54654 matches found
SUSE-SU-2026:0982-1 Security update for util-linux
This update for util-linux fixes the following issues: - CVE-2026-3184: Fix full hostname usage for PAM to ensure correct access control for 'login -h' bsc1258859...
cpython: email header injection due to unquoted newlines
A flaw was found in the email module in the Python standard library. When serializing an email message, the BytesGenerator class fails to properly quote newline characters for email headers. This issue is exploitable when the LiteralHeader class is used as it does not respect email folding rules,...
cpython: IMAP command injection in user-controlled commands
A flaw was found in the imaplib module in the Python standard library. The imaplib module does not reject control characters, such as newlines, in user-controlled input passed to IMAP commands. This issue allows an attacker to inject additional commands to be executed in the IMAP server...
USN-8095-4: Linux kernel (AWS) vulnerabilities
Qualys discovered that several vulnerabilities existed in the AppArmor Linux kernel Security Module LSM. An unprivileged local attacker could use these issues to load, replace, and remove arbitrary AppArmor profiles causing denial of service, exposure of sensitive information kernel memory, local...
CVE-2026-32968
Due to the improper neutralisation of special elements used in an OS command, an unauthenticated remote attacker can exploit an RCE vulnerability in the commb24sysapi module, resulting in full system compromise. This vulnerability is a variant attack for CVE-2020-10383...
CVE-2026-32968
Due to the improper neutralisation of special elements used in an OS command, an unauthenticated remote attacker can exploit an RCE vulnerability in the commb24sysapi module, resulting in full system compromise. This vulnerability is a variant attack for CVE-2020-10383...
CVE-2026-32968 Unauthenticated RCE in com_mb24sysapi
Due to the improper neutralisation of special elements used in an OS command, an unauthenticated remote attacker can exploit an RCE vulnerability in the commb24sysapi module, resulting in full system compromise. This vulnerability is a variant attack for CVE-2020-10383...
cpython: POP3 command injection in user-controlled commands
A flaw was found in the poplib module in the Python standard library. The poplib module does not reject control characters, such as newlines, in user-controlled input passed to POP3 commands. This issue allows an attacker to inject additional commands to be executed in the POP3 server...
cpython: email header injection due to unquoted newlines
A flaw was found in the email module in the Python standard library. When serializing an email message, the BytesGenerator class fails to properly quote newline characters for email headers. This issue is exploitable when the LiteralHeader class is used as it does not respect email folding rules,...
cpython: POP3 command injection in user-controlled commands
A flaw was found in the poplib module in the Python standard library. The poplib module does not reject control characters, such as newlines, in user-controlled input passed to POP3 commands. This issue allows an attacker to inject additional commands to be executed in the POP3 server...
cpython: POP3 command injection in user-controlled commands
A flaw was found in the poplib module in the Python standard library. The poplib module does not reject control characters, such as newlines, in user-controlled input passed to POP3 commands. This issue allows an attacker to inject additional commands to be executed in the POP3 server...
grub2: Missing unregister call for gettext command may lead to use-after-free
A Use-After-Free vulnerability has been discovered in GRUB's gettext module. This flaw stems from a programming error where the gettext command remains registered in memory after its module is unloaded. An attacker can exploit this condition by invoking the orphaned command, causing the applicati...
cpython: email header injection due to unquoted newlines
A flaw was found in the email module in the Python standard library. When serializing an email message, the BytesGenerator class fails to properly quote newline characters for email headers. This issue is exploitable when the LiteralHeader class is used as it does not respect email folding rules,...
cpython: email header injection due to unquoted newlines
A flaw was found in the email module in the Python standard library. When serializing an email message, the BytesGenerator class fails to properly quote newline characters for email headers. This issue is exploitable when the LiteralHeader class is used as it does not respect email folding rules,...
cpython: POP3 command injection in user-controlled commands
A flaw was found in the poplib module in the Python standard library. The poplib module does not reject control characters, such as newlines, in user-controlled input passed to POP3 commands. This issue allows an attacker to inject additional commands to be executed in the POP3 server...
PT-2026-27108
Due to the improper neutralisation of special elements used in an OS command, an unauthenticated remote attacker can exploit an RCE vulnerability in the com mb24sysapi module, resulting in full system compromise. This vulnerability is a variant attack for CVE-2020-10383...
📄 AVideo Command Injection
The Metasploit exploit module targets a command injection vulnerability in AVideo. This module exploits a base64-encoded command injection flaw in AVideo Encoder's image processing endpoint, turning a simple URL parameter into remote code execution with multiple payload strategies. Versions prior...
PT-2026-27247
A vulnerability has been found in itsourcecode Free Hotel Reservation System 1.0. This affects an unknown part of the file /hotel/admin/mod users/index.php?view=edit&id=8 of the component Parameter Handler. The manipulation of the argument account id leads to sql injection. Remote exploitation of...
itsourcecode Free Hotel Reservation System SQL注入漏洞
itsourcecode Free Hotel Reservation System is an open-source hotel reservation system developed by itsourcecode. Version 1.0 of the system has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter accountid in the file /hotel/admin/modusers/index.php,...
ROS-20260323-73-0029
A vulnerability in the ksmbd module of the Linux kernel is related to pointer dereferencing errors. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...