CVE-2026-48695

FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the MikroTik router integration plugin. The log function in src/mikrotikplugin/fastnetmonmikrotik.php lines 107-108 constructs shell commands by concatenating the $msg parameter directly into exec calls:...

CVE-2026-47075

Improper Neutralization of CRLF Sequences vulnerability in benoitc hackney allows HTTP Request Splitting. hackney does not percent-encode carriage return \r or line feed \n characters in the URL query component before constructing the HTTP/1.1 request target. Characters outside the grammar define...

CVE-2026-47072

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in benoitc hackney allows HTTP Request/Response Splitting. The WebSocket upgrade code in src/hackneyws.erl copies the host, path, headers ExtraHeaders, and protocols options from the caller-supplied opts map into the interna...

CVE-2026-47072 CRLF injection in WebSocket upgrade request in hackney

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in benoitc hackney allows HTTP Request/Response Splitting. The WebSocket upgrade code in src/hackneyws.erl copies the host, path, headers ExtraHeaders, and protocols options from the caller-supplied opts map into the interna...

CVE-2026-47075

CVE-2026-47075 describes a CRLF injection in Hackney’s URL query handling. Hackney does not percent-encode CR/LF characters in the query string before forming the HTTP/1.1 request target, allowing an attacker who controls the URL to inject raw CRLF sequences and potentially perform HTTP header in...

CVE-2026-47075 CR/LF injection in query parameter in hackney

Improper Neutralization of CRLF Sequences vulnerability in benoitc hackney allows HTTP Request Splitting. hackney does not percent-encode carriage return \r or line feed \n characters in the URL query component before constructing the HTTP/1.1 request target. Characters outside the grammar define...

EUVD-2026-31687

Improper Neutralization of CRLF Sequences vulnerability in benoitc hackney allows HTTP Request Splitting. hackney does not percent-encode carriage return \r or line feed \n characters in the URL query component before constructing the HTTP/1.1 request target. Characters outside the grammar define...

CVE-2018-25356

A flaw was found in SIPp. A local attacker can exploit a buffer overflow vulnerability by providing oversized input to command-line arguments, such as -3pcc, -i, or -logfile. This can lead to arbitrary code execution or cause the application to crash, resulting in a denial of service...

Cross-site Scripting (XSS)

Overview echarts is an Apache ECharts is a powerful, interactive charting and data visualization library for browser Affected versions of this package are vulnerable to Cross-site Scripting XSS in the tooltip rendering when both Lines series and tooltip are used without a user-specified...

CVE-2026-9277

A flaw was found in the shell-quote component. The quote function did not properly validate object-token inputs, allowing line terminators to pass unescaped into the output. A remote attacker could exploit this vulnerability by providing specially crafted input, which a POSIX shell would interpre...

PT-2026-43071

Name of the Vulnerable Software and Affected Versions hackney versions 0 through 4.0.0 Description Improper Neutralization of CRLF Sequences allows HTTP Request Splitting. The software fails to percent-encode carriage return r or line feed characters in the URL query component before constructing...

ROS-20260525-73-0003

Vulnerability in awscli2 related to the use of an invalid referenced name. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

PT-2026-43066

Name of the Vulnerable Software and Affected Versions hackney versions 0.9.0 through 4.0.0 Description Improper Neutralization of CRLF Sequences, also known as CRLF Injection, allows HTTP Response Splitting. The setcookie/3 function in src/hackney cookie.erl validates Name and Value arguments...

Linux Distros Unpatched Vulnerability : CVE-2026-9277

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - shell-quote's quote function did not validate object-token inputs against the operator model used by parse. The .op field was backslash-escaped character by...

Hackney 安全漏洞

Hackney is a program library from Hackney, Inc. A security vulnerability exists in hackney versions prior to 0.9.0 through 4.0.1, which stems from a lack of CRLF sequence checking of the domain and path options in the cookie setup function, which could lead to HTTP response splitting...

Hackney 安全漏洞

Hackney is a program library from Hackney, Inc. A security vulnerability exists in hackney versions prior to 2.0.0 through 4.0.1, which stems from a failure to strip CRLF sequences in WebSocket upgrade code, which could lead to HTTP request/response splitting...

PT-2026-43069

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in benoitc hackney allows HTTP Request/Response Splitting. The WebSocket upgrade code in src/hackney ws.erl copies the host, path, headers ExtraHeaders, and protocols options from the caller-supplied opts map into the intern...

CVE-2026-9369

A security flaw has been discovered in NousResearch hermes-agent 2026.4.23. Affected is the function discoverdashboardplugins of the file hermescli/webserver.py of the component CLI web-dashboard Interface. Performing a manipulation of the argument HERMESENABLEPROJECTPLUGINS results in incorrect...

ROS-20260524-73-0045

A vulnerability in the Jenkins Automation Server built-in command line interface CLI is related to the dependency of critical actions on reverse DNS resolution. Exploitation of the vulnerability could allow a remote attacker to realize a CSWSH Cross-Site WebSocket Hijacking attack...

MAL-2026-4630 Malicious code in openprompt-lang (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2c9966d5fe1ab82b40fd24082c36cc9acf5677772768f75b30cda755d9cdd98f scripts/postinstall.js runs unconditionally during npm install. When the opencode binary is not on PATH true for nearly every fresh install, it...