Lucene search
K

24 matches found

Cvelist
Cvelist
added 2026/06/10 3:9 p.m.30 views

CVE-2026-48096 OpenFGA: Cache-key delimiter injection in openfga/openfga shared-iterator and v2 iterator caches enables intra-store authorization-decision poisoning

OpenFGA is an authorization/permission engine built for developers. Prior to version 1.16.0, when iterator caching is enabled, two distinct check requests can produce the same cache key, leading to OpenFGA reusing an earlier cached result for a subsequent request. This issue has been patched in...

5CVSS0.00101EPSS
Exploits0References2
OSV
OSV
added 2026/01/24 1:15 a.m.10 views

CVE-2026-22582

Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability in Salesforce Marketing Cloud Engagement MicrositeUrl module allows Web Services Protocol Manipulation. This issue affects Marketing Cloud Engagement: before January 21st, 2026...

9.8CVSS5.8AI score0.00659EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.1 views

EUVD-2020-20512

Malware in sbrugna...

9CVSS7.8AI score0.0406EPSS
Exploits1References7
OSV
OSV
added 2025/08/27 2:15 p.m.5 views

CVE-2025-43730

Dell ThinOS 10, versions prior to 250810.0127, contains an Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability. A local unauthenticated user could potentially exploit this vulnerability leading to Elevation of Privileges and Information disclosure...

7.8CVSS5.8AI score0.00196EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/27 1:57 p.m.1 views

CVE-2025-43730

Dell ThinOS 10, versions prior to 250810.0127, contains an Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability. A local unauthenticated user could potentially exploit this vulnerability leading to Elevation of Privileges and Information disclosure...

8.4CVSS7AI score0.00196EPSS
Exploits0References1
CVE
CVE
added 2025/08/27 1:57 p.m.15 views

CVE-2025-43730

Dell ThinOS 10 is affected by an Improper Neutralization of Argument Delimiters in a Command (Argument Injection) vulnerability. Affected: Dell ThinOS 10 before 2508_10.0127. Impact per sources: local elevation of privileges and information disclosure for a local unauthenticated user. Root cause:...

8.4CVSS6.4AI score0.00196EPSS
Exploits0References1Affected Software1
Hacker One
Hacker One
added 2022/11/29 10:8 a.m.141 views

Internet Bug Bounty: Electron CVE-2022-35954 Delimiter Injection Vulnerability in exportVariable

Describe the summary: The Electron Website provides a set of packages to make creating actions easier. The core.exportVariable function uses a well known delimiter that attackers can use to break out of that specific variable and assign values to other arbitrary variables. Workflows that write...

4CVSS5.6AI score0.00559EPSS
Exploits0
CNNVD
CNNVD
added 2022/09/29 12:0 a.m.4 views

BigBlueButton 注入漏洞

BigBlueButton is an open source web conferencing system from the BigBlueButton community. A security vulnerability exists in BigBlueButton versions prior to 2.2.7, which stems from an unprotected mechanism for delimiter injection in meetingId, userId, and authToken...

9.8CVSS8.3AI score0.01394EPSS
Exploits0References3
OSV
OSV
added 2022/08/18 7:1 p.m.36 views

GHSA-7R3H-M5J6-3Q42 @actions/core has Delimiter Injection Vulnerability in exportVariable

Impact The core.exportVariable function uses a well known delimiter that attackers can use to break out of that specific variable and assign values to other arbitrary variables. Workflows that write untrusted values to the GITHUBENV file may cause the path or other environment variables to be...

5CVSS4.9AI score0.00559EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2022/08/13 11:40 p.m.6 views

CVE-2022-35954 Delimiter injection vulnerability in @actions/core exportVariable

The GitHub Actions ToolKit provides a set of packages to make creating actions easier. The core.exportVariable function uses a well known delimiter that attackers can use to break out of that specific variable and assign values to other arbitrary variables. Workflows that write untrusted values t...

