Lucene search
K

718 matches found

Tenable Nessus
Tenable Nessus
added 2026/05/09 12:0 a.m.16 views

Linux Distros Unpatched Vulnerability : CVE-2026-41570

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PHPUnit is a testing framework for PHP. In versions 12.5.21 and 13.1.5, PHPUnit forwards PHP INI settings to child processes used for isolated/PHPT test executi...

7.8CVSS6.6AI score0.00191EPSS
Exploits0References2
OSV
OSV
added 2026/05/08 3:16 p.m.5 views

DEBIAN-CVE-2026-41570

PHPUnit is a testing framework for PHP. In versions 12.5.21 and 13.1.5, PHPUnit forwards PHP INI settings to child processes used for isolated/PHPT test execution as -d name=value command-line arguments without neutralizing INI metacharacters. Because PHP's INI parser interprets " as a string...

7.8CVSS6.6AI score0.00191EPSS
Exploits0References1
OSV
OSV
added 2026/05/08 3:16 p.m.11 views

UBUNTU-CVE-2026-41570

PHPUnit is a testing framework for PHP. In versions 12.5.21 and 13.1.5, PHPUnit forwards PHP INI settings to child processes used for isolated/PHPT test execution as -d name=value command-line arguments without neutralizing INI metacharacters. Because PHP's INI parser interprets " as a string...

7.8CVSS6.5AI score0.00191EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/05/08 3:16 p.m.11 views

CVE-2026-41570

PHPUnit is a testing framework for PHP. In versions 12.5.21 and 13.1.5, PHPUnit forwards PHP INI settings to child processes used for isolated/PHPT test execution as -d name=value command-line arguments without neutralizing INI metacharacters. Because PHP's INI parser interprets " as a string...

7.8CVSS5.8AI score0.00191EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/08 2:33 p.m.66 views

CVE-2026-41570 PHPUnit: Argument injection via newline in PHP INI values forwarded to child processes

PHPUnit is a testing framework for PHP. In versions 12.5.21 and 13.1.5, PHPUnit forwards PHP INI settings to child processes used for isolated/PHPT test execution as -d name=value command-line arguments without neutralizing INI metacharacters. Because PHP's INI parser interprets " as a string...

7.8CVSS0.00191EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/08 2:33 p.m.34 views

EUVD-2026-28649

PHPUnit is a testing framework for PHP. In versions 12.5.21 and 13.1.5, PHPUnit forwards PHP INI settings to child processes used for isolated/PHPT test execution as -d name=value command-line arguments without neutralizing INI metacharacters. Because PHP's INI parser interprets " as a string...

7.8CVSS6.6AI score0.00191EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/08 2:33 p.m.8 views

CVE-2026-41570

PHPUnit is a testing framework for PHP. In versions 12.5.21 and 13.1.5, PHPUnit forwards PHP INI settings to child processes used for isolated/PHPT test execution as -d name=value command-line arguments without neutralizing INI metacharacters. Because PHP's INI parser interprets " as a string...

7.8CVSS6.6AI score0.00191EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/05/08 2:33 p.m.10 views

CVE-2026-41570

PHPUnit is a testing framework for PHP. In versions 12.5.21 and 13.1.5, PHPUnit forwards PHP INI settings to child processes used for isolated/PHPT test execution as -d name=value command-line arguments without neutralizing INI metacharacters. Because PHP's INI parser interprets " as a string...

7.8CVSS6.5AI score0.00191EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/05/08 2:33 p.m.13 views

CVE-2026-41570 PHPUnit: Argument injection via newline in PHP INI values forwarded to child processes

PHPUnit is a testing framework for PHP. In versions 12.5.21 and 13.1.5, PHPUnit forwards PHP INI settings to child processes used for isolated/PHPT test execution as -d name=value command-line arguments without neutralizing INI metacharacters. Because PHP's INI parser interprets " as a string...

