CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ROS-20260505-73-0046

A vulnerability in the urllib.request.DataHandler component of the Python programming language interpreter is related to the failure to take measures to neutralize CRLF sequences. Exploitation of the vulnerability may allow a remote attacker to affect the integrity of protected information...

ROS-20260505-73-0045

Redos•added 2026/05/05 12:0 a.m.•2 views

ROS-20260505-73-0047

Redos•added 2026/05/05 12:0 a.m.•4 views

ROS-20260505-73-0048

ROS-20260505-73-0049

6CVSS7.2AI score0.0056EPSS

ROS-20260505-73-0060

A vulnerability in the email module of the Python programming language interpreter is related to the failure to take measures to neutralize CRLF sequences. Exploitation of the vulnerability could allow a remote attacker to compromise the integrity of protected information...

Positive Technologies•added 2026/05/05 12:0 a.m.•7 views

PT-2026-38895

Summary Submodule name validation bypass plus missing validation in production code paths allows path traversal via crafted .gitmodules. Combined with a trust inheritance flaw in Submodule::open, this enables reading arbitrary git repository configs including credentials from traversed paths with...

7.5CVSS6AI score

Exploits0References3

OSV•added 2026/05/04 10:4 p.m.•2 views

GHSA-HM49-WCQC-G2XG net-imap vulnerable to command Injection via "raw" arguments to multiple commands

Summary Several Net::IMAP commands accept a raw string argument that is sent to the server without validation or escaping. If this string is derived from user-controlled input, it may contain contain CRLF sequences, which an attacker can use to inject arbitrary IMAP commands. Details Net::IMAP's...

5.8CVSS5.6AI score0.00412EPSS

Exploits0References12

Github Security Blog•added 2026/05/04 10:4 p.m.•4 views

net-imap vulnerable to command Injection via "raw" arguments to multiple commands

9.8CVSS5.6AI score0.00412EPSS

Exploits0References12Affected Software1

Snyk•added 2026/05/04 10:4 p.m.•7 views

CRLF Injection

Overview Affected versions of this package are vulnerable to CRLF Injection via the handling of raw string arguments in commands such as uidsearch, search, uidfetch, fetch, uidstore, store, and setquota. A user can execute arbitrary IMAP commands by injecting specially crafted input containing CR...

9.8CVSS6AI score0.00412EPSS

Exploits0References3

Snyk•added 2026/05/04 10:4 p.m.•10 views

CRLF Injection

Overview Affected versions of this package are vulnerable to CRLF Injection via unvalidated flag arguments in IMAP commands. A user can execute arbitrary IMAP commands by injecting CRLF sequences through crafted Symbol inputs. Remediation Upgrade net-imap to version 0.4.24, 0.5.14, 0.6.4 or highe...

9.8CVSS6AI score0.00937EPSS

Exploits0References3

Snyk•added 2026/05/04 9:28 p.m.•8 views

Directory Traversal

Overview fast-uri is a Dependency-free RFC 3986 URI toolbox Affected versions of this package are vulnerable to Directory Traversal via the normalize or equal functions. An attacker can bypass path-based access controls by submitting specially crafted percent-encoded or dot segments in URLs,...

8.7CVSS6.3AI score0.00397EPSS

Snyk•added 2026/05/04 9:28 p.m.•7 views

Directory Traversal

Overview org.webjars.npm:fast-uri is a Dependency-free RFC 3986 URI toolbox Affected versions of this package are vulnerable to Directory Traversal via the normalize or equal functions. An attacker can bypass path-based access controls by submitting specially crafted percent-encoded or dot segmen...

8.7CVSS6.3AI score0.00397EPSS

Snyk•added 2026/05/04 9:16 p.m.•4 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the currentDirectory parameter in the media upload process. An attacker can achieve arbitrary code execution and full server compromise by uploading a crafted file containing executable code to a location outside...

8.8CVSS6.3AI score0.00832EPSS

Exploits1References2

OSV•added 2026/05/04 9:16 p.m.•2 views

GHSA-VP2F-CQQP-478J AzuraCast has Path Traversal in `currentDirectory` Parameter that Enables Remote Code Execution via Media Upload

Summary The currentDirectory request parameter in the Flow.js media upload endpoint POST /api/station/stationid/files/upload is not sanitized for path traversal sequences. When combined with a local filesystem storage backend the default, an authenticated user with media management permissions ca...

8.8CVSS6.7AI score0.00832EPSS

Exploits1References5

Github Security Blog•added 2026/05/04 9:16 p.m.•9 views

AzuraCast has Path Traversal in `currentDirectory` Parameter that Enables Remote Code Execution via Media Upload

8.8CVSS6.7AI score0.00832EPSS

Exploits1References5Affected Software1

RedhatCVE•added 2026/05/04 8:21 p.m.•4 views

CVE-2026-5140

Improper neutralization of CRLF sequences 'CRLF injection' vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Update allows Authentication Bypass. This issue affects Pardus Update: from 0.6.3 before 0.6.4...

8.8CVSS5.8AI score0.00481EPSS

Exploits0References1

Snyk•added 2026/05/04 6:26 p.m.•5 views

Directory Traversal

Overview pptagent is an An Agentic Framework for Reflective PowerPoint Generation Affected versions of this package are vulnerable to Directory Traversal via the markdowntabletoimage function. An attacker can create or overwrite arbitrary files and directories by supplying crafted input that...

5.1CVSS6.3AI score0.00198EPSS

Snyk•added 2026/05/04 6:26 p.m.•7 views

Directory Traversal

Overview pptagent is an An Agentic Framework for Reflective PowerPoint Generation Affected versions of this package are vulnerable to Directory Traversal via the savegeneratedslides function. An attacker can overwrite or create arbitrary files on the system by supplying crafted input when invokin...

5.1CVSS6.3AI score0.00198EPSS