Lucene search
+L

494 matches found

OSV
OSV
added 2026/05/04 5:52 a.m.3 views

CVE-2026-43861

mutt before 2.3.2 does not check for '\0' in urlpctdecode...

3.7CVSS5.9AI score0.00162EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/04/24 8:32 p.m.5 views

CVE-2026-35380

A logic error in the cut utility of uutils coreutils causes the program to incorrectly interpret the literal two-byte string '' two single quotes as an empty delimiter. The implementation mistakenly maps this string to the NUL character for both the -d delimiter and --output-delimiter options. Th...

5.5CVSS5.5AI score0.00157EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/04/22 6:31 p.m.13 views

uutils coreutils has an Improper Input Validation Issue in its cut Utility

A logic error in the cut utility of uutils coreutils causes the program to incorrectly interpret the literal two-byte string '' two single quotes as an empty delimiter. The implementation mistakenly maps this string to the NUL character for both the -d delimiter and --output-delimiter options. Th...

5.5CVSS5.5AI score0.00157EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/22 4:9 p.m.4 views

CVE-2026-35380 uutils coreutils cut Local Logic Error and Data Integrity Issue in Delimiter Parsing

A logic error in the cut utility of uutils coreutils causes the program to incorrectly interpret the literal two-byte string '' two single quotes as an empty delimiter. The implementation mistakenly maps this string to the NUL character for both the -d delimiter and --output-delimiter options. Th...

5.5CVSS5.8AI score0.00157EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/04/22 4:9 p.m.32 views

CVE-2026-35380 uutils coreutils cut Local Logic Error and Data Integrity Issue in Delimiter Parsing

A logic error in the cut utility of uutils coreutils causes the program to incorrectly interpret the literal two-byte string '' two single quotes as an empty delimiter. The implementation mistakenly maps this string to the NUL character for both the -d delimiter and --output-delimiter options. Th...

5.5CVSS0.00157EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.12 views

PT-2026-34516

A logic error in the cut utility of uutils coreutils causes the program to incorrectly interpret the literal two-byte string '' two single quotes as an empty delimiter. The implementation mistakenly maps this string to the NUL character for both the -d delimiter and --output-delimiter options. Th...

5.5CVSS5.8AI score0.00157EPSS
Exploits1References3
OSV
OSV
added 2026/03/19 6:4 p.m.6 views

MGASA-2026-0059 Updated openssh packages fix security vulnerabilities

ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence expansion of a configuration file. CVE-2025-61984...

3.6CVSS6.6AI score0.00284EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2026/03/17 12:0 a.m.4 views

EulerOS Virtualization 2.12.1 : openssh (EulerOS-SA-2026-1449)

According to the versions of the openssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand i...

3.6CVSS6.3AI score0.00284EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2026/03/11 12:0 a.m.6 views

SUSE SLES15 Security Update : valkey (SUSE-SU-2026:0848-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0848-1 advisory. Update to version 8.0.7. Security issues fixed: - CVE-2025-67733: data tampering and denial of service via improper null character...

8.5CVSS5.9AI score0.00586EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/03/05 12:0 a.m.9 views

RockyLinux 10 : valkey (RLSA-2026:3443)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:3443 advisory. Valkey: Valkey: Data tampering and denial of service via improper null character handling in Lua scripts CVE-2025-67733 valkey: Valkey: Denial of Servic...

8.5CVSS6AI score0.00586EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/03/03 9:29 a.m.3 views

Astra Linux – Vulnerability in c-ares

c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and, if using a c-ares version prior to 1.27.0, the /etc/hosts file. If any of these configuration files contains a NULL...

5.5CVSS6.4AI score0.00349EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/02/26 3:21 p.m.14 views

Valkey: Valkey: Data tampering and denial of service via improper null character handling in Lua scripts

A flaw was found in Valkey, a distributed key-value database. A malicious user can exploit this vulnerability by using scripting commands to inject arbitrary information into the response stream. This is caused by improper handling of null characters in the error handling code for Lua scripts...

8.5CVSS5.9AI score0.00586EPSS
Exploits0References5
OSV
OSV
added 2026/02/26 8:53 a.m.9 views

BIT-VALKEY-2025-67733 Valkey Affected by RESP Protocol Injection via Lua error_reply

Valkey is a distributed key-value database. Prior to versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12, a malicious user can use scripting commands to inject arbitrary information into the response stream for the given client, potentially corrupting or returning tampered data to other users on the same...

8.5CVSS5.8AI score0.00586EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/02/24 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2025-67733

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Valkey is a distributed key-value database. Prior to versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12, a malicious user can use scripting commands to inject arbitrary...

8.5CVSS5.7AI score0.00586EPSS
Exploits0References2
OSV
OSV
added 2026/02/23 8:28 p.m.11 views

ALPINE-CVE-2025-67733

Valkey is a distributed key-value database. Prior to versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12, a malicious user can use scripting commands to inject arbitrary information into the response stream for the given client, potentially corrupting or returning tampered data to other users on the same...

7.1CVSS6AI score0.00586EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/02/16 12:0 a.m.10 views

MiracleLinux 8 : php:7.4 (AXSA:2026-182:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-182:01 advisory. php: Leak partial content of the heap through heap buffer over-read in mysqlnd CVE-2024-8929 php: Single byte overread with...

9.8CVSS7.9AI score0.02286EPSS
Exploits10References14
RedHat Linux
RedHat Linux
added 2026/02/10 8:28 p.m.2 views

php: PHP Hostname Null Character Vulnerability

A flaw was found in PHP. The fsockopen function and related functions fail to validate NULL characters within the provided hostname, potentially leading to unexpected behavior during parsing. This flaw allows a network attacker to supply a specially crafted hostname. This issue can result in a...

5.3CVSS5.7AI score0.00514EPSS
Exploits1References5
OSV
OSV
added 2026/02/10 12:0 a.m.8 views

ALSA-2026:2470 Moderate: php:7.4 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: Leak partial content of the heap through heap buffer over-read in mysqlnd CVE-2024-8929 php: Single byte overread with convert.quoted-printable-decode filter CVE-2024-11233 php: Configuring ...

9.8CVSS6AI score0.02286EPSS
Exploits10References28
Broadcom
Broadcom
added 2026/02/04 12:0 a.m.21 views

OpenSSH security update (CVE-2025-61984)

ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence expansion of a configuration file. A configuration...

3.6CVSS6.3AI score0.00284EPSS
Exploits2
RedHat Linux
RedHat Linux
added 2026/02/03 1:31 p.m.30 views

openssh: OpenSSH: Null character in ssh:// URI can lead to code execution via ProxyCommand

A flaw was found in OpenSSH where the SSH client accepted \0 null characters in ssh:// URIs. When a ProxyCommand is configured, these characters could alter how the command is parsed, potentially leading to code execution depending on how the proxy is set up...

3.6CVSS6.7AI score0.00118EPSS
Exploits0References7
Rows per page
Query Builder