Lucene search
K

44 matches found

NVD
NVD
added 6 days ago7 views

CVE-2026-34158

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.469, the executeInDocker helper wraps user-controlled commands in single quotes without escaping embedded single quotes. Attackers who can edit application settings can inject a...

8.8CVSS0.00363EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 6 days ago6 views

CVE-2026-34158

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.469, the executeInDocker helper wraps user-controlled commands in single quotes without escaping embedded single quotes. Attackers who can edit application settings can inject a...

8.8CVSS6.2AI score0.00363EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/25 3:53 p.m.9 views

CVE-2026-54025

LibreChat suffers a stored XSS in its Markdown artifact preview prior to version 0.8.4-rc1. The vulnerability arises because lib re uses marked v15.0.12 to render image alt text without HTML-escaping double quotes when the custom image renderer defers to the default renderer. LibreChat’s generate...

5.4CVSS6AI score0.0014EPSS
Exploits1References1Affected Software1
SUSE CVE
SUSE CVE
added 2026/06/16 2:20 a.m.11 views

SUSE CVE-2026-47162

Vim is an open source, command line text editor. Prior to version 9.2.0495, a Vimscript code injection vulnerability exists in s:NetrwBookHistSave in the netrw plugin runtime/pack/dist/opt/netrw/autoload/netrw.vim when serializing browsed directory paths to the history file /.vim/.netrwhist. A...

8.8CVSS5.8AI score0.00219EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 p.m.11 views

CVE-2026-49498

Ghidra 11.0 before 12.1 contains a SQL injection vulnerability in the changePassword method of PostgresFunctionDatabase that fails to escape double quotes in usernames interpolated into ALTER ROLE statements. Authenticated attackers can inject SQL commands via crafted username parameters in...

8.8CVSS5.7AI score0.00259EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.10 views

go-git 安全漏洞

go-git is an open-source, highly scalable Git implementation written entirely in Go. Versions of go-git prior to 5.19.1 and 6.0.0-alpha.4 contained security vulnerabilities. These vulnerabilities stemmed from the use of SSH for transmitting commands remotely; the repository path was enclosed in...

2.3CVSS5.8AI score0.00365EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/05/26 9:16 p.m.15 views

CVE-2026-44897

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, HTMLRenderer.heading builds the opening tag by string-concatenating the id attribute value directly into the HTML — with no call to escape, safeentity, or any other sanitisation function. A double-quote character " in...

6.1CVSS6AI score0.00228EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2026/05/26 8:40 p.m.9 views

CVE-2026-44897

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, HTMLRenderer.heading builds the opening tag by string-concatenating the id attribute value directly into the HTML — with no call to escape, safeentity, or any other sanitisation function. A double-quote character " in...

6.1CVSS6AI score0.00228EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2026/05/18 5:53 p.m.31 views

Postgrex: Channel-name SQL injection in `Postgrex.Notifications.listen/3`

Summary SQL injection in Postgrex.Notifications.listen/3: the channel argument is interpolated straight into LISTEN "..." / UNLISTEN "..." without escaping the " character. Any caller that lets a user influence the channel name e.g. a pub/sub bridge that uses a tenant id or topic slug as the...

7.8CVSS6.1AI score0.00198EPSS
Exploits0References6Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/01 8:47 a.m.8 views

CVE-2026-42511

The BOOTP file field is written to the lease file without escaping embedded double-quotes, allowing injection of arbitrary dhclient.conf directives. When the lease file is subsequently re-parsed by dhclient, e.g., after a system restart, an attacker-controlled field from the lease is passed to...

8.1CVSS6.1AI score0.00431EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/30 6:56 a.m.44 views

CVE-2026-42511 Remote code execution via malicious DHCP options

The BOOTP file field is written to the lease file without escaping embedded double-quotes, allowing injection of arbitrary dhclient.conf directives. When the lease file is subsequently re-parsed by dhclient, e.g., after a system restart, an attacker-controlled field from the lease is passed to...

