samba: Samba: Remote Code Execution in printing subsystem via unescaped job description

A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the "print command" setting via the "%J" substitution character without escaping shell meta characters. A remote attacker could exploit this vulnerability by...

CVE-2026-48598

Improper Encoding or Escaping of Output vulnerability in elixir-tesla tesla allows multipart part header injection via unescaped Content-Disposition parameter values. Tesla.Multipart.partheadersfordisposition/1 interpolates each disposition parameter as k="v" with no validation of CR \r, LF \n, o...

ALPINE-CVE-2026-4480

A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the "print command" setting via the "%J" substitution character without escaping shell meta characters. A remote attacker could exploit this vulnerability by...

CVE-2026-44294

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs generated JavaScript property accessors from schema-controlled field and oneof names. Certain control characters in field names were not escaped before being embedded into generated functio...

LDAP Injection

Overview Affected versions of this package are vulnerable to LDAP Injection through the Lookup and AuthPlain functions in internal/auth/ldap/ldap.go. An attacker can authenticate or enumerate accounts by supplying a username that contains LDAP filter metacharacters, causing the username to be...

GHSA-4F7C-PMJV-C25W Apache Log4net: Silent log event loss in XmlLayout and XmlLayoutSchemaLog4J due to unescaped XML 1.0 forbidden characters

Apache Log4net's XmlLayout https://logging.apache.org/log4net/manual/configuration/layouts.htmllayout-list and XmlLayoutSchemaLog4J https://logging.apache.org/log4net/manual/configuration/layouts.htmllayout-list , in versions before 3.3.0, fail to sanitize characters forbidden by the XML 1.0...

CVE-2026-40023

CVE-2026-40023 concerns Apache Log4cxx XMLLayout (pre-1.7.0) that fails to sanitize XML 1.0 forbidden characters in log messages, NDC, and MDC keys/values, producing invalid XML. Conforming parsers may reject such documents, potentially dropping or failing to index affected records and impairing ...

PraisonAI: Shell Injection in run_python() via Unescaped $() Substitution

Summary runpython in praisonai constructs a shell command string by interpolating user-controlled code into python3 -c "" and passing it to subprocess.run..., shell=True. The escaping logic only handles \ and ", leaving $ and backtick substitutions unescaped, allowing arbitrary OS command executi...

CVE-2026-22743

Spring AI's spring-ai-neo4j-store contains a Cypher injection vulnerability in Neo4jVectorFilterExpressionConverter. When a user-controlled string is passed as a filter expression key in Neo4jVectorFilterExpressionConverter of spring-ai-neo4j-store, doKey embeds the key into a backtick-delimited...

Cross-site Scripting (XSS)

Overview justhtml is an A pure Python HTML5 parser that just works. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the tomarkdown function. An attacker can inject arbitrary HTML content by supplying specially crafted input that includes HTML-significant characters...

CVE-2026-28470

OpenClaw versions prior to 2026.2.2 contain an exec approvals must be enabled allowlist bypass vulnerability that allows attackers to execute arbitrary commands by injecting command substitution syntax. Attackers can bypass the allowlist protection by embedding unescaped $ or backticks inside...

CVE-2026-25479 Litestar has an AllowedHosts validation bypass due to unescaped regex metacharacters in configured host patterns

Litestar is an Asynchronous Server Gateway Interface ASGI framework. Prior to 2.20.0, in litestar.middleware.allowedhosts, allowlist entries are compiled into regex patterns in a way that allows regex metacharacters to retain special meaning e.g., . matches any character. This enables a bypass...

CVE-2026-25478

Litestar (ASGI framework) contains a vulnerability in CORSConfig.allowed_origins_regex prior to 2.20.0 where a regex built from allowlist values is used with fullmatch without escaping metacharacters, allowing a malicious origin to match unexpectedly. Impact is indicated as HIGH (CVSS 3.1: AV:N/A...

CVE-2026-25478 Litestar has a CORS origin allowlist bypass due to unescaped regex metacharacters in allowed origins

Litestar is an Asynchronous Server Gateway Interface ASGI framework. Prior to 2.20.0, CORSConfig.allowedoriginsregex is constructed using a regex built from configured allowlist values and used with fullmatch for validation. Because metacharacters are not escaped, a malicious origin can match...

GHSA-2P2X-HPG8-CQP2 Litestar's CORS origin allowlist has a bypass due to unescaped regex metacharacters in allowed origins

Summary CORS origin validation can be bypassed because the allowed-origins allowlist is compiled into a regex without escaping metacharacters notably .. An allowed origin like https://good.example can match https://goodXexample, resulting in Access-Control-Allow-Origin being set for an untrusted...

CVE-2025-54813

Improper Output Neutralization for Logs vulnerability in Apache Log4cxx. When using JSONLayout, not all payload bytes are properly escaped. If an attacker-supplied message contains certain non-printable characters, these will be passed along in the message and written out as part of the JSON...

Security update for python-Django

This update for python-Django fixes the following issues: CVE-2025-48432: log injection or forgery due to unescaped control characters being added into logs bsc1244095. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...

CVE-2025-22606 Coolify Command Injection Vulnerability in Project Name

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In version 4.0.0-beta.358 and possibly earlier versions, when creating or updating a "project," it is possible to inject arbitrary shell commands by altering the project name. If a name includes...

yt-dlp 安全漏洞

yt-dlp is based on the youtube-dl branch of the now inactive youtube-dlc. A security vulnerability exists in yt-dlp that stems from not properly escaping special characters, resulting in a remote code execution vulnerability...

VulnCheck KEV: CVE-2023-1119

The WP-Optimize WordPress plugin before 3.2.13, SrbTransLatin WordPress plugin before 2.4.1 use a third-party library that removes the escaping on some HTML characters, leading to a cross-site scripting vulnerability...