Lucene search
K

90 matches found

CVE
CVE
added 3 days ago18 views

CVE-2026-46672

The CVE-2026-46672 entry describes a local CSV formula-injection flaw in the @actual-app/cli before version 26.6.0. The CLI uses a hand-rolled CSV serializer in packages/cli/src/output.ts with an escapeCsv that only neutralizes RFC 4180 delimiters (comma, quote, newline) and does not neutralize c...

4.6CVSS6.1AI score0.00188EPSS
Exploits0References4
OSV
OSV
added 2026/06/25 6:43 p.m.5 views

GO-2026-5182 OpenBao: LDAPi ldaputil (wrong escape func) in github.com/openbao/openbao

OpenBao: LDAPi ldaputil wrong escape func in github.com/openbao/openbao...

5.8AI score
Exploits0References4
OSV
OSV
added 2026/06/25 12:17 a.m.4 views

DEBIAN-CVE-2026-40079

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Command Injection due to lack of sanitization in the escapecommand function. The escapecommand function at lib/rrd.php is a no-op: it returns $command unchanged. The command line built ...

9.8CVSS5.8AI score0.01113EPSS
Exploits0References1
OSV
OSV
added 2026/06/25 12:17 a.m.4 views

UBUNTU-CVE-2026-40079

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Command Injection due to lack of sanitization in the escapecommand function. The escapecommand function at lib/rrd.php is a no-op: it returns $command unchanged. The command line built ...

9.8CVSS5.7AI score0.01113EPSS
Exploits0References4
OSV
OSV
added 2026/06/19 9:42 p.m.8 views

GHSA-6MWX-4547-5VC9 OpenBao: LDAPi ldaputil (wrong escape func)

Description Component sdk/helper/ldaputil/client.go — the shared LDAP utility library used by both the LDAP authentication backend and OpenLDAP secrets engine to construct LDAP search filters and bind DNs. Root Cause The LDAP utility contains a function selection error that causes incorrect...

6.8CVSS6.1AI score
Exploits0References5
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.10 views

Astra Linux – Vulnerability in glib2.0

A heap-based buffer overflow issue was discovered in glib due to an incorrect calculation of the buffer size in the gescapeuristring function. If the string to be escaped contains a very large number of unacceptable characters which would require escaping, the calculation of the length of the...

7.7CVSS6.9AI score0.00306EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.12 views

PT-2026-51108

Name of the Vulnerable Software and Affected Versions OpenBao affected versions not specified Description An issue exists in the shared LDAP utility library sdk/helper/ldaputil/client.go used by the LDAP authentication backend and OpenLDAP secrets engine. The GetUserDN function incorrectly uses...

6.8CVSS6AI score
Exploits0References7
CVE
CVE
added 2026/06/12 5:34 p.m.47 views

CVE-2026-44172

CVE-2026-44172 affects MariaDB (community fork of MySQL). In versions 3.3.18 and 3.4.8, non-validated user input escaped with mysql_real_escape_string() and sent via text protocol using the big5 character set could be exploited for SQL injection, despite the escaping attempt. The issue has been p...

9.8CVSS5.5AI score0.00419EPSS
Exploits0References11Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/14 10:27 a.m.15 views

CVE-2026-8295

An integer overflow vulnerability in the simdjson document-builder API allows incorrect buffer size calculations in "stringbuilder::escapeandappend" when processing very large input strings on platforms with limited "sizet" width e.g., 32-bit builds. The overflow can cause insufficient buffer...

6.9CVSS5.9AI score0.00279EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/08 3:42 p.m.71 views

CVE-2026-42794 Reflected XSS via backslash bypass in GraphiQL js_escape in absinthe_plug

Improper Neutralization of Input During Web Page Generation XSS vulnerability in absinthe-graphql absintheplug allows reflected cross-site scripting via the GraphiQL interface. 'Elixir.Absinthe.Plug.GraphiQL':jsescape/1 in lib/absinthe/plug/graphiql.ex escapes single quotes and newlines in the...

2.3CVSS0.00282EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/04/22 8:25 p.m.15 views

i18next-http-middleware: HTTP response splitting and DoS via unsanitised Content-Language header

Summary Versions of i18next-http-middleware prior to 3.9.3 wrote user-controlled language values into the Content-Language response header after passing them through utils.escape, which is an HTML-entity encoder that does not strip carriage return, line feed, or other control characters. When the...

8.6CVSS5.9AI score0.00327EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/04/15 7:46 p.m.3 views

GHSA-G82G-M9VX-VHJG Kimai has Stored XSS via Incomplete HTML Attribute Escaping in Team Member Widget

Summary The client-side escapeForHtml function in KimaiEscape.js, introduced in commit 89bfa82c 2959 to fix a JavaScript XSS vulnerability, only escapes , and & but does not escape " double quote or ' single quote. When user-controlled data profile alias is placed in an HTML attribute context...

5.4CVSS5.9AI score0.00207EPSS
Exploits1References5
EUVD
EUVD
added 2026/03/11 7:53 p.m.6 views

EUVD-2026-11333

Shescape escape leaves bracket glob expansion active on Bash, BusyBox, and Dash...

6.9CVSS5.8AI score0.00214EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/03/11 7:50 p.m.32 views

CVE-2026-32094 Shescape escape() leaves bracket glob expansion active on Bash, BusyBox, and Dash

Shescape is a simple shell escape library for JavaScript. Prior to 2.1.10, Shescapeescape does not escape square-bracket glob syntax for Bash, BusyBox sh, and Dash. Applications that interpolate the return value directly into a shell command string can cause an attacker-controlled value like...

6.9CVSS0.00214EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/11 7:50 p.m.3 views

CVE-2026-32094 Shescape escape() leaves bracket glob expansion active on Bash, BusyBox, and Dash

Shescape is a simple shell escape library for JavaScript. Prior to 2.1.10, Shescapeescape does not escape square-bracket glob syntax for Bash, BusyBox sh, and Dash. Applications that interpolate the return value directly into a shell command string can cause an attacker-controlled value like...

6.9CVSS5.8AI score0.00214EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2026/02/02 1:53 a.m.9 views

glib: Integer overflow in in g_escape_uri_string()

A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the gescapeuristring function. If the string to escape contains a very large number of unacceptable characters which would need escaping, the calculation of the length of the escaped string...

7.7CVSS6AI score0.00306EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2026/01/27 7:32 a.m.12 views

Moderate: Red Hat Security Advisory: glib2 security update

An update for glib2 is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

7.7CVSS6.8AI score0.00306EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/01/09 8:42 a.m.19 views

CVE-2022-31180

Shescape is a simple shell escape package for JavaScript. Affected versions were found to have insufficient escaping of white space when interpolating output. This issue only impacts users that use the escape or escapeAll functions with the interpolation option set to true. The result is that if ...

9.8CVSS7.1AI score0.01541EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.13 views

EUVD-2015-7774

Malware in sbrugna...

7.5CVSS6.4AI score0.02482EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.24 views

EUVD-2017-0075

Malware in sbrugna...

6.1CVSS6AI score0.00923EPSS
Exploits1References8
Rows per page
Query Builder