CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/05/27 11:16 a.m.•7 views

CVE-2026-42739

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in IniLerm Advanced IP Blocker advanced-ip-blocker allows DOM-Based XSS.This issue affects Advanced IP Blocker: from n/a through = 8.10.7...

7.1CVSS0.00036EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•2 views

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: mlxsw: corelinecards: Fixed double memory deallocation in case of an invalid INI file. In the case of an invalid INI file, mlxswlinecardtypesinit deallocates memory, but does not reset the pointer to NULL and returns 0. If any...

7.8CVSS5.9AI score0.00016EPSS

Vulnrichment•added 2026/05/11 3:44 p.m.•10 views

CVE-2026-42845 Grav: Anonymous Page Content Overwrite via Form File Upload filename Override

The form plugin for Grav adds the ability to create and use forms. Prior to 9.1.0 , there is an unauthenticated page-content overwrite via file upload GHSA-w4rc-p66m-x6qq. Public form uploads now strip path components from the POST-supplied filename and hard-block page-content extensions md, yaml...

8.7CVSS5.8AI score0.00018EPSS

OSV•added 2026/05/10 6:16 a.m.•4 views

UBUNTU-CVE-2026-6104

In PHP versions 8.4. before 8.4.21 and 8.5. before 8.5.6, when an encoding name containing an embedded NUL byte is passed to mbconvertencoding or related mbstring functions, the code incorrectly assumes that when strncasecmp returns 0 it means the strings have the same length. This can lead to...

9.1CVSS5.9AI score0.00026EPSS

Exploits0References4

SUSE CVE•added 2026/05/09 2:43 a.m.•4 views

SUSE CVE-2026-41570

PHPUnit is a testing framework for PHP. In versions 12.5.21 and 13.1.5, PHPUnit forwards PHP INI settings to child processes used for isolated/PHPT test execution as -d name=value command-line arguments without neutralizing INI metacharacters. Because PHP's INI parser interprets " as a string...

RedhatCVE•added 2026/05/09 2:21 a.m.•4 views

Exploits0References3

CVE-2025-63703

npm package parse-ini v1.0.6 is vulnerable to Prototype Pollution in index.js...

9.8CVSS5.8AI score0.00021EPSS

Tenable Nessus•added 2026/05/09 12:0 a.m.•9 views

Linux Distros Unpatched Vulnerability : CVE-2026-41570

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PHPUnit is a testing framework for PHP. In versions 12.5.21 and 13.1.5, PHPUnit forwards PHP INI settings to child processes used for isolated/PHPT test executi...

OSV•added 2026/05/08 3:16 p.m.•3 views

DEBIAN-CVE-2026-41570

UbuntuCve•added 2026/05/08 3:16 p.m.•4 views

CVE-2026-41570

7.8CVSS5.8AI score0.00075EPSS

Exploits0References3

OSV•added 2026/05/08 3:16 p.m.•3 views

UBUNTU-CVE-2026-41570

ATTACKERKB•added 2026/05/08 2:33 p.m.•5 views

Exploits0References4

CVE-2026-41570

Debian CVE•added 2026/05/08 2:33 p.m.•5 views

Exploits0References3

CVE-2026-41570

CVE•added 2026/05/08 2:33 p.m.•12 views

Exploits0

CVE-2026-41570

PHPUnit versions 12.5.21 and 13.1.5 forward PHP INI settings to child processes as -d name=value without neutralizing metacharacters, allowing newline-based directive injection. This can lead to remote code execution via auto_prepend_file in the child process. Patches are available in PHPUnit 12....

Exploits0References2Affected Software1

Vulnrichment•added 2026/05/08 2:33 p.m.•6 views

CVE-2026-41570 PHPUnit: Argument injection via newline in PHP INI values forwarded to child processes

Cvelist•added 2026/05/08 2:33 p.m.•26 views

CVE-2026-41570 PHPUnit: Argument injection via newline in PHP INI values forwarded to child processes

7.8CVSS0.00075EPSS

EUVD•added 2026/05/08 2:33 p.m.•5 views

EUVD-2026-28649

vulnersOsv•added 2026/05/07 6:30 p.m.•3 views

artemproject2 (>=1.2.1 <=1.8.8) potentially affected by CVE-2025-63703 via parse-ini (=1.0.6)

parse-ini NPM version =1.0.6 is affected by a known vulnerability. The following packages have a transitive dependency on parse-ini and may be impacted: - artemproject2 =1.2.1, =1.8.8 Source cves: CVE-2025-63703 Source advisory: OSV:GHSA-X72J-HV9F-QQH4...

9.8CVSS5.8AI score0.00021EPSS

Exploits0

Github Security Blog•added 2026/05/07 6:30 p.m.•6 views

parse-ini is vulnerable to Prototype Pollution in index.js()

npm package parse-ini v1.0.6 is vulnerable to Prototype Pollution in index.js...

9.8CVSS5.8AI score0.00021EPSS

Exploits0References4Affected Software1

Snyk•added 2026/05/07 6:30 p.m.•5 views

Prototype Pollution

Overview parse-ini is a Parse ini file to get the content and variables of the ini file as node object. Affected versions of this package are vulnerable to Prototype Pollution via the index.js file. An attacker can manipulate object properties and potentially execute arbitrary code or alter...

9.8CVSS6.5AI score0.00021EPSS