Lucene search
K

28 matches found

NVD
NVD
added 2026/07/01 10:16 p.m.6 views

CVE-2026-54704

OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. In versions prior to 2.28.0, the JDBC auto-instrumentation may fail to sanitize passwords in SQL CONNECT statements when the password is double-quoted. As a result, clear-text...

6.5CVSS0.00224EPSS
Exploits0References1
OSV
OSV
added 2026/07/01 9:15 p.m.4 views

CVE-2026-54704 OpenTelemetry Java Instrumentation: JDBC Auto-Instrumentation Logging Clear-Text Passwords

OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. In versions prior to 2.28.0, the JDBC auto-instrumentation may fail to sanitize passwords in SQL CONNECT statements when the password is double-quoted. As a result, clear-text...

6.5CVSS5.9AI score0.00224EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/01 9:15 p.m.6 views

CVE-2026-54704

OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. In versions prior to 2.28.0, the JDBC auto-instrumentation may fail to sanitize passwords in SQL CONNECT statements when the password is double-quoted. As a result, clear-text...

6.5CVSS5.7AI score0.00224EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/07/01 9:15 p.m.13 views

CVE-2026-54704

OpenTelemetry Java Instrumentation contains a vulnerability in JDBC auto-instrumentation prior to version 2.28.0 where passwords in SQL CONNECT statements may not be sanitized if the password is double-quoted. This can cause clear-text database passwords to be added to trace spans and exported to...

6.5CVSS5.7AI score0.00224EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.10 views

PT-2026-54844

Name of the Vulnerable Software and Affected Versions OpenTelemetry Java Instrumentation versions prior to 2.28.0 Description The JDBC auto-instrumentation fails to sanitize passwords in SQL CONNECT statements when the password is enclosed in double quotes. This leads to clear-text database...

6.5CVSS6AI score0.00224EPSS
Exploits0References4
CVE
CVE
added 2026/05/08 10:55 p.m.15 views

CVE-2026-42453

Termix is affected by a command injection in the file-manager.ts endpoints extractArchive and compressFiles due to the use of double-quoted strings for shell construction, enabling $(command) substitution on the remote SSH host. This vulnerability (CVE-2026-42453) can lead to arbitrary command ex...

8.7CVSS5.8AI score0.01207EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.7 views

PT-2026-29670

Summary The sanitization pipeline for FAQ content is: 1. Filter::filterVar$input, FILTER SANITIZE SPECIAL CHARS — encodes , ", ', & to HTML entities 2. html entity decode$input, ENT QUOTES | ENT HTML5 — decodes entities back to characters 3. Filter::removeAttributes$input — removes dangerous HTML...

6.1CVSS5.9AI score0.00241EPSS
Exploits1References5
OSV
OSV
added 2026/03/05 9:59 p.m.3 views

CVE-2026-28470 OpenClaw < 2026.2.2 - Exec Allowlist Bypass via Command Substitution in Double Quotes

OpenClaw versions prior to 2026.2.2 contain an exec approvals must be enabled allowlist bypass vulnerability that allows attackers to execute arbitrary commands by injecting command substitution syntax. Attackers can bypass the allowlist protection by embedding unescaped $ or backticks inside...

9.2CVSS6.2AI score0.00476EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/05 9:59 p.m.4 views

CVE-2026-28470

OpenClaw versions prior to 2026.2.2 contain an exec approvals must be enabled allowlist bypass vulnerability that allows attackers to execute arbitrary commands by injecting command substitution syntax. Attackers can bypass the allowlist protection by embedding unescaped $ or backticks inside...

9.8CVSS6.2AI score0.00476EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/17 12:0 a.m.11 views

PT-2026-23545

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.2 Description The software contains a flaw in its exec approvals allowlist, which can be bypassed when command substitution syntax is used. Specifically, attackers can execute arbitrary commands by injecting...

9.8CVSS6AI score0.00476EPSS
Exploits0References11
Packet Storm
Packet Storm
added 2026/01/07 12:0 a.m.131 views

📄 mrrb.bg Cross Site Scripting

The site at mrrb.bg suffers from a cross site scripting issue. The researcher has waited over a year after reporting this to make public, so hopefully this will encourage them to fix it. Titles: mrrb.bg-APP - XSS-Reflected Author: nu11secur1ty Date: 01/06/2026 Vendor: mrrb.bg Software: mrrb.bg...

6.4AI score
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-3243

Malicious code in bioql PyPI...

9.8CVSS7.8AI score0.06543EPSS
Exploits0References17
OSV
OSV
added 2024/04/11 11:2 p.m.10 views

USN-6730-1 maven-shared-utils vulnerability

It was discovered that Apache Maven Shared Utils did not handle double-quoted strings properly, allowing shell injection attacks. This could allow an attacker to run arbitrary code...

9.8CVSS7.3AI score0.04031EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 3:58 a.m.7 views

SUSE CVE-2020-13625

PHPMailer before 6.1.6 contains an output escaping bug when the name of a file attachment contains a double quote character. This can result in the file type being misinterpreted by the receiver or any mail relay processing the message...

7.5CVSS6.9AI score0.0378EPSS
Exploits1References5
Veracode
Veracode
added 2022/05/24 6:21 a.m.35 views

OS Command Injection

maven-shared-utils is vulnerable to OS command injection. The vulnerability exists due to the use of double-quoted strings without proper escaping which allows an attacker to execute shell commands...

9.8CVSS9.5AI score0.04031EPSS
Exploits0References8Affected Software2
OSV
OSV
added 2022/05/13 1:11 a.m.1 views

GHSA-8VHQ-QQ4P-GRQ3 OS Command Injection in Plexus-utils

Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings...

9.8CVSS6.9AI score0.06543EPSS
Exploits0References17
CNVD
CNVD
added 2022/04/28 12:0 a.m.40 views

Apache Maven Command Injection Vulnerability

Apache Maven is an application from the Apache USA Foundation. A software project management and understanding tool. Apache Maven Shared Utils suffers from a command injection vulnerability that stems from improper input validation when handling double-quoted strings. A remote attacker could...

9.8CVSS9.9AI score0.04031EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/04/26 12:0 a.m.5 views

Apache Maven 命令注入漏洞

Apache Maven is an application from the Apache USA Foundation. A software project management and understanding tool. Apache Maven Shared Utils suffers from a command injection vulnerability that stems from improper input validation when handling double-quoted strings. A remote attacker could...

9.8CVSS6.3AI score0.04031EPSS
Exploits0References35
OSV
OSV
added 2021/12/26 3:15 p.m.5 views

CVE-2021-44598

Attendance Management System 1.0 is affected by a Cross Site Scripting XSS vulnerability. The value of the FirstRecord request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The attacker can access the system, by using the XSS-reflecte...

6.1CVSS5.8AI score0.00716EPSS
Exploits1References1
Veracode
Veracode
added 2020/10/15 4:21 a.m.11 views

OS Command Injection

maven-shared-utils is vulnerable to OS command injection. An attacker is able to inject and execute arbitrary OS commands on the host OS via the Commandline class due to insecure validation and escaping of double-quoted strings...

3.9AI score
Exploits0
Rows per page
Query Builder