CVE-2026-2298

Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability in Salesforce Marketing Cloud Engagement allows Web Services Protocol Manipulation. This issue affects Marketing Cloud Engagement: before January 30th, 2026...

CVE-2026-33069

PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and below have a cascading out-of-bounds heap read in pjsipmultipartparse. After boundary string matching, curptr is advanced past the delimiter without verifying it has not reached the buffer end. This...

CVE-2026-22582

Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability in Salesforce Marketing Cloud Engagement MicrositeUrl module allows Web Services Protocol Manipulation. This issue affects Marketing Cloud Engagement: before January 21st, 2026...

PT-2026-4540

Name of the Vulnerable Software and Affected Versions Salesforce Marketing Cloud Engagement versions prior to January 21st, 2026 Description Improper Neutralization of Argument Delimiters in a Command, also known as Argument Injection, in the MicrositeUrl module allows Web Services Protocol...

Linux Distros Unpatched Vulnerability : CVE-2023-31208

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper neutralization of livestatus command delimiters in the RestAPI in Checkmk 2.0.0p36, 2.1.0p28, and 2.2.0b8 beta allows arbitrary livestatus command...

DELL ThinOS 10 Parameter Injection Vulnerability

DELL ThinOS 10 is a next-generation thin client operating system from Dell designed for virtual desktop infrastructure VDI to improve security, efficiency and user experience. DELL ThinOS 10 suffers from a parameter injection vulnerability that stems from improper parameter delimiter...

Dell ThinOS 10 参数注入漏洞

DELL ThinOS 10 is a next-generation thin client operating system from Dell designed for virtual desktop infrastructure VDI to improve security, efficiency and user experience. DELL ThinOS 10 suffers from a parameter injection vulnerability that stems from improper parameter delimiter...

CVE-2025-3945

Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability in Tridium Niagara Framework on QNX, Tridium Niagara Enterprise Security on QNX allows Command Delimiters. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara...

PT-2025-15924 · Checkmk · Checkmk

Name of the Vulnerable Software and Affected Versions: Checkmk versions prior to 2.2.0p39 Checkmk versions prior to 2.3.0p25 Checkmk versions prior to 2.1.0p51 Description: The issue is related to improper neutralization of livestatus command delimiters in a specific endpoint within the RestAPI o...

PT-2024-29912 · Cesanta · Cesanta Mongoose Web Server

Name of the Vulnerable Software and Affected Versions: Cesanta Mongoose Web Server version 7.14 Description: The issue is related to improper neutralization of delimiters in the Cesanta Mongoose Web Server. This can cause an out-of-bound memory write if the PEM certificate contains unexpected...

BIT-DJANGO-2020-7471

Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter. By passing a suitably crafted delimiter...

CVE-2023-51747

Apache James prior to versions 3.8.1 and 3.7.5 is vulnerable to SMTP smuggling. A lenient behaviour in line delimiter handling might create a difference of interpretation between the sender and the receiver which can be exploited by an attacker to forge an SMTP envelop, allowing for instance to...

Design/Logic Flaw

Apache James prior to versions 3.8.1 and 3.7.5 is vulnerable to SMTP smuggling. A lenient behaviour in line delimiter handling might create a difference of interpretation between the sender and the receiver which can be exploited by an attacker to forge an SMTP envelop, allowing for instance to...

PT-2024-14283 · Apache · Apache James

Name of the Vulnerable Software and Affected Versions: Apache James versions prior to 3.8.1 and 3.7.5 Description: A lenient behavior in line delimiter handling might create a difference of interpretation between the sender and the receiver, which can be exploited by an attacker to forge an SMTP...

PT-2023-32549 · Checkmk · Checkmk

Name of the Vulnerable Software and Affected Versions: Checkmk versions prior to 2.0.0p39 Checkmk versions prior to 2.1.0p37 Checkmk versions prior to 2.2.0p15 Description: The issue is related to the improper neutralization of livestatus command delimiters in the ajax search function, allowing...

rsyslog: heap-based overflow in contrib/pmaixforwardedfrom/pmaixforwardedfrom.c

An issue was discovered in Rsyslog v8.1908.0. contrib/pmaixforwardedfrom/pmaixforwardedfrom.c has a heap overflow in the parser for AIX log messages. The parser tries to locate a log message delimiter in this case, a space or a colon but fails to account for strings that do not satisfy this...

rsyslog: heap-based overflow in contrib/pmcisconames/pmcisconames.c

An issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconames/pmcisconames.c has a heap overflow in the parser for Cisco log messages. The parser tries to locate a log message delimiter in this case, a space or a colon, but fails to account for strings that do not satisfy this constraint. If...

SUSE SLED15 / SLES15 Security Update : spamassassin (SUSE-SU-2020:0811-1)

This update for spamassassin fixes the following issues : Security issues fixed : CVE-2018-11805: Fixed an issue with delimiter handling in rule files related to isregexpvalid bsc1118987. CVE-2020-1930: Fixed an issue with rule configuration .cf files which can be configured to run system command...

SUSE SLES12 Security Update : spamassassin (SUSE-SU-2020:0810-1)

This update for spamassassin fixes the following issues : CVE-2018-11805: Fixed an issue with delimiter handling in rule files related to isregexpvalid bsc1118987. CVE-2020-1930: Fixed an issue with rule configuration .cf files which can be configured to run system commands bsc1162197...

SUSE SLES15 Security Update : spamassassin (SUSE-SU-2020:0813-1)

This update for spamassassin fixes the following issues : Security issues fixed : CVE-2018-11805: Fixed an issue with delimiter handling in rule files related to isregexpvalid bsc1118987. CVE-2020-1930: Fixed an issue with rule configuration .cf files which can be configured to run system command...