Lucene search
+L

389 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/10 6:2 p.m.3 views

CVE-2026-31794

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a segmentation fault from invalid/wild pointer read in CIccCLUT::Interp3d causing a denial of service. This vulnerability is fixed in 2.3.1.5...

5.5CVSS5.8AI score0.00152EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/03/10 6:2 p.m.11 views

CVE-2026-31794 iccDEV has a SEGV in CIccCLUT::Interp3d()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a segmentation fault from invalid/wild pointer read in CIccCLUT::Interp3d causing a denial of service. This vulnerability is fixed in 2.3.1.5...

5.5CVSS5.8AI score0.00152EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.6 views

PT-2026-24752

Shell Command Injection in User Git Config Endpoint | Field | Value | |-------|-------| | Severity | High | | CVSS 3.1 | 8.8 High — when chained with VULN-01 | | CWE | CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' | | Attack Vector | Network | |...

8.8CVSS6.3AI score0.06034EPSS
Exploits1References10
OSV
OSV
added 2026/03/09 7:55 p.m.9 views

GHSA-93FX-5QGC-WR38 AzuraCast: RCE via Liquidsoap string interpolation injection in station metadata and playlist URLs

Summary AzuraCast's ConfigWriter::cleanUpString method fails to sanitize Liquidsoap string interpolation sequences ..., allowing authenticated users with StationPermissions::Media or StationPermissions::Profile permissions to inject arbitrary Liquidsoap code into the generated configuration file...

8.7CVSS6AI score
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/03/09 7:55 p.m.10 views

AzuraCast: RCE via Liquidsoap string interpolation injection in station metadata and playlist URLs

Summary AzuraCast's ConfigWriter::cleanUpString method fails to sanitize Liquidsoap string interpolation sequences ..., allowing authenticated users with StationPermissions::Media or StationPermissions::Profile permissions to inject arbitrary Liquidsoap code into the generated configuration file...

6AI score
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/09 12:0 a.m.7 views

PT-2026-24106

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.23.22 and earlier, the PostgreSQL integration constructs shell commands using user-controlled configuration values database name, host, password, etc. without proper sanitization. The password and other...

8.6CVSS5.8AI score0.0048EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/03/07 5:49 a.m.29 views

CVE-2026-30830 Defuddle: XSS via unescaped string interpolation in _findContentBySchemaText image tag

Defuddle cleans up HTML pages. Prior to version 0.9.0, the findContentBySchemaText method in src/defuddle.ts interpolates image src and alt attributes directly into an HTML string without escaping. An attacker can use a " in the alt attribute to break out of the attribute context and inject event...

5.3CVSS0.00252EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/07 5:49 a.m.2 views

CVE-2026-30830 Defuddle: XSS via unescaped string interpolation in _findContentBySchemaText image tag

Defuddle cleans up HTML pages. Prior to version 0.9.0, the findContentBySchemaText method in src/defuddle.ts interpolates image src and alt attributes directly into an HTML string without escaping. An attacker can use a " in the alt attribute to break out of the attribute context and inject event...

5.3CVSS5.7AI score0.00252EPSS
Exploits1References2
OSV
OSV
added 2026/03/06 6:39 p.m.6 views

GHSA-5MQ8-78GM-PJMQ defuddle vulnerable to XSS via unescaped string interpolation in _findContentBySchemaText image tag

Summary The findContentBySchemaText method in src/defuddle.ts interpolates image src and alt attributes directly into an HTML string without escaping: typescript html += ; An attacker can use a " in the alt attribute to break out of the attribute context and inject event handlers. This is a...

5.3CVSS5.8AI score0.00252EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/03/06 6:39 p.m.8 views

defuddle vulnerable to XSS via unescaped string interpolation in _findContentBySchemaText image tag

Summary The findContentBySchemaText method in src/defuddle.ts interpolates image src and alt attributes directly into an HTML string without escaping: typescript html += ; An attacker can use a " in the alt attribute to break out of the attribute context and inject event handlers. This is a...

6.1CVSS5.8AI score0.00252EPSS
Exploits1References4Affected Software1
Redos
Redos
added 2026/02/24 12:0 a.m.8 views

ROS-20260224-73-0009

A vulnerability in the Apache Common Text library of FileMaker Server is related to improper control of code generation when using interpolation functions. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

9.8CVSS6.5AI score0.00936EPSS
Exploits0
CNNVD
CNNVD
added 2026/02/21 12:0 a.m.12 views

OpenSift 安全漏洞

OpenSift is an open-source artificial intelligence learning assistant developed by OpenSift. Versions of OpenSift 1.1.2-alpha and earlier contain security vulnerabilities. These vulnerabilities stem from the use of insecure HTML interpolation patterns in the chat tool’s UI interface, which render...

8.9CVSS5.6AI score0.00347EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/06 4:41 p.m.5 views

CVE-2026-23738

Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, user supplied/control values for Cookies and any GET variable query Parameter are directly interpolated into the HTML of the page using aststrappend. The...

3.5CVSS5.3AI score0.0016EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/02/06 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-23738

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, user...

6.1CVSS5.4AI score0.0016EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/01 6:27 a.m.2 views

Arbitrary Command Injection

Overview borgmatic is a Simple, configuration-driven backup software for servers and workstations Affected versions of this package are vulnerable to Arbitrary Command Injection via the command hook interpolation logic in borgmatic. An attacker can execute arbitrary shell commands by supplying...

9.8CVSS6AI score
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/09 8:42 a.m.19 views

CVE-2022-31180

Shescape is a simple shell escape package for JavaScript. Affected versions were found to have insufficient escaping of white space when interpolating output. This issue only impacts users that use the escape or escapeAll functions with the interpolation option set to true. The result is that if ...

9.8CVSS7.1AI score0.01541EPSS
Exploits1References1
Huntr
Huntr
added 2025/12/23 7:16 a.m.17 views

Command Injection via Malicious Model Artifacts

A command injection vulnerability exists in MLflow's model serving container initialization code. When deploying a model with envmanager=LOCAL, MLflow reads dependency specifications from the model artifact's pythonenv.yaml file and directly interpolates them into a shell command without...

10CVSS6.3AI score0.01994EPSS
Exploits1
NVD
NVD
added 2025/12/16 6:16 p.m.10 views

CVE-2025-46295

Apache Commons Text versions prior to 1.10.0 included interpolation features that could be abused when applications passed untrusted input into the text-substitution API. Because some interpolators could trigger actions like executing commands or accessing external resources, an attacker could...

9.8CVSS0.00936EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/16 6:7 p.m.5 views

CVE-2025-46295

Apache Commons Text versions prior to 1.10.0 included interpolation features that could be abused when applications passed untrusted input into the text-substitution API. Because some interpolators could trigger actions like executing commands or accessing external resources, an attacker could...

7.8AI score0.00936EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/16 6:7 p.m.38 views

CVE-2025-46295

Apache Commons Text versions prior to 1.10.0 included interpolation features that could be abused when applications passed untrusted input into the text-substitution API. Because some interpolators could trigger actions like executing commands or accessing external resources, an attacker could...

0.00936EPSS
Exploits0References1
Rows per page
Query Builder