Lucene search
K

714 matches found

Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.11 views

PT-2026-38452

Name of the Vulnerable Software and Affected Versions parse-ini version 1.0.6 Description The npm package is subject to Prototype Pollution within the index.js function. Prototype Pollution occurs when an attacker can manipulate the prototype of an object, potentially leading to altered applicati...

9.8CVSS5.8AI score0.00416EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/07 12:0 a.m.7 views

CVE-2025-63703

npm package parse-ini v1.0.6 is vulnerable to Prototype Pollution in index.js...

5.8AI score0.00416EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/05 8:21 p.m.7 views

CVE-2026-42238

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, nginx-ui exposes a backup restore endpoint POST /api/restore that is completely unauthenticated during the first 10 minutes after process startup on any fresh installation. An unauthenticated remote attacker can...

9.8CVSS5.9AI score0.00764EPSS
Exploits1References1
NVD
NVD
added 2026/05/05 8:16 p.m.7 views

CVE-2026-34458

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, an INI injection vulnerability allows any standard local user to bypass configuration restrictions EditAdminOnly and ConfigPassword and inject arbitrary directives into the global...

9.3CVSS0.00251EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/05/05 7:24 p.m.29 views

CVE-2026-34458 Sandboxie-Plus privilege escalation via INI CRLF injection bypassing EditAdminOnly

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, an INI injection vulnerability allows any standard local user to bypass configuration restrictions EditAdminOnly and ConfigPassword and inject arbitrary directives into the global...

9.3CVSS0.00251EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/05/05 7:24 p.m.4 views

CVE-2026-34458

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, an INI injection vulnerability allows any standard local user to bypass configuration restrictions EditAdminOnly and ConfigPassword and inject arbitrary directives into the global...

9.3CVSS5.9AI score0.00251EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/05/05 7:24 p.m.10 views

EUVD-2026-27456

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, an INI injection vulnerability allows any standard local user to bypass configuration restrictions EditAdminOnly and ConfigPassword and inject arbitrary directives into the global...

9.3CVSS5.9AI score0.00251EPSS
Exploits1References2
CVE
CVE
added 2026/05/05 7:24 p.m.19 views

CVE-2026-34458

Sandbo xie-Plus (Windows) vulnerability CVE-2026-34458 affects versions 1.17.2 and earlier. The root cause is an INI CRLF injection in Sandboxie.ini via MSGID_SBIE_INI_ADD_SETTING and MSGID_SBIE_INI_SET_SETTING, allowing a standard local user to bypass EditAdminOnly/ConfigPassword and inject a ne...

9.3CVSS5.9AI score0.00251EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/05 7:24 p.m.10 views

CVE-2026-34458 Sandboxie-Plus privilege escalation via INI CRLF injection bypassing EditAdminOnly

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, an INI injection vulnerability allows any standard local user to bypass configuration restrictions EditAdminOnly and ConfigPassword and inject arbitrary directives into the global...

9.3CVSS5.9AI score0.00251EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.10 views

PT-2026-37225

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, an INI injection vulnerability allows any standard local user to bypass configuration restrictions EditAdminOnly and ConfigPassword and inject arbitrary directives into the global...

9.3CVSS5.9AI score0.00251EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.11 views

Sandboxie-Plus 注入漏洞

Sandboxie-Plus is a sandbox isolation software developed by Sandboxie-Plus Inc. Versions of Sandboxie-Plus 1.17.2 and earlier had an injection vulnerability. This vulnerability stems from an INI injection flaw that allows standard local users to bypass configuration restrictions and inject...

9.3CVSS5.9AI score0.00251EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/05/04 8:13 p.m.69 views

CVE-2026-42238 Unauthenticated Remote Code Execution via Backup Restore in nginx-ui

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, nginx-ui exposes a backup restore endpoint POST /api/restore that is completely unauthenticated during the first 10 minutes after process startup on any fresh installation. An unauthenticated remote attacker can...

9CVSS0.00764EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/05/04 8:13 p.m.3 views

CVE-2026-42238 Unauthenticated Remote Code Execution via Backup Restore in nginx-ui

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, nginx-ui exposes a backup restore endpoint POST /api/restore that is completely unauthenticated during the first 10 minutes after process startup on any fresh installation. An unauthenticated remote attacker can...

9CVSS5.9AI score0.00764EPSS
Exploits1References2
OSV
OSV
added 2026/04/22 2:56 p.m.4 views

GHSA-MH6W-VXFF-9WQP PHPUnit: Argument injection via newline in PHP INI values forwarded to child processes

Impact PHPUnit forwards PHP INI settings to child processes used for isolated/PHPT test execution as -d name=value command-line arguments without neutralizing INI metacharacters. Because PHP's INI parser interprets " as a string delimiter, ; as the start of a comment, and most importantly a newli...

7.8CVSS6.2AI score
Exploits0References5
Snyk
Snyk
added 2026/04/22 2:56 p.m.6 views

CRLF Injection

Overview Affected versions of this package are vulnerable to CRLF Injection via the settingsToParameters process. An attacker can execute arbitrary code and alter the configuration of child processes by injecting newline characters into PHP INI values that are forwarded to child processes. This...

8.5CVSS6.3AI score0.00191EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/22 2:56 p.m.7 views

PHPUnit: Argument injection via newline in PHP INI values forwarded to child processes

Impact PHPUnit forwards PHP INI settings to child processes used for isolated/PHPT test execution as -d name=value command-line arguments without neutralizing INI metacharacters. Because PHP's INI parser interprets " as a string delimiter, ; as the start of a comment, and most importantly a newli...

7.8CVSS6.2AI score0.00343EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/04/18 12:59 a.m.4 views

GHSA-QRR6-MG7R-M243 PHPUnit has Argument injection via newline in PHP INI values that are forwarded to child processes

Impact PHPUnit forwards PHP INI settings to child processes used for isolated/PHPT test execution as -d name=value command-line arguments without neutralizing INI metacharacters. Because PHP's INI parser interprets " as a string delimiter, ; as the start of a comment, and most importantly a newli...

7.8CVSS6.6AI score0.00191EPSS
Exploits0References5
Snyk
Snyk
added 2026/04/18 12:59 a.m.5 views

CRLF Injection

Overview Affected versions of this package are vulnerable to CRLF Injection via the settingsToParameters process. An attacker can execute arbitrary code and alter configuration by injecting newline characters into PHP INI values that are forwarded to child processes. This is only exploitable if t...

8.5CVSS6.3AI score0.00191EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/18 12:59 a.m.14 views

PHPUnit has Argument injection via newline in PHP INI values that are forwarded to child processes

Impact PHPUnit forwards PHP INI settings to child processes used for isolated/PHPT test execution as -d name=value command-line arguments without neutralizing INI metacharacters. Because PHP's INI parser interprets " as a string delimiter, ; as the start of a comment, and most importantly a newli...

7.8CVSS6.6AI score0.00191EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/04/17 7:58 p.m.15 views

CVE-2026-32624

CVE-2026-32624 affects xrdp (open source RDP server) up to version 0.10.5. A heap-based buffer overflow can occur in logon processing when domain_user_separator is configured in xrdp.ini, allowing an unauthenticated remote attacker to send a crafted, excessively long username and domain name to o...

6.5CVSS6AI score0.00408EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder