PT-2026-44137

Description Symfony Mailer selects a transport via the MAILER DSN environment variable / configuration e.g. smtp://..., sendmail://..., native://default. SendmailTransport invokes the local sendmail binary and supports two modes: -bs speak SMTP over stdin: the default and -t read the message on...

CVE-2026-42526

In the AWS Secrets Manager and SSM Parameter Store secrets backends of apache-airflow-providers-amazon prior to 9.28.0, the team-scoping logic could resolve a connid containing a / e.g. "myteam/conn" to the same path as another team's team-scoped secret when the caller had no team context. A...

PT-2026-24612

In MariaDB server version through 11.8.5, when server audit plugin is enabled with server audit events variable configured with QUERY DCL, QUERY DDL, or QUERY DML filtering, if an authenticated database user invokes a SQL statement prefixed with double-hyphen — or hash style comments, the stateme...

CVE-2026-3494

In MariaDB server version through 11.8.5, when server audit plugin is enabled with serverauditevents variable configured with QUERYDCL, QUERYDDL, or QUERYDML filtering, if an authenticated database user invokes a SQL statement prefixed with double-hyphen — or hash style comments, the statement is...

EUVD-2026-9311

In MariaDB server version through 11.8.5, when server audit plugin is enabled with serverauditevents variable configured with QUERYDCL, QUERYDDL, or QUERYDML filtering, if an authenticated database user invokes a SQL statement prefixed with double-hyphen — or hash style comments, the statement is...

CVE-2026-3494

Disclaimer: This data contains information about vulnerable...

CVE-2024-21533

All versions of the package ggit are vulnerable to Arbitrary Argument Injection via the clone API, which allows specifying the remote URL to clone and the file on disk to clone to. The library does not sanitize for user input or validate a given URL scheme, nor does it properly pass command-line...

PT-2023-33027 · Unknown · Uptime Kuma

Name of the Vulnerable Software and Affected Versions: Uptime Kuma affected versions not specified Description: The issue concerns a command injection vulnerability in Uptime Kuma. Specifically, the runTailscalePing method of the TailscalePing class injects the hostname parameter inside a shell...

SUSE CVE-2015-6784

The page serializer in Google Chrome before 47.0.2526.73 mishandles Mark of the Web MOTW comments for URLs containing a "--" sequence, which might allow remote attackers to inject HTML via a crafted URL, as demonstrated by an initial http://example.com?-- substring...

CLSA-2023-1675984682 sudo: Fix of CVE-2023-22809

CVE-2023-22809: do not permit editor arguments to include "--"...

CLSA-2023-1675984342 sudo: Fix of CVE-2023-22809

CVE-2023-22809: do not permit editor arguments to include "--"...

GHSA-W222-53C6-C86P Remote Code Execution in electron

Affected versions of electron may be susceptible to a remote code execution flaw when certain conditions are met: 1. The electron application is running on Windows. 2. The electron application registers as the default handler for a protocol, such as nodeapp://. This vulnerability is caused by a...

UBUNTU-CVE-2017-1000083

backend/comics/comics-document.c aka the comic book backend in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as demonstrated by a...

Google Chrome HTML Injection Vulnerability

Google Chrome is a web browser developed by the American company Google Google. A security vulnerability exists in the page serializer of Google Chrome versions prior to 47.0.2526.73, which stems from the program's failure to properly handle Mark of the Web MOTW annotations for URLs containing th...

UBUNTU-CVE-2015-6784

The page serializer in Google Chrome before 47.0.2526.73 mishandles Mark of the Web MOTW comments for URLs containing a "--" sequence, which might allow remote attackers to inject HTML via a crafted URL, as demonstrated by an initial http://example.com?-- substring...

DEBIAN-CVE-2015-0885

checkpw 1.02 and earlier allows remote attackers to cause a denial of service infinite loop via a -- dash dash in a username...

UBUNTU-CVE-2015-0885

checkpw 1.02 and earlier allows remote attackers to cause a denial of service infinite loop via a -- dash dash in a username...

USN-2455-1 bsd-mailx vulnerability

It was discovered that bsd-mailx contained a feature that allowed syntactically valid email addresses to be treated as shell commands. A remote attacker could possibly use this issue with a valid email address to execute arbitrary commands. This functionality has now been disabled by default, and...