CVE-2026-47693

CVE-2026-47693 details (Poweradmin) : Poweradmin, a web-based DNS admin tool for PowerDNS, is vulnerable to CSV Injection in its log export endpoints. User-supplied data (notably the username) is written to exported CSVs without sanitizing formula trigger characters (=, +, -, @). When an admin ex...

CVE-2026-54326

Pi is a minimal terminal coding harness. From 0.74.0 until 0.78.1, Pi HTML exports render session Markdown into a static HTML file. It did not consistently reject unsafe Markdown link and image URL schemes. In versions with scheme filtering, C0 control characters in the URL scheme could bypass th...

samba: Samba: Remote Code Execution in printing subsystem via unescaped job description

A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the "print command" setting via the "%J" substitution character without escaping shell meta characters. A remote attacker could exploit this vulnerability by...

samba: Samba: Remote Code Execution in printing subsystem via unescaped job description

A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the "print command" setting via the "%J" substitution character without escaping shell meta characters. A remote attacker could exploit this vulnerability by...

samba: Samba: Remote Code Execution in printing subsystem via unescaped job description

A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the "print command" setting via the "%J" substitution character without escaping shell meta characters. A remote attacker could exploit this vulnerability by...

samba: Samba: Remote Code Execution in printing subsystem via unescaped job description

A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the "print command" setting via the "%J" substitution character without escaping shell meta characters. A remote attacker could exploit this vulnerability by...

CVE-2026-50555 Angular: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in @angular/platform-server

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.16, 20.3.24, and 19.2.25, a Cross-Site Scripting XSS vulnerability exists in @angular/platform-server's DOM emulation dependency domino wh...

EUVD-2026-38224

Net::Statsite::Client versions through 1.1.0 for Perl allow metric injections. Net::Statsite::Client is a client for the statsite protocol, which is a variant of statsd. Newlines are not removed from metric names, allowing metric injections. Values are not sanitised for newlines or other protocol...

PT-2026-51428

Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.14.3 Description A malicious user with permissions to create files in a repository or wiki page can trigger a denial of service. This occurs when pages containing file listings return an HTTP 500 error, rendering the w...

UBUNTU-CVE-2026-56412

libexpat before 2.8.2 does not consider XMLTOKDATACHARS in doCdataSection and thus lacks handler call depth tracking for various calls from within handlers in cases of a policy violation. Thus, a use-after-free can occur. NOTE: this issue exists because of an incomplete fix for CVE-2026-50219...

CVE-2026-56412

libexpat before 2.8.2 does not consider XMLTOKDATACHARS in doCdataSection and thus lacks handler call depth tracking for various calls from within handlers in cases of a policy violation. Thus, a use-after-free can occur. NOTE: this issue exists because of an incomplete fix for CVE-2026-50219...

Astra Linux – Vulnerability in Ruby 2.5

REXML is an XML toolkit for Ruby. The REXML gem before version 3.3.2 had some DoS vulnerabilities when parsing XML that contained many special characters, such as whitespace characters, , , and . The REXML gem versions 3.3.3 or later include patches to fix these vulnerabilities...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: “vt: fix unicode buffer corruption when deleting characters” This is the same issue that was fixed for the VGA text buffer in commit 39cdb68c64d8 “vt: fix memory overlapping when deleting chars in the buffer”. The solution is als...

Astra Linux – Vulnerability in Shadow

In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn change finger. Although it is not possible to exploit this directly for example, adding a new user fails because \n is in the block list, it is possible to misrepresent the /etc/passwd file...

Astra Linux – Vulnerability found in Python 3.11, Python 2.7, Python 3.7, and Pypy

The email module in Python, as of version 3.11.3, incorrectly parses email addresses that contain special characters. The incorrect portion of the RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism by allowing access to...

io.quarkus/quarkus-vertx-http: Quarkus: Authorization bypass in HTTP path-based policies via encoded characters

A flaw was found in Quarkus. A remote attacker could bypass HTTP path-based authorization policies by using specially crafted encoded semicolons, slashes, or backslashes in HTTP requests. This could allow unauthorized access to protected static resources, leading to information disclosure...

netty-codec-http: Netty: Data manipulation via request-boundary confusion in HttpObjectDecoder

A flaw was found in Netty. The HttpObjectDecoder component, which processes incoming HTTP requests, incorrectly skips certain control characters and whitespace before reading the first request line. This behavior, which goes beyond standard HTTP protocol requirements, can lead to request-boundary...

Path Equivalence

Overview Affected versions of this package are vulnerable to Path Equivalence in the pathWithoutMatrixParams of AbstractPathMatchingHttpSecurityPolicy via specially crafted HTTP requests containing encoded semicolons, slashes, or backslashes in the request path. An attacker can gain unauthorized...

Netty: HttpObjectDecoder skips arbitrary initial control characters when only initial CRLF characters are permitted

Summary Before reading the first request-line, HttpObjectDecoder skips every byte for which Character.isISOControlb is true 0x00–0x1F and 0x7F as well as all whitespace. RFC 9112 §2.2 only asks servers to ignore empty CRLF lines preceding the request-line — a carefully scoped robustness allowance...

EUVD-2026-36468

Netty: HttpObjectDecoder skips arbitrary initial control characters when only initial CRLF characters are permitted...