Lucene search
+L

83 matches found

nvd
nvd
added 2026/07/08 12:16 a.m.9 views

CVE-2026-55427

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, coder config-ssh wrote server-supplied SSH settings HostnameSuffix, SSHConfigOptions into the user's /.ssh/config without sanitizing embedded newlines or...

8.3CVSS0.00466EPSS
Exploits0References6
cvelist
cvelist
added 2026/07/07 11:55 p.m.36 views

CVE-2026-55427 Coder vulnerable to SSH config injection via unsanitized server-supplied values in `coder config-ssh`

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, coder config-ssh wrote server-supplied SSH settings HostnameSuffix, SSHConfigOptions into the user's /.ssh/config without sanitizing embedded newlines or...

8.3CVSS0.00466EPSS
Exploits0References6
osv
osv
added 2026/07/07 11:55 p.m.10 views

CVE-2026-55427 Coder vulnerable to SSH config injection via unsanitized server-supplied values in `coder config-ssh`

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, coder config-ssh wrote server-supplied SSH settings HostnameSuffix, SSHConfigOptions into the user's /.ssh/config without sanitizing embedded newlines or...

8.3CVSS6.1AI score0.00466EPSS
Exploits0References8
osv
osv
added 2026/07/07 3:26 p.m.5 views

GO-2026-5913 Coder vulnerable to SSH config injection via unsanitized server-supplied values in `coder config-ssh` in github.com/coder/coder

Coder vulnerable to SSH config injection via unsanitized server-supplied values in coder config-ssh in github.com/coder/coder...

8.3CVSS6AI score0.00466EPSS
Exploits0References2
github
github
added 2026/07/06 8:53 p.m.7 views

Coder vulnerable to SSH config injection via unsanitized server-supplied values in `coder config-ssh`

Summary coder config-ssh wrote server-supplied SSH settings HostnameSuffix, SSHConfigOptions into the user's /.ssh/config without sanitizing embedded newlines or restricting directives so a malicious or compromised Coder server could inject arbitrary SSH configuration. Note: Practical exploitatio...

8.3CVSS6.6AI score0.00466EPSS
Exploits0References3Affected Software1
osv
osv
added 2026/06/24 11:7 a.m.5 views

BIT-NGINX-GATEWAY-FABRIC-2026-11311 NGINX Gateway Fabric vulnerability

When NGINX Plus is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from the NginxProxy Custom Resource Definition serverTokens field and the...

8.6CVSS6AI score0.00567EPSS
Exploits0References2
osv
osv
added 2026/06/23 5:42 p.m.3 views

CVE-2026-0864 Configuration Injection via Carriage Return (\r) in write() method

When using the "configparser" module to write configuration files containing multi-line text values with carriage return characters \r the resulting file could be injected with unexpected keys and values if the attacker controls the written value...

4.1CVSS5.9AI score0.00128EPSS
Exploits0References10
f5
f5
added 2026/06/17 7:46 p.m.18 views

K000161785: NGINX Gateway Fabric vulnerability CVE-2026-50107

Security Advisory Description When NGINX Plus or NGINX Open Source is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from the NginxProxy Custom Resource...

8.6CVSS5.5AI score0.00492EPSS
Exploits0Affected Software1
vulnrichment
vulnrichment
added 2026/06/10 2:1 p.m.13 views

CVE-2026-45558 Roxy-WI: Authenticated RCE on every managed HAProxy load balancer via `option` field config injection in section save

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the HAProxy section-save endpoints POST /api/service/haproxy//section/ and the PUT / global / defaults variants accept a JSON option field that is not validated, not escaped, and ...

9.9CVSS6.5AI score0.00439EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/08 12:0 a.m.12 views

PT-2026-47557

internal/configgen/generator.go:86,108,119 interpolates the operator-supplied ListenHost and TunDevice fields raw into a text/template that produces the agent's config.yml. internal/web/advanced.go:20-35 accepts both with only strings.TrimSpace — no character or shape validation. Exploit An...

8.7CVSS5.5AI score
Exploits0References5
redhatcve
redhatcve
added 2026/06/05 7:11 p.m.9 views

CVE-2026-44011

Craft CMS is a content management system CMS. From 4.0.0 to before 4.17.12 and 5.9.18, Craft CMS which contains an input-handling flaw in a Yii object creation path that let any authenticated user inject malicious configuration and execute arbitrary commands on the server. The request-controlled...