7.8CVSS6.5AI score0.00191EPSS
Exploits0References2
CVE
CVE
added 2026/05/08 2:33 p.m.35 views

CVE-2026-41570

PHPUnit versions 12.5.21 and 13.1.5 forward PHP INI settings to child processes as -d name=value without neutralizing metacharacters, allowing newline-based directive injection. This can lead to remote code execution via auto_prepend_file in the child process. Patches are available in PHPUnit 12....

7.8CVSS6.6AI score0.00191EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/05/07 6:30 p.m.5 views

GHSA-X72J-HV9F-QQH4 parse-ini is vulnerable to Prototype Pollution in index.js()

npm package parse-ini v1.0.6 is vulnerable to Prototype Pollution in index.js...

9.8CVSS5.8AI score0.00416EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/07 6:30 p.m.12 views

EUVD-2025-209729

npm package parse-ini v1.0.6 is vulnerable to Prototype Pollution in index.js...

5.8AI score0.00416EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2026/05/07 6:30 p.m.7 views

artemproject2 (>=1.2.1 <=1.8.8) potentially affected by CVE-2025-63703 via parse-ini (=1.0.6)

parse-ini NPM version =1.0.6 is affected by a known vulnerability. The following packages have a transitive dependency on parse-ini and may be impacted: - artemproject2 =1.2.1, =1.8.8 Source cves: CVE-2025-63703 Source advisory: OSV:GHSA-X72J-HV9F-QQH4...

9.8CVSS5.8AI score0.00416EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/07 6:30 p.m.7 views

artemproject2 (>=1.2.1 <=1.8.8) potentially affected by CVE-2025-63703 via parse-ini (=1.0.6)

parse-ini NPM version =1.0.6 is affected by a known vulnerability. The following packages have a transitive dependency on parse-ini and may be impacted: - artemproject2 =1.2.1, =1.8.8 Source cves: CVE-2025-63703 Source advisory: SNYK:JS-PARSEINI-16787377...

9.8CVSS5.4AI score0.00416EPSS
Exploits0
Snyk
Snyk
added 2026/05/07 6:30 p.m.10 views

Prototype Pollution

Overview parse-ini is a Parse ini file to get the content and variables of the ini file as node object. Affected versions of this package are vulnerable to Prototype Pollution via the index.js file. An attacker can manipulate object properties and potentially execute arbitrary code or alter...

9.8CVSS6.5AI score0.00416EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/05/07 6:30 p.m.9 views

NPM: parse-ini is vulnerable to Prototype Pollution in index.js()

NPM: parse-ini is vulnerable to Prototype Pollution in index.js vulnerability discovered by ? in WordPress Npm parse-ini versions 1.0.6...

9.8CVSS5.8AI score0.00416EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/07 6:30 p.m.13 views

parse-ini is vulnerable to Prototype Pollution in index.js()

npm package parse-ini v1.0.6 is vulnerable to Prototype Pollution in index.js...

9.8CVSS5.8AI score0.00416EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/05/07 4:16 p.m.19 views

CVE-2025-63703

npm package parse-ini v1.0.6 is vulnerable to Prototype Pollution in index.js...

9.8CVSS0.00416EPSS
Exploits0References2
CVE
CVE
added 2026/05/07 12:0 a.m.18 views

CVE-2025-63703

CVE-2025-63703 affects the npm package parse-ini v1.0.6 and is a Prototype Pollution vulnerability in index.js(). The accompanying metrics indicate a CRITICAL impact (CVSS 3.1: 9.8) with NETWORK attack vector, no privileges required, no user interaction, and high impact on confidentiality, integr...

9.8CVSS5.8AI score0.00416EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.12 views

PT-2026-38452

Name of the Vulnerable Software and Affected Versions parse-ini version 1.0.6 Description The npm package is subject to Prototype Pollution within the index.js function. Prototype Pollution occurs when an attacker can manipulate the prototype of an object, potentially leading to altered applicati...

9.8CVSS5.8AI score0.00416EPSS
Exploits0References4
Rows per page
Query Builder