Lucene search
K

92 matches found

Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.18 views

PT-2026-51292

Name of the Vulnerable Software and Affected Versions Net::Statsite::Client versions prior to 1.1.1 Description Net::Statsite::Client, a client for the statsite protocol a variant of statsd, allows metric injections. This occurs because newlines are not removed from metric names, and values are n...

9.1CVSS5.9AI score0.00352EPSS
Exploits0References12
CVE
CVE
added 2026/05/08 2:33 p.m.28 views

CVE-2026-41570

PHPUnit versions 12.5.21 and 13.1.5 forward PHP INI settings to child processes as -d name=value without neutralizing metacharacters, allowing newline-based directive injection. This can lead to remote code execution via auto_prepend_file in the child process. Patches are available in PHPUnit 12....

7.8CVSS6.6AI score0.00191EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/05/07 7:16 p.m.30 views

CVE-2026-44244

GitPython is a python library used to interact with Git repositories. Prior to version 3.1.49, GitConfigParser.setvalue passes values to Python's configparser without validating for newlines. GitPython's own write converts embedded newlines into indented continuation lines e.g. \n becomes \n\t, b...

7.8CVSS0.00237EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2026/05/06 1:42 a.m.10 views

SUSE CVE-2026-32689

Allocation of Resources Without Limits or Throttling vulnerability in phoenixframework phoenix allows a denial of service via the long-poll transport's NDJSON body handling. In 'Elixir.Phoenix.Transports.LongPoll':publish/4, when a POST request is received with Content-Type: application/x-ndjson,...

8.7CVSS5.8AI score0.00469EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.9 views

Apache Thrift 路径遍历漏洞

Apache Thrift is a framework for cross-platform development developed by the Apache Foundation in the United States. Versions of Apache Thrift prior to 0.23.0 contained a path traversal vulnerability. This vulnerability was caused by source validation errors, path traversal, improper handling of...

7.3CVSS5.8AI score0.00394EPSS
Exploits0References1
OSV
OSV
added 2026/04/16 12:47 a.m.4 views

GHSA-47HF-23PW-3M8C Froxlor has a BIND Zone File Injection via Unsanitized DNS Record Content in DomainZones::add()

Summary DomainZones::add accepts arbitrary DNS record types without a whitelist and does not sanitize newline characters in the content field. When a DNS type not covered by the if/elseif validation chain is submitted e.g., NAPTR, PTR, HINFO, content validation is entirely bypassed. Embedded...

8.5CVSS5.9AI score0.00347EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/04/16 12:47 a.m.12 views

Froxlor has a BIND Zone File Injection via Unsanitized DNS Record Content in DomainZones::add()

Summary DomainZones::add accepts arbitrary DNS record types without a whitelist and does not sanitize newline characters in the content field. When a DNS type not covered by the if/elseif validation chain is submitted e.g., NAPTR, PTR, HINFO, content validation is entirely bypassed. Embedded...

8.5CVSS5.9AI score0.00347EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/03/25 11:34 a.m.6 views

CLSA-2026-1774438452 python3.11: Fix of 3 CVEs

CVE-2026-1299: Fix header injection; quote newlines in email headers and reject incorrectly folded LiteralHeader values during serialization with BytesGenerator. - CVE-2026-0865: Fix header injection via user-controlled header names and values containing newlines; sanitize and reject header names...

6CVSS7.1AI score0.0056EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/03/10 10:9 a.m.4 views

cpython: email header injection due to unquoted newlines

A flaw was found in the email module in the Python standard library. When serializing an email message, the BytesGenerator class fails to properly quote newline characters for email headers. This issue is exploitable when the LiteralHeader class is used as it does not respect email folding rules,...

6CVSS7.3AI score0.0056EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2026/02/11 12:0 a.m.5 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: postgresql-13 (UTSA-2026-005334)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005334 advisory. Improper neutralization of newlines in pgdump in PostgreSQL allows a user of the origin server to inject arbitrary code for restore-time execution as the client...

8.8CVSS6.3AI score0.0257EPSS
Exploits1References4
NVD
NVD
added 2026/01/23 5:16 p.m.5 views

CVE-2026-1299

The email module, specifically the "BytesGenerator" class, didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized. This is only applicable if using "LiteralHeader" writing headers that don't respect email foldin...

6CVSS0.0056EPSS
Exploits0References10
EUVD
EUVD
added 2026/01/21 12:31 a.m.3 views

EUVD-2026-3520

User-controlled header names and values containing newlines can allow injecting HTTP headers...

5.9CVSS5.4AI score0.00463EPSS
Exploits0References10
OSV
OSV
added 2026/01/20 12:8 p.m.6 views

CLSA-2026-1768587600 git: Fix of 2 CVEs

CVE-2025-52005: add sideband.allowControlCharacters config which gives a possibility to avoid control characters in sideband - CVE-2024-52006: fix newline confusion in credential helpers that can lead to credential exfiltration...

7.5CVSS7AI score0.01019EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.3 views

MiracleLinux 4 : rh-mysql57-mysql-5.7.19-6.AXS4 (AXSA:2017-2329:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-2329:01 advisory. An integer overflow flaw leading to a buffer overflow was found in the way MySQL parsed connection handshake packets. An unauthenticated remote...

7.8CVSS7.4AI score0.89924EPSS
Exploits19References58
OSV
OSV
added 2026/01/12 9:42 a.m.9 views

CLSA-2026-1768210963 git: Fix of 2 CVEs

CVE-2025-52005: add sideband.allowControlCharacters config which gives a possibility to avoid control characters in sideband - CVE-2024-52006: fix newline confusion in credential helpers that can lead to credential exfiltration...

7.5CVSS7AI score0.01019EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2025/11/01 10:54 a.m.3 views

Astra Linux – Vulnerability in PostgresSQL-15

Improper handling of newline characters in pgdump in PostgreSQL allows a user of the origin server to inject arbitrary code for execution during the restore process, through the client operating system account running psql. This occurs via psql meta-commands within a purpose-crafted object name...

8.8CVSS7.1AI score0.00385EPSS
Exploits0References3
OSV
OSV
added 2025/10/13 2:33 p.m.3 views

SUSE-SU-2025:03019-2 Security update for postgresql14

This update for postgresql14 fixes the following issues: Upgrade to 14.19: - CVE-2025-8713: optimizer statistics can expose sampled data within a view, partition, or child table bsc1248120. - CVE-2025-8714: untrusted data inclusion in pgdump lets superuser of origin server execute arbitrary code ...

8.8CVSS7.8AI score0.00709EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2025/10/08 2:48 p.m.11 views

netty-codec-http: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions

A flaw in Netty’s HTTP/1.1 chunked encoding parser allows newline LF characters in chunk extensions to be incorrectly treated as the end of the chunk-size line instead of requiring the proper CRLF sequence. This discrepancy can be exploited in rare cases where a reverse proxy interprets the same...

7.5CVSS7.1AI score0.00631EPSS
Exploits1References11
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-13200

Malware in sbrugna...

9.8CVSS9.2AI score0.01709EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-24809

Malicious code in bioql PyPI...

8.8CVSS7.5AI score0.00385EPSS
Exploits0References1
Rows per page
Query Builder