Lucene search
+L

813 matches found

Broadcom
Broadcom
added 2026/03/03 12:0 a.m.20 views

AIDE Vulnerable to Improper Output Neutralization via Terminal Escape Sequences in Log and Report Output

AIDE is an advanced intrusion detection environment. Prior to version 0.19.2, there is an improper output neutralization vulnerability in AIDE. An attacker can craft a malicious filename by including terminal escape sequences to hide the addition or removal of the file from the report and/or tamp...

6.2CVSS5.9AI score0.00225EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/27 11:36 a.m.10 views

Security Bulletin: IBM Edge Data Collector uses tracing-subscriber-0.3.19.crate which is vulnerable to CVE-2025-58160.

Summary IBM Edge Data Collector uses tracing-subscriber-0.3.19.crate which is vulnerable to CVE-2025-58160. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-58160 DESCRIPTION: tracing is a framework for instrumenting Rust programs to collect...

2.3CVSS5.9AI score0.00303EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/02/27 12:0 a.m.14 views

Linux Distros Unpatched Vulnerability : CVE-2026-27587

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, Caddy's HTTP path request matcher is intended to be case-insensitive,...

9.1CVSS6AI score0.0037EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2026/02/16 6:57 p.m.4 views

org.apache.tomcat/tomcat-juli: tomcat: Apache Tomcat: console manipulation

An improper input neutralization flaw has been discovered in Apache Tomcat. Tomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a...

9.6CVSS6.9AI score0.09917EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/02/16 6:55 p.m.5 views

org.apache.tomcat/tomcat-juli: tomcat: Apache Tomcat: console manipulation

An improper input neutralization flaw has been discovered in Apache Tomcat. Tomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a...

9.6CVSS6.9AI score0.09917EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/02/14 12:23 a.m.6 views

SUSE CVE-2026-25996

Inspektor Gadget is a set of tools and framework for data collection and system inspection on Kubernetes clusters and Linux hosts using eBPF. String fields from eBPF events in columns output mode are rendered to the terminal without any sanitization of control characters or ANSI escape sequences...

9.8CVSS5.6AI score0.0056EPSS
Exploits1References3
NVD
NVD
added 2026/02/12 9:16 p.m.8 views

CVE-2026-25996

Inspektor Gadget is a set of tools and framework for data collection and system inspection on Kubernetes clusters and Linux hosts using eBPF. String fields from eBPF events in columns output mode are rendered to the terminal without any sanitization of control characters or ANSI escape sequences...

9.8CVSS0.0056EPSS
Exploits1References3
Snyk
Snyk
added 2026/02/12 8:56 p.m.3 views

Improper Neutralization

Overview Affected versions of this package are vulnerable to Improper Neutralization via the columns output mode, which renders string fields from eBPF events to the terminal without sanitizing control characters or ANSI escape sequences. An attacker can manipulate terminal behavior or display by...

9.8CVSS5.6AI score0.0056EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/02/12 8:6 p.m.5 views

CVE-2026-25996 Inspektor Gadget uses unsanitized ANSI Escape Sequences In `columns` Output Mode

Inspektor Gadget is a set of tools and framework for data collection and system inspection on Kubernetes clusters and Linux hosts using eBPF. String fields from eBPF events in columns output mode are rendered to the terminal without any sanitization of control characters or ANSI escape sequences...

6.9CVSS5.6AI score0.0056EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/02/12 8:6 p.m.32 views

CVE-2026-25996 Inspektor Gadget uses unsanitized ANSI Escape Sequences In `columns` Output Mode

Inspektor Gadget is a set of tools and framework for data collection and system inspection on Kubernetes clusters and Linux hosts using eBPF. String fields from eBPF events in columns output mode are rendered to the terminal without any sanitization of control characters or ANSI escape sequences...

6.9CVSS0.0056EPSS
Exploits1References3
OSV
OSV
added 2026/02/12 8:6 p.m.9 views

CVE-2026-25996 Inspektor Gadget uses unsanitized ANSI Escape Sequences In `columns` Output Mode

Inspektor Gadget is a set of tools and framework for data collection and system inspection on Kubernetes clusters and Linux hosts using eBPF. String fields from eBPF events in columns output mode are rendered to the terminal without any sanitization of control characters or ANSI escape sequences...

6.9CVSS5.6AI score0.0056EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/02/12 12:0 a.m.11 views

PT-2026-7900

Name of the Vulnerable Software and Affected Versions Inspektor Gadget affected versions not specified Description Inspektor Gadget has an issue where string fields from eBPF events in columns output mode are not sanitized, potentially allowing maliciously crafted event payloads from observed...

9.8CVSS5.7AI score0.0056EPSS
Exploits1References11
Tenable Nessus
Tenable Nessus
added 2026/02/11 12:0 a.m.5 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: busybox (UTSA-2026-005333)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005333 advisory. In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences. Tenable has extracted the...

3.3CVSS5.6AI score0.00158EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/24 3:17 a.m.11 views

CVE-2026-21521

Improper neutralization of escape, meta, or control sequences in Copilot allows an unauthorized attacker to disclose information over a network...

7.4CVSS5.3AI score0.00503EPSS
Exploits0References1
NVD
NVD
added 2026/01/22 11:15 p.m.8 views

CVE-2026-21521

Improper neutralization of escape, meta, or control sequences in Copilot allows an unauthorized attacker to disclose information over a network...

7.4CVSS0.00503EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/22 10:47 p.m.5 views

CVE-2026-21521

Improper neutralization of escape, meta, or control sequences in Copilot allows an unauthorized attacker to disclose information over a network...

7.4CVSS5.4AI score0.00503EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/22 12:0 a.m.13 views

PT-2026-4308

Name of the Vulnerable Software and Affected Versions Copilot affected versions not specified Description An issue exists in Copilot where improper neutralization of escape, meta, or control sequences can allow an unauthorized attacker to disclose information over a network. The issue involves th...

7.4CVSS5.3AI score0.00503EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.10 views

Azure Linux 3.0 Security Update: util-linux (CVE-2024-28085)

The version of util-linux installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-28085 advisory. - wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to...

3.3CVSS5.5AI score0.02242EPSS
Exploits3References2
OSV
OSV
added 2026/01/19 11:17 a.m.11 views

CLSA-2026-1768821437 pki-servlet-engine: Fix of 2 CVEs

CVE-2025-31651: fix improper neutralization of escape, meta, or control sequences - CVE-2025-55752: fix relative path traversal vulnerability...

9.8CVSS7.2AI score0.66535EPSS
Exploits5References1
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.3 views

EulerOS 2.0 SP10 : busybox (EulerOS-SA-2026-1021)

According to the versions of the busybox package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences.CVE-2025-463...

3.3CVSS5.6AI score0.00252EPSS
Exploits0References3
Rows per page
Query Builder