Lucene search
K

18 matches found

OSV
OSV
added 2026/06/12 12:28 p.m.6 views

OESA-2026-2679 python-webob security update

WebOb provides wrappers around the WSGI request environment, and an object to help create WSGI responses. The objects map much of the specified behavior of HTTP, including header parsing and accessors for other standard parts of the environment. Security Fixes: Impact When WebOb normalizes the HT...

6.1CVSS5.3AI score0.00161EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in symfony

symfony/validator is a module for the Symphony PHP framework that provides tools for validating values. It’s possible to trick a Validator configured with a regular expression using the $ metacharacter, especially when the input ends with \n. Starting from versions 5.4.43, 6.4.11, and 7.1.4,...

3.1CVSS5.8AI score0.00465EPSS
Exploits0References2
CloudLinux
CloudLinux
added 2026/05/08 11:42 a.m.12 views

httpd: Fix of 2 CVEs

CVE-2017-15710: modauthnzldap out-of-bounds write when accept-language header value is shorter than two characters - CVE-2017-15715: regex anchor in / can match before an embedded newline, allowing .htaccess bypass of trailing-extension filters...

8.1CVSS6.7AI score0.86006EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/04/01 5:1 a.m.4 views

CVE-2026-30312

DSAI-Cline's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on string-based parsing to validate commands; while it intercepts dangerous operators such as ;, &&, ||, |, and...

9.8CVSS6.1AI score0.01659EPSS
Exploits0References1
NVD
NVD
added 2026/03/31 3:16 p.m.6 views

CVE-2026-30312

DSAI-Cline's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on string-based parsing to validate commands; while it intercepts dangerous operators such as ;, &&, ||, |, and...

9.8CVSS0.01659EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/31 4:59 a.m.3 views

CVE-2026-30313

DSAI-Cline's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on string-based parsing to validate commands; while it intercepts dangerous operators such as ;, &&, ||, |, and...

9.8CVSS6.1AI score0.01145EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/31 12:0 a.m.2 views

CVE-2026-30312

DSAI-Cline's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on string-based parsing to validate commands; while it intercepts dangerous operators such as ;, &&, ||, |, and...

6.1AI score0.01659EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/31 12:0 a.m.22 views

CVE-2026-30312

DSAI-Cline's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on string-based parsing to validate commands; while it intercepts dangerous operators such as ;, &&, ||, |, and...

0.01659EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/30 12:0 a.m.4 views

PT-2026-29121

Name of the Vulnerable Software and Affected Versions DSAI-Cline affected versions not specified Description The command auto-approval module in DSAI-Cline has a critical operating system command injection flaw. The security mechanism, which uses a whitelist, is ineffective because the system...

9.8CVSS6AI score0.01145EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/30 12:0 a.m.3 views

CVE-2026-30313

DSAI-Cline's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on string-based parsing to validate commands; while it intercepts dangerous operators such as ;, &&, ||, |, and...

6.1AI score0.01145EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/24 9:31 p.m.4 views

EUVD-2026-14952

Host and event action script input is validated with a regex set by the administrator, but the validation runs in multiline mode. If ^ and $ anchors are used in user input validation, an injected newline lets authenticated users bypass the check and inject shell commands...

7.7CVSS5.8AI score0.00248EPSS
Exploits0References2
OSV
OSV
added 2026/03/24 7:16 p.m.3 views

DEBIAN-CVE-2026-23920

Host and event action script input is validated with a regex set by the administrator, but the validation runs in multiline mode. If ^ and $ anchors are used in user input validation, an injected newline lets authenticated users bypass the check and inject shell commands...

7.7CVSS5.2AI score0.00248EPSS
Exploits0References1
OSV
OSV
added 2024/11/06 9:15 p.m.3 views

DEBIAN-CVE-2024-50343

symfony/validator is a module for the Symphony PHP framework which provides tools to validate values. It is possible to trick a Validator configured with a regular expression using the $ metacharacters, with an input ending with \n. Symfony as of versions 5.4.43, 6.4.11, and 7.1.4 now uses the D...

3.1CVSS4.6AI score0.00465EPSS
Exploits0References1
Snyk
Snyk
added 2024/11/06 12:41 p.m.2 views

Misinterpretation of Input

Overview Affected versions of this package are vulnerable to Misinterpretation of Input containing a \n. Several validations expect line ending characters to be matched by $, but a malicious user can bypass those validations to cause invalid input to be treated as valid. Remediation Upgrade...

6.9CVSS6.8AI score0.00465EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/04/17 12:0 a.m.6 views

PT-2024-24591 · Phlex · Phlex

Name of the Vulnerable Software and Affected Versions: phlex versions prior to 1.10.1 phlex versions prior to 1.9.2 phlex versions prior to 1.8.3 phlex versions prior to 1.7.2 phlex versions prior to 1.6.3 phlex versions prior to 1.5.3 phlex versions prior to 1.4.2 Description: There is a potenti...

7.1CVSS6AI score0.00575EPSS
Exploits0References14
UbuntuCve
UbuntuCve
added 2023/06/19 11:15 a.m.18 views

CVE-2023-29542

A newline in a filename could have been used to bypass the file extension security mechanisms that replace malicious file extensions such as .lnk with .download. This could have led to accidental execution of malicious code. This bug only affects Firefox and Thunderbird on Windows. Other versions...

9.8CVSS7AI score0.0094EPSS
Exploits0References3
Prion
Prion
added 2023/06/19 11:15 a.m.17 views

Design/Logic Flaw

A newline in a filename could have been used to bypass the file extension security mechanisms that replace malicious file extensions such as .lnk with .download. This could have led to accidental execution of malicious code. This bug only affects Firefox and Thunderbird on Windows. Other versions...

7.5CVSS8.8AI score0.0094EPSS
Exploits0References5Affected Software3
Positive Technologies
Positive Technologies
added 2023/05/24 12:0 a.m.3 views

PT-2023-12076 · Unknown · Ingress-Nginx

Name of the Vulnerable Software and Affected Versions: ingress-nginx affected versions not specified Description: A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use a newline character to bypass the sanitization of the...

7.6CVSS6.4AI score0.00694EPSS
Exploits0References10
Rows per page
Query Builder