Lucene search
K

119 matches found

RedhatCVE
RedhatCVE
added 2026/06/24 1:56 a.m.7 views

CVE-2026-0864

A flaw was found in the Python configparser module. When writing configuration files, an attacker who controls the input value can inject unexpected keys and values. This occurs if the input contains multi-line text with carriage return characters, leading to potential configuration manipulation...

5.5CVSS5.7AI score0.00128EPSS
Exploits0References7
OSV
OSV
added 2026/06/23 6:17 p.m.2 views

DEBIAN-CVE-2026-0864

When using the "configparser" module to write configuration files containing multi-line text values with carriage return characters \r the resulting file could be injected with unexpected keys and values if the attacker controls the written value...

4.1CVSS5.8AI score0.00128EPSS
Exploits0References1
NVD
NVD
added 2026/06/23 6:17 p.m.6 views

CVE-2026-0864

When using the "configparser" module to write configuration files containing multi-line text values with carriage return characters \r the resulting file could be injected with unexpected keys and values if the attacker controls the written value...

4.1CVSS0.00128EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/23 5:42 p.m.5 views

EUVD-2026-38554

When using the "configparser" module to write configuration files containing multi-line text values with carriage return characters \r the resulting file could be injected with unexpected keys and values if the attacker controls the written value...

4.1CVSS5.8AI score0.00128EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/23 5:42 p.m.5 views

CVE-2026-0864 Configuration Injection via Carriage Return (\r) in write() method

When using the "configparser" module to write configuration files containing multi-line text values with carriage return characters \r the resulting file could be injected with unexpected keys and values if the attacker controls the written value...

4.1CVSS5.8AI score0.00128EPSS
Exploits0References7
OSV
OSV
added 2026/06/23 5:42 p.m.5 views

PSF-2026-29

When using the "configparser" module to write configuration files containing multi-line text values with carriage return characters \r the resulting file could be injected with unexpected keys and values if the attacker controls the written value...

4.1CVSS5.8AI score0.00128EPSS
Exploits0References7
CVE
CVE
added 2026/06/23 5:42 p.m.27 views

CVE-2026-0864

The CVE-2026-0864 entry concerns Python’s configparser.write() and how it handles multi-line text values containing carriage return characters. The vulnerability arises when attacker-controlled values are written, potentially allowing injection of unexpected keys and values into the resulting con...

4.1CVSS5.8AI score0.00128EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.7 views

PT-2026-51575

Name of the Vulnerable Software and Affected Versions Python affected versions not specified Description When using the configparser module to write configuration files containing multi-line text values with carriage return characters r, the resulting file could be injected with unexpected keys a...

4.1CVSS5.7AI score0.00128EPSS
Exploits0References14
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Ansible

A flaw was discovered in Ansible, where a user’s controller is vulnerable to template injection. This issue can occur when facts used in the template do not include special template characters, especially if the user attempts to embed templates within multi-line YAML strings. This flaw allows...

7.1CVSS6.9AI score0.00854EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/27 5:24 p.m.10 views

CVE-2026-44345

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.39, src/bentoml/internal/container/frontend/dockerfile/templates/basev2.j2 interpolates docker.baseimage raw with no escaping, newline filtering, or validation. A malicious...

8.8CVSS5.9AI score0.00317EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/11 2:27 p.m.11 views

BentoML Dockerfile command injection via docker.base_image (sister of pending GHSA-w2pm-x38x-jp44 / CVE-2026-33744 / CVE-2026-35043)

The same Dockerfile template that mishandles envs.name pending GHSA-w2pm-x38x-jp44 also interpolates docker.baseimage raw with no escaping, newline filtering, or validation. A malicious bento.yaml with a multi-line docker.baseimage value smuggles arbitrary Dockerfile directives into the generated...

8.8CVSS6AI score0.00317EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.15 views

PT-2026-39663

Name of the Vulnerable Software and Affected Versions BentoML versions prior to 1.4.39 Description BentoML is a Python library used for building online serving systems optimized for AI applications and model inference. The issue occurs because the template src/bentoml/...

8.8CVSS5.9AI score0.00317EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.6 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: ansible (UTSA-2026-017461)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017461 advisory. A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is...

7.1CVSS6.9AI score0.00854EPSS
Exploits0References4
OSV
OSV
added 2026/05/07 3:46 a.m.3 views

GHSA-C67R-GC9J-2QF7 Bandit is vulnerable to CL.CL request smuggling via unrejected duplicate `Content-Length` header

Summary Bandit is vulnerable to CL.CL HTTP request smuggling: it silently accepts requests with two Content-Length headers whose values differ, takes the first value, and dispatches the body bytes as a second pipelined request on the same keep-alive connection. RFC 9110 §5.3 prohibits multiple...

6.3CVSS5.9AI score0.00518EPSS
Exploits0References6
OSV
OSV
added 2026/04/08 4:1 p.m.6 views

JLSEC-2026-61

An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation...

8.8CVSS6.9AI score0.04271EPSS
Exploits0References18
CNNVD
CNNVD
added 2026/03/24 12:0 a.m.7 views

Zabbix 安全漏洞

Zabbix is an open-source monitoring system developed by Zabbix Inc. This system supports network monitoring, server monitoring, cloud monitoring, and application monitoring. Zabbix has security vulnerabilities, which stem from improper regular expression validation in multi-line modes. This could...

7.7CVSS5.8AI score0.00248EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2003-0201

Malware in sbrugna...

5CVSS6.1AI score0.01291EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2011-1717

Malware in sbrugna...

4.3CVSS6.4AI score0.02445EPSS
Exploits0References11
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-0514

Malware in sbrugna...

8.8CVSS7.3AI score0.03219EPSS
Exploits0References20
Tenable Nessus
Tenable Nessus
added 2025/10/07 12:0 a.m.2 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: xz (UTSA-2025-986157)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986157 advisory. An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file nam...

8.8CVSS6.9AI score0.04271EPSS
Exploits0References4
Rows per page
Query Builder