ALPINE-CVE-2026-11527

Config::IniFiles versions before 3.001000 for Perl allow OS command injection and file overwrite via a 2-arg open of the -file argument in makefilehandle. Config::IniFiles::makefilehandle opens a filename argument with Perl's 2-arg open, so a filename that begins or ends with a pipe "| cmd", "cmd...

CVE-2026-11527

Config::IniFiles versions before 3.001000 for Perl allow OS command injection and file overwrite via a 2-arg open of the -file argument in makefilehandle. Config::IniFiles::makefilehandle opens a filename argument with Perl's 2-arg open, so a filename that begins or ends with a pipe "| cmd", "cmd...

CVE-2026-11527 Config::IniFiles versions before 3.001000 for Perl allow OS command injection and file overwrite via a 2-arg open() of the -file argument in _make_filehandle

Config::IniFiles versions before 3.001000 for Perl allow OS command injection and file overwrite via a 2-arg open of the -file argument in makefilehandle. Config::IniFiles::makefilehandle opens a filename argument with Perl's 2-arg open, so a filename that begins or ends with a pipe "| cmd", "cmd...

CVE-2026-11527

CVE-2026-11527 affects Perl Config::IniFiles prior to 3.001000. The vulnerability arises when _make_filehandle opens the -file argument with Perl’s 2-arg open(); untrusted input passed to -file can be treated as a command or redirect (e.g., starting/ending with |, or >/>>), enabling OS c...

CVE-2026-11527

Config::IniFiles versions before 3.001000 for Perl allow OS command injection and file overwrite via a 2-arg open of the -file argument in makefilehandle. Config::IniFiles::makefilehandle opens a filename argument with Perl's 2-arg open, so a filename that begins or ends with a pipe "| cmd", "cmd...

EUVD-2026-1864

ComfyUI-Manager is Vulnerable to CRLF Injection in Configuration Handler...

CVE-2026-22777 ComfyUI-Manager is Vulnerable to CRLF Injection in Configuration Handler

ComfyUI-Manager is an extension designed to enhance the usability of ComfyUI. Prior to versions 3.39.2 and 4.0.5, an attacker can inject special characters into HTTP query parameters to add arbitrary configuration values to the config.ini file. This can lead to security setting tampering or...

CVE-2026-22777

CVE-2026-22777 concerns ComfyUI-Manager, an extension for ComfyUI. A CRLF injection vulnerability exists in the configuration handling where an attacker can inject special characters into HTTP query parameters to add arbitrary values to the config.ini, potentially tampering with security settings...

PT-2018-5636 · Moxa · Moxa Edr-810

Name of the Vulnerable Software and Affected Versions: Moxa EDR-810 version 4.1 build 17030317 Description: A denial of service issue exists in the web server functionality. It can be triggered by a specially crafted HTTP URI, specifically a GET request to "/MOXA CFG.ini" without a cookie header,...