24 matches found
CVE-2026-48096 OpenFGA: Cache-key delimiter injection in openfga/openfga shared-iterator and v2 iterator caches enables intra-store authorization-decision poisoning
OpenFGA is an authorization/permission engine built for developers. Prior to version 1.16.0, when iterator caching is enabled, two distinct check requests can produce the same cache key, leading to OpenFGA reusing an earlier cached result for a subsequent request. This issue has been patched in...
CVE-2026-22582
Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability in Salesforce Marketing Cloud Engagement MicrositeUrl module allows Web Services Protocol Manipulation. This issue affects Marketing Cloud Engagement: before January 21st, 2026...
EUVD-2020-20512
Malware in sbrugna...
CVE-2025-43730
Dell ThinOS 10, versions prior to 250810.0127, contains an Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability. A local unauthenticated user could potentially exploit this vulnerability leading to Elevation of Privileges and Information disclosure...
CVE-2025-43730
Dell ThinOS 10, versions prior to 250810.0127, contains an Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability. A local unauthenticated user could potentially exploit this vulnerability leading to Elevation of Privileges and Information disclosure...
CVE-2025-43730
Dell ThinOS 10 is affected by an Improper Neutralization of Argument Delimiters in a Command (Argument Injection) vulnerability. Affected: Dell ThinOS 10 before 2508_10.0127. Impact per sources: local elevation of privileges and information disclosure for a local unauthenticated user. Root cause:...
Internet Bug Bounty: Electron CVE-2022-35954 Delimiter Injection Vulnerability in exportVariable
Describe the summary: The Electron Website provides a set of packages to make creating actions easier. The core.exportVariable function uses a well known delimiter that attackers can use to break out of that specific variable and assign values to other arbitrary variables. Workflows that write...
BigBlueButton 注入漏洞
BigBlueButton is an open source web conferencing system from the BigBlueButton community. A security vulnerability exists in BigBlueButton versions prior to 2.2.7, which stems from an unprotected mechanism for delimiter injection in meetingId, userId, and authToken...
GHSA-7R3H-M5J6-3Q42 @actions/core has Delimiter Injection Vulnerability in exportVariable
Impact The core.exportVariable function uses a well known delimiter that attackers can use to break out of that specific variable and assign values to other arbitrary variables. Workflows that write untrusted values to the GITHUBENV file may cause the path or other environment variables to be...
CVE-2022-35954 Delimiter injection vulnerability in @actions/core exportVariable
The GitHub Actions ToolKit provides a set of packages to make creating actions easier. The core.exportVariable function uses a well known delimiter that attackers can use to break out of that specific variable and assign values to other arbitrary variables. Workflows that write untrusted values t...
CVE-2022-35954 Delimiter injection vulnerability in @actions/core exportVariable
The GitHub Actions ToolKit provides a set of packages to make creating actions easier. The core.exportVariable function uses a well known delimiter that attackers can use to break out of that specific variable and assign values to other arbitrary variables. Workflows that write untrusted values t...
SUSE: Security Advisory (SUSE-SU-2016:3273-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2016:3044-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
DEBIAN-CVE-2020-28021
Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. An authenticated remote SMTP client can insert newline characters into a spool file which indirectly leads to remote code execution as root via AUTH= in a MAIL FROM command...
HackerOne: Corrupted Authorization header can cause logs not to be ingested properly in ████████
HackerOne ingests different logs in ██████, one of them being nginx access logs from our load balancers. The default log format of our load balancer configuration is shown below. As can be seen in the format, the HTTP user specified in the Authorization header $remoteuser is placed between the...
SUSE-SU-2016:3273-1 Security update for xen
This update for xen fixes several issues. These security issues were fixed: - CVE-2016-9637: ioport array overflow allowing a malicious guest administrator can escalate their privilege to that of the host bsc1011652 - CVE-2016-9386: x86 null segments were not always treated as unusable allowing a...
SUSE SLES11 Security Update : xen (SUSE-SU-2016:3273-1)
This update for xen fixes several issues. These security issues were fixed : - CVE-2016-9637: ioport array overflow allowing a malicious guest administrator can escalate their privilege to that of the host bsc1011652 - CVE-2016-9386: x86 null segments were not always treated as unusable allowing ...
openSUSE Security Update : xen (openSUSE-2016-1477)
xen was updated to version 4.7.1 to fix 17 security issues. These security issues were fixed : - CVE-2016-9637: ioport array overflow allowing a malicious guest administrator can escalate their privilege to that of the host bsc1011652. - CVE-2016-9386: x86 null segments were not always treated as...
SUSE-SU-2016:3156-1 Security update for xen
This update for xen fixes several issues. These security issues were fixed: - CVE-2016-9637: ioport array overflow allowing a malicious guest administrator can escalate their privilege to that of the host bsc1011652 - CVE-2016-9386: x86 null segments were not always treated as unusable allowing a...
Security update for xen (important)
xen was updated to version 4.7.1 to fix 17 security issues. These security issues were fixed: - CVE-2016-9637: ioport array overflow allowing a malicious guest administrator can escalate their privilege to that of the host bsc1011652. - CVE-2016-9386: x86 null segments were not always treated as...