CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

52 matches found

EUVD-2026-37792

When NGINX Plus or NGINX Open Source is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from the NginxProxy Custom Resource Definition CRD access log format...

8.6CVSS5.6AI score0.00492EPSS

Exploits0References1

Positive Technologies•added 2026/06/17 12:0 a.m.•14 views

PT-2026-50537

Name of the Vulnerable Software and Affected Versions NGINX Gateway Fabric affected versions not specified Description An injection issue exists in the NGINX configuration generator component of NGINX Gateway Fabric when NGINX Plus or NGINX Open Source is used as the data plane. User-supplied...

8.6CVSS5.4AI score0.00492EPSS

Exploits0References9

RedhatCVE•added 2026/06/05 7:21 p.m.•7 views

CVE-2026-41570

PHPUnit is a testing framework for PHP. In versions 12.5.21 and 13.1.5, PHPUnit forwards PHP INI settings to child processes used for isolated/PHPT test execution as -d name=value command-line arguments without neutralizing INI metacharacters. Because PHP's INI parser interprets " as a string...

7.8CVSS6.3AI score0.00191EPSS

Exploits0References1

PyPA•added 2026/05/27 6:16 p.m.•8 views

PYSEC-0000-CVE-2026-44345

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.39, src/bentoml/internal/container/frontend/dockerfile/templates/basev2.j2 interpolates docker.baseimage raw with no escaping, newline filtering, or validation. A malicious...

8.8CVSS5.9AI score0.00317EPSS

Exploits1References1Affected Software1

Positive Technologies•added 2026/05/27 12:0 a.m.•9 views

PT-2026-45979

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.39, src/bentoml/ internal/container/frontend/dockerfile/templates/base v2.j2 interpolates docker.base image raw with no escaping, newline filtering, or validation. A malicious...

8.8CVSS6AI score

Exploits0References2

NVD•added 2026/05/08 3:16 p.m.•44 views

CVE-2026-41570

7.8CVSS0.00191EPSS

Exploits0References2

OSV•added 2026/05/08 3:16 p.m.•4 views

DEBIAN-CVE-2026-41570

7.8CVSS6.6AI score0.00191EPSS

Exploits0References1

Vulnrichment•added 2026/05/08 2:33 p.m.•9 views

CVE-2026-41570 PHPUnit: Argument injection via newline in PHP INI values forwarded to child processes

7.8CVSS6.5AI score0.00191EPSS

Exploits0References2

Cvelist•added 2026/05/08 2:33 p.m.•62 views

CVE-2026-41570 PHPUnit: Argument injection via newline in PHP INI values forwarded to child processes

7.8CVSS0.00191EPSS

Exploits0References2

CVE•added 2026/05/08 2:33 p.m.•23 views

CVE-2026-41570

PHPUnit versions 12.5.21 and 13.1.5 forward PHP INI settings to child processes as -d name=value without neutralizing metacharacters, allowing newline-based directive injection. This can lead to remote code execution via auto_prepend_file in the child process. Patches are available in PHPUnit 12....

7.8CVSS6.6AI score0.00191EPSS

Exploits0References2Affected Software1

ATTACKERKB•added 2026/05/08 2:33 p.m.•6 views

CVE-2026-41570

7.8CVSS6.6AI score0.00191EPSS

Exploits0References3

Debian CVE•added 2026/05/08 2:33 p.m.•7 views

CVE-2026-41570

7.8CVSS6.5AI score0.00191EPSS

Exploits0

Positive Technologies•added 2026/05/05 12:0 a.m.•10 views

PT-2026-37240

Name of the Vulnerable Software and Affected Versions Pi-hole FTL versions prior to 6.6.1 Description The dns.interface configuration field in Pi-hole FTL accepts newline characters without validation, which allows an attacker to inject arbitrary directives into the generated dnsmasq configuratio...

8.8CVSS6AI score0.00956EPSS

Exploits1References9

Packet Storm News•added 2026/04/29 12:0 a.m.•4 views

FreeBSD Security Advisory - FreeBSD-SA-26:12.dhclient

FreeBSD Security Advisory - The BOOTP file field is written to the lease file without escaping embedded double-quotes, allowing injection of arbitrary dhclient.conf directives. When the lease file is subsequently re-parsed by dhclient, e.g., after a system restart, an attacker-controlled field fr...

7.3CVSS5.5AI score0.00431EPSS

Exploits0

Github Security Blog•added 2026/04/22 2:56 p.m.•5 views

PHPUnit: Argument injection via newline in PHP INI values forwarded to child processes

Impact PHPUnit forwards PHP INI settings to child processes used for isolated/PHPT test execution as -d name=value command-line arguments without neutralizing INI metacharacters. Because PHP's INI parser interprets " as a string delimiter, ; as the start of a comment, and most importantly a newli...

7.8CVSS6.2AI score0.00343EPSS

Exploits0References5Affected Software1

OSV•added 2026/04/22 2:56 p.m.•3 views

GHSA-MH6W-VXFF-9WQP PHPUnit: Argument injection via newline in PHP INI values forwarded to child processes

7.8CVSS6.2AI score

Exploits0References5

Github Security Blog•added 2026/04/18 12:59 a.m.•10 views

PHPUnit has Argument injection via newline in PHP INI values that are forwarded to child processes

7.8CVSS6.6AI score0.00191EPSS

Exploits0References5Affected Software1

OSV•added 2026/04/18 12:59 a.m.•3 views

GHSA-QRR6-MG7R-M243 PHPUnit has Argument injection via newline in PHP INI values that are forwarded to child processes