2418 matches found
Symfony Profiler - Remote Access via Injected Arguments
symfony/runtime is a module for the Symphony PHP framework which enables decoupling PHP applications from global state. When the registerargvargc php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment or debug mode used by...
net-imap: rubygem-net-imap: Net::IMAP: Denial of Service via malformed command input
A flaw was found in Net::IMAP, a Ruby client library for the Internet Message Access Protocol IMAP. This vulnerability allows a remote attacker to cause a denial of service by sending specially crafted input to certain Net::IMAP commands. When a raw string argument, derived from user-controlled...
CVE-2026-62312
9Router is an AI router & token saver. Prior to 0.5.2, 9Router allows a remote authenticated attacker to achieve arbitrary code execution on the host operating system by combining a Host header bypass of localhost-only routes with unvalidated MCP plugin args passed to childprocess.spawn, allowing...
CVE-2026-62312 9Router: Authenticated RCE via Unvalidated MCP Plugin Arguments
9Router is an AI router & token saver. Prior to 0.5.2, 9Router allows a remote authenticated attacker to achieve arbitrary code execution on the host operating system by combining a Host header bypass of localhost-only routes with unvalidated MCP plugin args passed to childprocess.spawn, allowing...
CVE-2026-62312
CVE-2026-62312 affects 9Router, an AI router & token saver. Before v0.5.2, an authenticated remote attacker can achieve arbitrary code execution on the host by abusing a Host header bypass of localhost-only routes in combination with unvalidated MCP plugin arguments passed to child_process.spawn(...
CVE-2026-46629
Twig: twig/intl-extra memoises IntlDateFormatter and NumberFormatter in unbounded per-template arguments, causing potential unbounded memory growth in long-running environments. Affected prior to 3.26.0; fix is to upgrade to Twig 3.26.0 or later (formatter caches bounded with FIFO). Debian adviso...
CVE-2026-47732
Twig Sandbox: multiple __toString() policy bypasses via unguarded string coercion points existed prior to 3.26.0, enabling string coercion of Stringable operands through various constructs (conditional expressions, matches operator, loose comparisons, tests, template-loading tags, dynamic attribu...
CVE-2026-53365
A flaw was found in the Linux kernel's vsock/virtio component. This vulnerability occurs during zerocopy completion for large messages fragmented into multiple socket kernel buffers skbs. An issue in how user arguments uargs are handled for these buffers can lead to pinned user pages not being...
openSUSE 16: ImageMagick / ImageMagick-config-7-SUSE / etc (openSUSE-SU-2026:21291-1)
The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:21291-1 advisory. This update for ImageMagick fixes the following issues - CVE-2026-53466: integer overflow in the XCF decoder can result in an out-of-bounds read...
CVE-2026-15547
Shibby Tomato (up to 1.28.0000) contains a vulnerability in the CIFS Mount Handler sub_2D048 that allows remote OS command injection by manipulating the cifs1/cifs2 arguments. A public exploit exists; impact is described with network access and low privileges. The project is superseded by FreshTo...
CVE-2026-15514
A weakness has been identified in Metasoft 美特软件 MetaCRM up to 6.4.0 Beta06. This vulnerability affects the function RPCService.query of the file /customizemt/xkq/rpc.jsp of the component PHPRPC Remote Call Interface. Executing a manipulation of the argument phprpcargs can lead to sql injection. T...
CVE-2026-59260
OpenWrt luci-app-samba4 read ACL grants file.exec permission on /usr/sbin/smbd, allowing authenticated delegated users to execute the Samba daemon with caller-controlled command-line arguments. Attackers can pass arbitrary Samba global options such as message command to a root smbd process,...
CVE-2026-59260 OpenWrt luci-app-samba4 read ACL remote code execution via smbd
OpenWrt luci-app-samba4 read ACL grants file.exec permission on /usr/sbin/smbd, allowing authenticated delegated users to execute the Samba daemon with caller-controlled command-line arguments. Attackers can pass arbitrary Samba global options such as message command to a root smbd process,...
DEBIAN-CVE-2026-52747
ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Prior to 3.0.16, the multipart/form-data request body parser in libmodsecurity silently removes embedded line breaks from non-file form-field values before exporting them to ARGS and...
UBUNTU-CVE-2026-52747
ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Prior to 3.0.16, the multipart/form-data request body parser in libmodsecurity silently removes embedded line breaks from non-file form-field values before exporting them to ARGS and...
CVE-2026-52747 ModSecurity: Multipart form-data parser silently strips embedded line breaks from form-field values, enabling request-body inspection bypass
ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. Prior to 3.0.16, the multipart/form-data request body parser in libmodsecurity silently removes embedded line breaks from non-file form-field values before exporting them to ARGS and...
CVE-2026-55884 Tilt: Missing authentication on the network-exposed Tilt HUD server
Tilt defines dev environments as code for microservice apps on Kubernetes. From 0.20.8 through 0.37.3, the Tilt HUD HTTP server registers handlers on a gorilla/mux router with no authenticating middleware. When the HUD is bound to a non-loopback address, an unauthenticated network caller can...
UBUNTU-CVE-2026-57214
RabbitMQ is a messaging and streaming broker. Prior to 4.2.5, the RabbitMQ management UI renders the x-internal-purpose queue or exchange argument into an HTML title attribute without proper escaping on the Queues and Exchanges pages, allowing a user with permission to declare a queue or exchange...
CVE-2026-57214 RabbitMQ: Stored XSS in RabbitMQ management UI
RabbitMQ is a messaging and streaming broker. Prior to 4.2.5, the RabbitMQ management UI renders the x-internal-purpose queue or exchange argument into an HTML title attribute without proper escaping on the Queues and Exchanges pages, allowing a user with permission to declare a queue or exchange...
ruby/net-imap: ruby: Net::IMAP: IMAP Command Injection via Symbol Arguments
A flaw was found in Net::IMAP, a Ruby library that provides Internet Message Access Protocol IMAP client functionality. This vulnerability allows a remote attacker to inject arbitrary IMAP commands. This is achieved by passing specially crafted symbol arguments to IMAP commands. Successful...