Lucene search
K

304 matches found

EUVD
EUVD
added 4 days ago8 views

EUVD-2026-42876

Improper Neutralization of Parameter/Argument Delimiters vulnerability in elixir-plug plug allows an attacker to inject or override HTTP cookie attributes. The Plug.Conn.Cookies.encode/2 function in lib/plug/conn/cookies.ex builds the Set-Cookie response header by interpolating the cookie value a...

2.1CVSS6.1AI score0.00146EPSS
Exploits0References4
Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-56813 Cookie attribute injection in Plug.Conn.Cookies.encode/2

Improper Neutralization of Parameter/Argument Delimiters vulnerability in elixir-plug plug allows an attacker to inject or override HTTP cookie attributes. The Plug.Conn.Cookies.encode/2 function in lib/plug/conn/cookies.ex builds the Set-Cookie response header by interpolating the cookie value a...

2.1CVSS0.00146EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 5 days ago5 views

fast-uri: fast-uri: URI authority bypass due to improper delimiter handling

A flaw was found in fast-uri. A remote attacker could exploit this vulnerability by crafting a malicious Uniform Resource Identifier URI that contains percent-encoded authority delimiters. The fast-uri library incorrectly decodes these delimiters during normalization and then re-emits them as raw...

7.5CVSS6AI score0.00475EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/06 9:54 p.m.7 views

EUVD-2026-25038

cut: -s ignored in -z -d '' newline-delimiter mode...

3.3CVSS5.9AI score0.00182EPSS
Exploits1References5
EUVD
EUVD
added 2026/07/06 7:54 p.m.7 views

EUVD-2026-24973

cut: -s only-delimited ignored when delimiter is a newline...

3.3CVSS6AI score0.00135EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/07/03 2:9 p.m.39 views

CVE-2026-14459 Argument Injection in TUBITAK BILGEM's pardus-software

Improper neutralization of argument delimiters in a command 'argument injection' vulnerability in TUBITAK BILGEM Software Technologies Research Institute pardus-software allows Argument Injection. This issue affects pardus-software: from = 1.0.4 before 1.0.5...

8.8CVSS0.00198EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2026/07/01 11:9 a.m.6 views

fast-uri: fast-uri: URI authority bypass due to improper delimiter handling

A flaw was found in fast-uri. A remote attacker could exploit this vulnerability by crafting a malicious Uniform Resource Identifier URI that contains percent-encoded authority delimiters. The fast-uri library incorrectly decodes these delimiters during normalization and then re-emits them as raw...

7.5CVSS5.8AI score0.00475EPSS
Exploits0References6
OSV
OSV
added 2026/06/24 10:16 p.m.4 views

UBUNTU-CVE-2026-39894

Cacti is an open source performance and fault management framework. In versions 1.2.30 and below, the locale-dependent decimal formatting in rrdtoolfunctionupdate can corrupt RRDtool metric values. The rrdtoolfunctionupdate function checks metric values with isnumeric and concatenates them into t...

2.9CVSS5.7AI score0.00104EPSS
Exploits0References5
OSV
OSV
added 2026/06/11 8:28 p.m.7 views

GHSA-8396-JFFM-QX4W OpenFGA has cache-key delimiter injection in shared-iterator and v2 iterator that caches enables intra-store authorization-decision poisoning

Description In OpenFGA, when iterator caching is enabled, two distinct check requests can produce the same cache key, leading to OpenFGA reusing an earlier cached result for a subsequent request. Preconditions This applies if the following preconditions are present: - FGA runs with...

5CVSS5.5AI score0.00101EPSS
Exploits0References4
NVD
NVD
added 2026/06/10 4:17 p.m.13 views

CVE-2026-53694

Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability in Nomachine allows Argument Injection.This issue affects Nomachine: before 9.5.7, before 8.23.2...

7.3CVSS0.00131EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/10 3:9 p.m.33 views

CVE-2026-48096 OpenFGA: Cache-key delimiter injection in openfga/openfga shared-iterator and v2 iterator caches enables intra-store authorization-decision poisoning

OpenFGA is an authorization/permission engine built for developers. Prior to version 1.16.0, when iterator caching is enabled, two distinct check requests can produce the same cache key, leading to OpenFGA reusing an earlier cached result for a subsequent request. This issue has been patched in...

5CVSS0.00101EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/10 2:57 p.m.12 views

EUVD-2026-36060

Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability in Nomachine allows Argument Injection.This issue affects Nomachine: before 9.5.7, before 8.23.2...

7.3CVSS5.5AI score0.00131EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.11 views

CVE-2026-6322

A flaw was found in fast-uri. A remote attacker could exploit this vulnerability by crafting a malicious Uniform Resource Identifier URI that contains percent-encoded authority delimiters. The fast-uri library incorrectly decodes these delimiters during normalization and then re-emits them as raw...

7.5CVSS5.5AI score0.00475EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.9 views

CVE-2026-33808

Impact@fastify/express v4.0.4 and earlier fails to normalize URLs before passing them to Express middleware when Fastify router normalization options are enabled. This allows complete bypass of path-scoped authentication middleware via duplicate slashes when ignoreDuplicateSlashes is enabled, or...

9.1CVSS5.4AI score0.00483EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:14 p.m.10 views

CVE-2026-40113

PraisonAI is a multi-agent teams system. Prior to 4.5.128, deploy.py constructs a single comma-delimited string for the gcloud run deploy --set-env-vars argument by directly interpolating openaimodel, openaikey, and openaibase without validating that these values do not contain commas. gcloud use...

8.4CVSS5.6AI score0.00231EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/27 5:31 a.m.10 views

CVE-2026-8708 Genzel breadcrumbs <= 1.2 - Cross-Site Request Forgery to Settings Update via Plugin Settings Page

The Genzel breadcrumbs plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect nonce validation on the optionspage function. This makes it possible for unauthenticated attackers to update the plugin's breadcru...

4.3CVSS5.7AI score0.00128EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/27 5:31 a.m.17 views

EUVD-2026-32090

The Genzel breadcrumbs plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect nonce validation on the optionspage function. This makes it possible for unauthenticated attackers to update the plugin's breadcru...

4.3CVSS5.7AI score0.00128EPSS
Exploits0References4
OSV
OSV
added 2026/05/22 4:4 p.m.10 views

CLSA-2026-1779465893 postgresql: Fix of CVE-2026-6473

CVE-2026-6473: tsearch: bound StartSel/StopSel/FragmentDelimiter length to PGINT16MAX in tsheadline - CVE-2026-6473: contrib/ltree: guard lquery parsing against numvar and totallen wraparound - CVE-2026-6473: regex: add overflow-checked MALLOCARRAY/REALLOCARRAY and bound NFA state/color products...

8.8CVSS5.8AI score0.00668EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in exim4

Exim 4 before 4.94.2 has an improper neutralization of line delimiters, which is relevant in non-default configurations that enable Delivery Status Notification DSN. Certain uses of ORCPT= can insert a new line into a spool header file, thereby indirectly allowing unauthenticated remote attackers...

9.8CVSS7.3AI score0.09251EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in golang-github-golang-jwt-jwt

golang-jwt is a Go implementation of JSON Web Tokens. Starting from version 3.2.0 and before versions 5.2.2 and 4.5.2, the parse.ParseUnverified function splits its argument which contains untrusted data using periods. As a result, in the case of a malicious request where the Authorization header...

7.5CVSS6.7AI score0.00693EPSS
Exploits0References2
Rows per page
Query Builder