107 matches found
CVE-2026-42061
Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis DeviceLock DLP Windows before build 9.0.15051.93227...
CVE-2026-42061
Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis DeviceLock DLP Windows before build 9.0.15051.93227...
CVE-2026-42061
Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis DeviceLock DLP Windows before build 9.0.15051.93227...
CVE-2026-42061
Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis DeviceLock DLP Windows before build 9.0.15051.93227...
CVE-2026-42061
Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis DeviceLock DLP Windows before build 9.0.15051.93227...
CVE-2026-42061
CVE-2026-42061 describes a local privilege escalation caused by excessive permissions granted to child processes in Acronis DeviceLock DLP (Windows) prior to build 9.0.15051.93227 . Affected component and root cause are stated, with the CVSSv3 score reported as 7.3 (High) and attack vector LOCAL,...
PT-2026-46061
Name of the Vulnerable Software and Affected Versions Acronis DeviceLock DLP Windows versions prior to 9.0.15051.93227 Description Local privilege escalation occurs because excessive permissions are assigned to child processes. Recommendations Update to build 9.0.15051.93227 or later...
UBUNTU-CVE-2026-41570
PHPUnit is a testing framework for PHP. In versions 12.5.21 and 13.1.5, PHPUnit forwards PHP INI settings to child processes used for isolated/PHPT test execution as -d name=value command-line arguments without neutralizing INI metacharacters. Because PHP's INI parser interprets " as a string...
CVE-2026-41570
PHPUnit is a testing framework for PHP. In versions 12.5.21 and 13.1.5, PHPUnit forwards PHP INI settings to child processes used for isolated/PHPT test execution as -d name=value command-line arguments without neutralizing INI metacharacters. Because PHP's INI parser interprets " as a string...
CVE-2026-41570
PHPUnit versions 12.5.21 and 13.1.5 forward PHP INI settings to child processes as -d name=value without neutralizing metacharacters, allowing newline-based directive injection. This can lead to remote code execution via auto_prepend_file in the child process. Patches are available in PHPUnit 12....
CVE-2026-41570
PHPUnit is a testing framework for PHP. In versions 12.5.21 and 13.1.5, PHPUnit forwards PHP INI settings to child processes used for isolated/PHPT test execution as -d name=value command-line arguments without neutralizing INI metacharacters. Because PHP's INI parser interprets " as a string...
CVE-2026-41570 PHPUnit: Argument injection via newline in PHP INI values forwarded to child processes
PHPUnit is a testing framework for PHP. In versions 12.5.21 and 13.1.5, PHPUnit forwards PHP INI settings to child processes used for isolated/PHPT test execution as -d name=value command-line arguments without neutralizing INI metacharacters. Because PHP's INI parser interprets " as a string...
EUVD-2026-28649
PHPUnit is a testing framework for PHP. In versions 12.5.21 and 13.1.5, PHPUnit forwards PHP INI settings to child processes used for isolated/PHPT test execution as -d name=value command-line arguments without neutralizing INI metacharacters. Because PHP's INI parser interprets " as a string...
PHPUnit 参数注入漏洞
PHPUnit is a PHP unit testing framework developed by Sebastian Bergmann. Versions 12.5.21 and 13.1.5 of PHPUnit contain parameter injection vulnerabilities. These vulnerabilities arise from failing to neutralize INI meta-characters when forwarding PHP INI settings to child processes, which may le...
EUVD-2026-25341
OpenClaw before 2026.3.31 contains an environment variable leakage vulnerability in SSH-based sandbox backends that pass unsanitized process.env to child processes. Attackers can exploit this by leveraging non-default SSH environment forwarding configurations to leak sensitive environment variabl...
CVE-2026-41357
OpenClaw before 2026.3.31 contains an environment variable leakage vulnerability in SSH-based sandbox backends that pass unsanitized process.env to child processes. Attackers can exploit this by leveraging non-default SSH environment forwarding configurations to leak sensitive environment variabl...
CVE-2026-41357 OpenClaw < 2026.3.31 - Unsanitized Environment Variable Leakage in SSH Sandbox Backends
OpenClaw before 2026.3.31 contains an environment variable leakage vulnerability in SSH-based sandbox backends that pass unsanitized process.env to child processes. Attackers can exploit this by leveraging non-default SSH environment forwarding configurations to leak sensitive environment variabl...
CVE-2026-41357
OpenClaw before 2026.3.31 contains an environment variable leakage vulnerability in SSH-based sandbox backends that pass unsanitized process.env to child processes. Attackers can exploit this by leveraging non-default SSH environment forwarding configurations to leak sensitive environment variabl...
PT-2026-34788
OpenClaw before 2026.3.31 contains an environment variable leakage vulnerability in SSH-based sandbox backends that pass unsanitized process.env to child processes. Attackers can exploit this by leveraging non-default SSH environment forwarding configurations to leak sensitive environment variabl...
PHPUnit has Argument injection via newline in PHP INI values that are forwarded to child processes
Impact PHPUnit forwards PHP INI settings to child processes used for isolated/PHPT test execution as -d name=value command-line arguments without neutralizing INI metacharacters. Because PHP's INI parser interprets " as a string delimiter, ; as the start of a comment, and most importantly a newli...