5 matches found
CVE-2026-39394
CI4MS vulnerable to CRLF injection in .env via unvalidated host parameter in Install::index(). Before 0.31.4.0, host is read without validation and appended to .env through updateEnvSettings() using preg_replace(), allowing newline characters to inject arbitrary key=value lines (e.g., app.baseURL...
MiracleLinux 4 : ntp-4.2.6p5-12.1.0.1.AXS4 (AXSA:2017-2400:02)
The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-2400:02 advisory. Two vulnerabilities were discovered in the NTP server's parsing of configuration directives. A remote, authenticated attacker could cause ntpd to...
USN-7912-1 cups vulnerability
Johannes Meixner and Paul Zirnik discovered that CUPS incorrectly handled clients that send messages slowly. A remote attacker could possibly use this issue to cause CUPS to stop responding, resulting in a denial of service. CVE-2025-58436 In addition, this update fixes a regression introduced in...
ISC Kea 代码注入漏洞
ISC Kea is a modern open source DHCPv4 and DHCPv6 server from the ISC organization. A security vulnerability exists in ISC Kea versions 2.4.0 through 2.4.1, 2.6.0 through 2.6.2, and 2.7.0 through 2.7.8, which stems from configuration and API directives that can load malicious hook libraries,...
CVE-2023-36830
SQLFluff is a SQL linter. Prior to version 2.1.2, in environments where untrusted users have access to the config files, there is a potential security vulnerability where those users could use the librarypath config value to allow arbitrary python code to be executed via macros. For many users wh...