106 matches found
Pymetasploit3 安全漏洞
Pymetasploit3 is an automated library developed by Dan McInerney. Versions of pymetasploit3 prior to 1.0.6 contain security vulnerabilities. These vulnerabilities stem from the console.runmodulewithoutput function, which allows for the injection of line breaks into module options, potentially...
H3 注入漏洞
H3 is an open-source HTTP framework developed by H3. Versions prior to H3 1.15.6, as well as versions 2.0.0 to 2.0.1-rc.14, have a vulnerability related to injection attacks. This vulnerability stems from the lack of line break cleaning in the createEventStream function, which may allow the serve...
CVE-2026-24001
A flaw was found in jsdiff. A specially crafted patch input containing specific line break characters can cause the parsePatch method to enter an infinite loop, leading to uncontrolled memory consumption and a process crash, resulting in a denial of service. The applyPatch method is similarly...
CPython security vulnerabilities
CPython is a Python interpreter implemented in C language by the Python Foundation. CPython has a security vulnerability that stems from the email module’s improper handling of line breaks during email serialization, which may lead to header injection attacks...
DEBIAN-CVE-2026-24001
jsdiff is a JavaScript text differencing implementation. Prior to versions 8.0.3, 5.2.2, 4.0.4, and 3.5.1, attempting to parse a patch whose filename headers contain the line break characters \r, \u2028, or \u2029 can cause the parsePatch method to enter an infinite loop. It then consumes memory...
CVE-2026-24001
jsdiff is a JavaScript text differencing implementation. Prior to versions 8.0.3, 5.2.2, 4.0.4, and 3.5.1, attempting to parse a patch whose filename headers contain the line break characters \r, \u2028, or \u2029 can cause the parsePatch method to enter an infinite loop. It then consumes memory...
CVE-2026-24001
jsdiff is a JavaScript text differencing implementation. Prior to versions 8.0.3, 5.2.2, 4.0.4, and 3.5.1, attempting to parse a patch whose filename headers contain the line break characters \r, \u2028, or \u2029 can cause the parsePatch method to enter an infinite loop. It then consumes memory...
CVE-2026-24001 jsdiff has a Denial of Service vulnerability in parsePatch and applyPatch
jsdiff is a JavaScript text differencing implementation. Prior to versions 8.0.3, 5.2.2, 4.0.4, and 3.5.1, attempting to parse a patch whose filename headers contain the line break characters \r, \u2028, or \u2029 can cause the parsePatch method to enter an infinite loop. It then consumes memory...
CVE-2026-24001 jsdiff has a Denial of Service vulnerability in parsePatch and applyPatch
jsdiff is a JavaScript text differencing implementation. Prior to versions 8.0.3, 5.2.2, 4.0.4, and 3.5.1, attempting to parse a patch whose filename headers contain the line break characters \r, \u2028, or \u2029 can cause the parsePatch method to enter an infinite loop. It then consumes memory...
CVE-2026-24001
CVE-2026-24001 concerns jsdiff, a JavaScript diff library. The description documents a denial-of-service vulnerability: if patch filenames contain line break characters (\r, \u2028, or \u2029), parsePatch can loop infinitely and exhaust memory, crashing the process. The issue affects versions pri...
CVE-2026-24001
jsdiff is a JavaScript text differencing implementation. Prior to versions 8.0.3, 5.2.2, 4.0.4, and 3.5.1, attempting to parse a patch whose filename headers contain the line break characters \r, \u2028, or \u2029 can cause the parsePatch method to enter an infinite loop. It then consumes memory...
jsdiff security vulnerabilities
jsdiff is a text comparison library developed by Kevin Decker. Versions of jsdiff prior to 8.0.3, 5.2.2, 4.0.4, and 3.5.1 contained security vulnerabilities. These vulnerabilities stemmed from improper handling of patch files containing specific line breaks, which could lead to infinite loops and...
Incus injection vulnerability
Incus is a system container and virtual machine manager developed by LXC. Versions of Incus prior to 6.20.0 have a vulnerability that allows for injection attacks. This vulnerability stems from the ability to add arbitrary lifecycle hooks in container configurations through line breaks, potential...
CPython security vulnerabilities
CPython is a Python interpreter implemented in C language by the Python Foundation. CPython has security vulnerabilities, where user-controlled headers containing line breaks can lead to HTTP header injection attacks...
CPython security vulnerabilities
CPython is a Python interpreter implemented in C language by the Python Foundation. CPython has security vulnerabilities, which stem from the possibility of injecting additional commands through line breaks when user-controlled commands are passed...
CPython security vulnerabilities
CPython is a Python interpreter implemented in C language by the Python Foundation. CPython has security vulnerabilities, which stem from the possibility of injecting additional commands through line breaks when user-controlled commands are passed...
CPython security vulnerabilities
CPython is a Python interpreter implemented in C language by the Python Foundation. CPython has security vulnerabilities, which stem from allowing header injection via line breaks when parsing data URLs that are controlled by users...
Log Injection
Jenkins is vulnerable to Log Injection. The vulnerability is due to insufficient restriction or sanitization of user-supplied content in log messages, which allows an attacker to inject line break characters and forge log entries, misleading administrators during log reviews...
EUVD-2003-0969
Malware in sbrugna...
EUVD-2025-29721
Malicious code in bioql PyPI...