8.6CVSS5.9AI score0.00346EPSS
Exploits0References1
cve
cve
added 2026/05/27 7:15 p.m.26 views

CVE-2026-44887

CVE-2026-44887 affects Pi.Alert, a WIFI/LAN intruder detector with a web service. The vulnerability arises from the web-based configuration editor allowing arbitrary Python code to be injected into pialert.conf; the background scan daemon loads this file with Python’s exec(), causing the injected...

9.8CVSS6AI score0.00545EPSS
Exploits0References1
osv
osv
added 2026/05/27 7:15 p.m.3 views

CVE-2026-44887 Unauthenticated RCE via Python Config File Injection in SaveConfigFile() (Path)

Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Alert's web-based configuration editor allows arbitrary Python code to be injected into pialert.conf. Since the background scan daemon loads this file via Python's exec, injected code executes as the...

9.8CVSS6.2AI score0.00545EPSS
Exploits0References3
cve
cve
added 2026/05/27 7:14 p.m.36 views

CVE-2026-44888

Pi.Alert vulnerability CVE-2026-44888: unauthenticated RCE via SaveConfigFile() config injection. Prior to 2026-05-07, numeric config values (e.g., SMTP_PORT) were written into pialert.conf without validation; pialert.conf is loaded with Python exec() every 3–5 minutes by a background cron, allow...

9.8CVSS6AI score0.00314EPSS
Exploits0References1
osv
osv
added 2026/05/27 7:14 p.m.3 views

CVE-2026-44888 Unauthenticated RCE via Python Config File Injection in SaveConfigFile() (Interger)

Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Alert's SaveConfigFile endpoint writes user-supplied numeric config values e.g., SMTPPORT directly into pialert.conf without validation. Since pialert.conf is loaded via Python's exec every 3–5 minutes...

9.8CVSS6.1AI score0.00314EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/05/24 1:40 p.m.12 views

CVE-2026-4372 Arbitrary Remote Code Execution via `_attn_implementation_internal` Config Injection in huggingface/transformers

A critical remote code execution vulnerability exists in all versions of the HuggingFace transformers library prior to version 5.3.0. The vulnerability allows an attacker to craft a malicious config.json file containing the attnimplementationinternal field set to an attacker-controlled HuggingFac...

7.8CVSS7.8AI score0.00479EPSS
Exploits1References2
ossf
ossf
added 2026/05/22 1:55 a.m.13 views

Malicious code in mev-shield (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9783d5e48d62da6de516b1cf5d36474143528a9c6f33a86892ee558266a4e5ec The package advertises itself as an 'MEV protection layer for Ethereum trading bots' but does the opposite. On npm install, a postinstall script...

5.8AI score
Exploits0References1
cvelist
cvelist
added 2026/05/12 8:25 p.m.65 views

CVE-2026-44011 Craft CMS: Potential authenticated Remote Code Execution via malicious attached Behavior

Craft CMS is a content management system CMS. From 4.0.0 to before 4.17.12 and 5.9.18, Craft CMS which contains an input-handling flaw in a Yii object creation path that let any authenticated user inject malicious configuration and execute arbitrary commands on the server. The request-controlled...

8.6CVSS0.00346EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/05/12 8:25 p.m.10 views

CVE-2026-44011

Craft CMS is a content management system CMS. From 4.0.0 to before 4.17.12 and 5.9.18, Craft CMS which contains an input-handling flaw in a Yii object creation path that let any authenticated user inject malicious configuration and execute arbitrary commands on the server. The request-controlled...

8.6CVSS6.1AI score0.00346EPSS
Exploits0References3Affected Software1
osv
osv
added 2026/05/06 9:58 p.m.6 views

GHSA-V87R-6Q3F-2J67 GitPython: Newline injection in config_writer().set_value() enables RCE via core.hooksPath

GitConfigParser.setvalue passes values to Python's configparser without validating for newlines. GitPython's own write converts embedded newlines into indented continuation lines e.g. \n becomes \n\t, but Git still accepts an indented core stanza as a section header — so the injected core.hooksPa...

7.8CVSS6AI score0.00237EPSS
Exploits1References4
Rows per page
Query Builder