0.00431EPSS
Exploits0References1
CVE
CVE
added 2026/04/30 6:56 a.m.95 views

CVE-2026-42511

Summary: CVE-2026-42511 affects the dhclient DHCP client used on FreeBSD. The BOOTP file field is written to the lease file without escaping embedded double-quotes, allowing an attacker-controlled field in the lease to be injected as arbitrary dhclient.conf directives. When the lease is re-parsed...

8.1CVSS5.7AI score0.00431EPSS
Exploits0References1Affected Software1
Packet Storm News
Packet Storm News
added 2026/04/29 12:0 a.m.7 views

FreeBSD Security Advisory - FreeBSD-SA-26:12.dhclient

FreeBSD Security Advisory - The BOOTP file field is written to the lease file without escaping embedded double-quotes, allowing injection of arbitrary dhclient.conf directives. When the lease file is subsequently re-parsed by dhclient, e.g., after a system restart, an attacker-controlled field fr...

7.3CVSS5.5AI score0.00431EPSS
Exploits0
Cvelist
Cvelist
added 2026/04/23 3:44 a.m.30 views

CVE-2026-41229 Froxlor has a PHP Code Injection via Unescaped Single Quotes in userdata.inc.php Generation (MysqlServer API)

Froxlor is open source server administration software. Prior to version 2.3.6, PhpHelper::parseArrayToString writes string values into single-quoted PHP string literals without escaping single quotes. When an admin with changeserversettings permission adds or updates a MySQL server via the API, t...

9.1CVSS0.0048EPSS
Exploits1References3
CVE
CVE
added 2026/04/23 3:44 a.m.21 views

CVE-2026-41229

Summary (CVE-2026-41229) Froxlor prior to v2.3.6 contains a PHP code injection flaw in the generation of userdata.inc.php. PhpHelper::parseArrayToString() writes string values into single-quoted PHP literals without escaping single quotes. When an admin with change_serversettings updates a MySQL ...

9.1CVSS5.9AI score0.0048EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2026/04/23 12:0 a.m.10 views

Froxlor 代码注入漏洞

Froxlor is a set of lightweight server management software developed by the Froxlor team. Versions of Froxlor prior to 2.3.6 contained a code injection vulnerability. This vulnerability stemmed from the PhpHelper::parseArrayToString function, which did not escape single quotes when writing PHP...

9.1CVSS6AI score0.0048EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/21 3:52 p.m.5 views

CVE-2026-40565 FreeScout has Stored XSS / CSS Injection via linkify() — Unescaped URL in Anchor href

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, FreeScout's linkify function in app/Misc/Helper.php converts plain-text URLs in email bodies into HTML anchor tags without escaping double-quote characters " in the URL. HTMLPurifier called first via...

6.1CVSS5.9AI score0.00199EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/21 3:52 p.m.4 views

CVE-2026-40565

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, FreeScout's linkify function in app/Misc/Helper.php converts plain-text URLs in email bodies into HTML anchor tags without escaping double-quote characters " in the URL. HTMLPurifier called first via...

6.1CVSS5.9AI score0.00199EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/04/21 3:52 p.m.4 views

EUVD-2026-24141

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, FreeScout's linkify function in app/Misc/Helper.php converts plain-text URLs in email bodies into HTML anchor tags without escaping double-quote characters " in the URL. HTMLPurifier called first via...

6.1CVSS5.9AI score0.00199EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/21 3:52 p.m.35 views

CVE-2026-40565 FreeScout has Stored XSS / CSS Injection via linkify() — Unescaped URL in Anchor href

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, FreeScout's linkify function in app/Misc/Helper.php converts plain-text URLs in email bodies into HTML anchor tags without escaping double-quote characters " in the URL. HTMLPurifier called first via...

6.1CVSS0.00199EPSS
Exploits0References3
Rows per page
Query Builder