5CVSS5.3AI score0.00559EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/08/13 11:40 p.m.42 views

CVE-2022-35954 Delimiter injection vulnerability in @actions/core exportVariable

The GitHub Actions ToolKit provides a set of packages to make creating actions easier. The core.exportVariable function uses a well known delimiter that attackers can use to break out of that specific variable and assign values to other arbitrary variables. Workflows that write untrusted values t...

5CVSS5.5AI score0.00559EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.26 views

SUSE: Security Advisory (SUSE-SU-2016:3273-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS7AI score0.00505EPSS
Exploits0References17
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.28 views

SUSE: Security Advisory (SUSE-SU-2016:3044-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS7.5AI score0.00505EPSS
Exploits0References17
OSV
OSV
added 2021/05/06 1:15 p.m.1 views

DEBIAN-CVE-2020-28021

Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. An authenticated remote SMTP client can insert newline characters into a spool file which indirectly leads to remote code execution as root via AUTH= in a MAIL FROM command...

8.8CVSS8.4AI score0.0406EPSS
Exploits1References1
Hacker One
Hacker One
added 2018/11/20 4:48 a.m.19 views

HackerOne: Corrupted Authorization header can cause logs not to be ingested properly in ████████

HackerOne ingests different logs in ██████, one of them being nginx access logs from our load balancers. The default log format of our load balancer configuration is shown below. As can be seen in the format, the HTTP user specified in the Authorization header $remoteuser is placed between the...

7AI score
Exploits0
OSV
OSV
added 2016/12/27 12:30 p.m.8 views

SUSE-SU-2016:3273-1 Security update for xen

This update for xen fixes several issues. These security issues were fixed: - CVE-2016-9637: ioport array overflow allowing a malicious guest administrator can escalate their privilege to that of the host bsc1011652 - CVE-2016-9386: x86 null segments were not always treated as unusable allowing a...

8.8CVSS7.8AI score0.00505EPSS
Exploits0References29
Tenable Nessus
Tenable Nessus
added 2016/12/27 12:0 a.m.41 views

SUSE SLES11 Security Update : xen (SUSE-SU-2016:3273-1)

This update for xen fixes several issues. These security issues were fixed : - CVE-2016-9637: ioport array overflow allowing a malicious guest administrator can escalate their privilege to that of the host bsc1011652 - CVE-2016-9386: x86 null segments were not always treated as unusable allowing ...

8.8CVSS7.1AI score0.00505EPSS
Exploits0References43
Tenable Nessus
Tenable Nessus
added 2016/12/16 12:0 a.m.40 views

openSUSE Security Update : xen (openSUSE-2016-1477)

xen was updated to version 4.7.1 to fix 17 security issues. These security issues were fixed : - CVE-2016-9637: ioport array overflow allowing a malicious guest administrator can escalate their privilege to that of the host bsc1011652. - CVE-2016-9386: x86 null segments were not always treated as...

8.8CVSS7.1AI score0.00505EPSS
Exploits0References34
OSV
OSV
added 2016/12/14 1:56 p.m.7 views

SUSE-SU-2016:3156-1 Security update for xen

This update for xen fixes several issues. These security issues were fixed: - CVE-2016-9637: ioport array overflow allowing a malicious guest administrator can escalate their privilege to that of the host bsc1011652 - CVE-2016-9386: x86 null segments were not always treated as unusable allowing a...

8.8CVSS7.9AI score0.00505EPSS
Exploits0References33
OPENSUSE Linux
OPENSUSE Linux
added 2016/12/14 1:18 a.m.55 views

Security update for xen (important)

xen was updated to version 4.7.1 to fix 17 security issues. These security issues were fixed: - CVE-2016-9637: ioport array overflow allowing a malicious guest administrator can escalate their privilege to that of the host bsc1011652. - CVE-2016-9386: x86 null segments were not always treated as...

4.9CVSS2.8AI score0.00505EPSS
Exploits0References17
Rows per page
Query Builder