Platform Terraform Provider allows managing environments and other resources within Power Platform. Versions prior to 3.0.0 have an issue in the Power Pl… |
CVE-2020-25646 | High | 7.5 | 2020-10-29 | A flaw was found in Ansible Collection community.crypto. openssl_privatekey_info exposes private key in logs. This directly impacts confidentiality |