Lucene search
K

10 matches found

NVD
NVD
added 2026/03/25 7:16 p.m.4 views

CVE-2026-27602

Modoboa is a mail hosting and management platform. Prior to version 2.7.1, execcmd in modoboa/lib/sysutils.py always runs subprocess calls with shell=True. Since domain names flow directly into shell command strings without any sanitization, a Reseller or SuperAdmin can include shell metacharacte...

7.2CVSS0.00566EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/03/25 6:49 p.m.22 views

CVE-2026-27602 Modoboa has an OS Command Injection

Modoboa is a mail hosting and management platform. Prior to version 2.7.1, execcmd in modoboa/lib/sysutils.py always runs subprocess calls with shell=True. Since domain names flow directly into shell command strings without any sanitization, a Reseller or SuperAdmin can include shell metacharacte...

7.2CVSS0.00566EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.11 views

Modoboa 操作系统命令注入漏洞

Modoboa is a mail hosting and management platform developed by the Modoboa team. Versions of Modoboa prior to 2.7.1 contained a vulnerability related to operating system command injection. This vulnerability stemmed from the execcmd function always running child processes with shell=True, and it...

7.2CVSS6AI score0.00566EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/03/04 10:9 p.m.24 views

CVE-2026-29086 Hono: Cookie Attribute Injection via Unsanitized domain and path in setCookie()

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.12.4, the setCookie utility did not validate semicolons ;, carriage returns \r, or newline characters \n in the domain and path options when constructing the Set-Cookie header. Because cookie...

5.4CVSS0.00216EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/04 10:9 p.m.5 views

CVE-2026-29086 Hono: Cookie Attribute Injection via Unsanitized domain and path in setCookie()

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.12.4, the setCookie utility did not validate semicolons ;, carriage returns \r, or newline characters \n in the domain and path options when constructing the Set-Cookie header. Because cookie...

5.4CVSS5.8AI score0.00216EPSS
Exploits0References2
OSV
OSV
added 2026/03/04 10:9 p.m.3 views

CVE-2026-29086 Hono: Cookie Attribute Injection via Unsanitized domain and path in setCookie()

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.12.4, the setCookie utility did not validate semicolons ;, carriage returns \r, or newline characters \n in the domain and path options when constructing the Set-Cookie header. Because cookie...

5.4CVSS5.8AI score0.00216EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/04 7:49 p.m.6 views

EUVD-2026-9508

Hono Vulnerable to Cookie Attribute Injection via Unsanitized domain and path in setCookie...

5.4CVSS6AI score0.00216EPSS
Exploits0References2
OSV
OSV
added 2026/03/04 7:49 p.m.3 views

GHSA-5PQ2-9X2X-5P6W Hono Vulnerable to Cookie Attribute Injection via Unsanitized domain and path in setCookie()

Summary The setCookie utility did not validate semicolons ;, carriage returns \r, or newline characters \n in the domain and path options when constructing the Set-Cookie header. Because cookie attributes are delimited by semicolons, this could allow injection of additional cookie attributes if...

5.4CVSS5.7AI score0.00216EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/08/08 7:31 a.m.17 views

CVE-2025-21457

Information disclosure while opening a fastrpc session when domain is not sanitized...

6.1CVSS6.4AI score0.00084EPSS
Exploits0References1
NVD
NVD
added 2025/08/06 8:15 a.m.5 views

CVE-2025-21457

Information disclosure while opening a fastrpc session when domain is not sanitized...

6.1CVSS0.00084EPSS
Exploits0References1
Rows per page
Query Builder