Lucene search
K

26 matches found

RedHat Linux
RedHat Linux
added 4 days ago5 views

fast-uri: fast-uri: URI authority bypass due to improper delimiter handling

A flaw was found in fast-uri. A remote attacker could exploit this vulnerability by crafting a malicious Uniform Resource Identifier URI that contains percent-encoded authority delimiters. The fast-uri library incorrectly decodes these delimiters during normalization and then re-emits them as raw...

7.5CVSS5.8AI score0.00475EPSS
Exploits0References6
NVD
NVD
added 2026/06/10 4:17 p.m.10 views

CVE-2026-53694

Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability in Nomachine allows Argument Injection.This issue affects Nomachine: before 9.5.7, before 8.23.2...

7.3CVSS0.00131EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/03/26 3:16 p.m.2 views

CVE-2026-2298

Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability in Salesforce Marketing Cloud Engagement allows Web Services Protocol Manipulation. This issue affects Marketing Cloud Engagement: before January 30th, 2026...

9.4CVSS5.8AI score0.00413EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/03/20 9:16 a.m.3 views

CVE-2026-33069

PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and below have a cascading out-of-bounds heap read in pjsipmultipartparse. After boundary string matching, curptr is advanced past the delimiter without verifying it has not reached the buffer end. This...

7.5CVSS6AI score0.0026EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/26 3:10 p.m.4 views

CVE-2026-22582

Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability in Salesforce Marketing Cloud Engagement MicrositeUrl module allows Web Services Protocol Manipulation. This issue affects Marketing Cloud Engagement: before January 21st, 2026...

9.8CVSS5.9AI score0.00659EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/24 12:0 a.m.11 views

PT-2026-4540

Name of the Vulnerable Software and Affected Versions Salesforce Marketing Cloud Engagement versions prior to January 21st, 2026 Description Improper Neutralization of Argument Delimiters in a Command, also known as Argument Injection, in the MicrositeUrl module allows Web Services Protocol...

9.8CVSS5.8AI score0.00659EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2023-31208

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper neutralization of livestatus command delimiters in the RestAPI in Checkmk 2.0.0p36, 2.1.0p28, and 2.2.0b8 beta allows arbitrary livestatus command...

8.8CVSS8.2AI score0.00974EPSS
Exploits0References2
CNVD
CNVD
added 2025/08/29 12:0 a.m.3 views

DELL ThinOS 10 Parameter Injection Vulnerability

DELL ThinOS 10 is a next-generation thin client operating system from Dell designed for virtual desktop infrastructure VDI to improve security, efficiency and user experience. DELL ThinOS 10 suffers from a parameter injection vulnerability that stems from improper parameter delimiter...

8.4CVSS7.3AI score0.00196EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/08/27 12:0 a.m.4 views

Dell ThinOS 10 参数注入漏洞

DELL ThinOS 10 is a next-generation thin client operating system from Dell designed for virtual desktop infrastructure VDI to improve security, efficiency and user experience. DELL ThinOS 10 suffers from a parameter injection vulnerability that stems from improper parameter delimiter...

8.4CVSS7.2AI score0.00196EPSS
Exploits0References2
OSV
OSV
added 2025/05/22 1:15 p.m.3 views

CVE-2025-3945

Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability in Tridium Niagara Framework on QNX, Tridium Niagara Enterprise Security on QNX allows Command Delimiters. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara...

9.8CVSS5.8AI score0.00593EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/04/10 12:0 a.m.6 views

PT-2025-15924 · Checkmk · Checkmk

Name of the Vulnerable Software and Affected Versions: Checkmk versions prior to 2.2.0p39 Checkmk versions prior to 2.3.0p25 Checkmk versions prior to 2.1.0p51 Description: The issue is related to improper neutralization of livestatus command delimiters in a specific endpoint within the RestAPI o...

8.8CVSS6.6AI score0.00714EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/11/18 12:0 a.m.3 views

PT-2024-29912 · Cesanta · Cesanta Mongoose Web Server

Name of the Vulnerable Software and Affected Versions: Cesanta Mongoose Web Server version 7.14 Description: The issue is related to improper neutralization of delimiters in the Cesanta Mongoose Web Server. This can cause an out-of-bound memory write if the PEM certificate contains unexpected...

7CVSS6.8AI score0.0009EPSS
Exploits0References6
OSV
OSV
added 2024/03/06 10:55 a.m.27 views

BIT-DJANGO-2020-7471

Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter. By passing a suitably crafted delimiter...

9.8CVSS8.7AI score0.65336EPSS
Exploits9References13
OSV
OSV
added 2024/02/27 2:15 p.m.5 views

CVE-2023-51747

Apache James prior to versions 3.8.1 and 3.7.5 is vulnerable to SMTP smuggling. A lenient behaviour in line delimiter handling might create a difference of interpretation between the sender and the receiver which can be exploited by an attacker to forge an SMTP envelop, allowing for instance to...

7.1CVSS6.6AI score
Exploits0References4
Prion
Prion
added 2024/02/27 2:15 p.m.31 views

Design/Logic Flaw

Apache James prior to versions 3.8.1 and 3.7.5 is vulnerable to SMTP smuggling. A lenient behaviour in line delimiter handling might create a difference of interpretation between the sender and the receiver which can be exploited by an attacker to forge an SMTP envelop, allowing for instance to...

7AI score0.01045EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/02/27 12:0 a.m.3 views

PT-2024-14283 · Apache · Apache James

Name of the Vulnerable Software and Affected Versions: Apache James versions prior to 3.8.1 and 3.7.5 Description: A lenient behavior in line delimiter handling might create a difference of interpretation between the sender and the receiver, which can be exploited by an attacker to forge an SMTP...

7.1CVSS6.8AI score0.01045EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2023/11/22 12:0 a.m.6 views

PT-2023-32549 · Checkmk · Checkmk

Name of the Vulnerable Software and Affected Versions: Checkmk versions prior to 2.0.0p39 Checkmk versions prior to 2.1.0p37 Checkmk versions prior to 2.2.0p15 Description: The issue is related to the improper neutralization of livestatus command delimiters in the ajax search function, allowing...

8.8CVSS7.6AI score0.00857EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2020/04/28 3:35 p.m.2 views

rsyslog: heap-based overflow in contrib/pmaixforwardedfrom/pmaixforwardedfrom.c

An issue was discovered in Rsyslog v8.1908.0. contrib/pmaixforwardedfrom/pmaixforwardedfrom.c has a heap overflow in the parser for AIX log messages. The parser tries to locate a log message delimiter in this case, a space or a colon but fails to account for strings that do not satisfy this...

9.8CVSS7.5AI score0.04568EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/03/31 7:34 p.m.3 views

rsyslog: heap-based overflow in contrib/pmcisconames/pmcisconames.c

An issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconames/pmcisconames.c has a heap overflow in the parser for Cisco log messages. The parser tries to locate a log message delimiter in this case, a space or a colon, but fails to account for strings that do not satisfy this constraint. If...

9.8CVSS7.5AI score0.03066EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2020/03/31 12:0 a.m.37 views

SUSE SLES15 Security Update : spamassassin (SUSE-SU-2020:0813-1)

This update for spamassassin fixes the following issues : Security issues fixed : CVE-2018-11805: Fixed an issue with delimiter handling in rule files related to isregexpvalid bsc1118987. CVE-2020-1930: Fixed an issue with rule configuration .cf files which can be configured to run system command...

9.3CVSS6.7AI score0.07053EPSS
Exploits0References11
Rows per page
Query Builder