Lucene search
K

1292 matches found

Nuclei
Nuclei
added yesterday15 views

D-Link DIR-803 - Authentication Bypass

An authentication bypass vulnerability exists in D-Link DIR-803 routers firmware A1 1.04 and earlier. By manipulating the AUTHORIZEDGROUP parameter in /getcfg.php via newline injection, an attacker can retrieve XML configuration containing administrator credentials without authentication. id:...

7.5CVSS6.5AI score0.03559EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 4 days ago7 views

CVE-2026-53878

A flaw was found in Django. django.core.validators.DomainNameValidator accepted newline characters in domain name input. When applications use this validator outside Django form fields and include the validated value in HTTP response headers, a remote attacker could perform HTTP header injection...

6.1CVSS6.1AI score0.00217EPSS
Exploits0References3
Cvelist
Cvelist
added 5 days ago30 views

CVE-2026-50188 Kirby: Request header injection in `Http\Remote`

Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites and plugins using the Kirby Http Remote class, including Remote::request, Remote::get, and Remote::post, to send outgoing HTTP requests with untrusted data in the headers option could allow newline characters...

6.9CVSS0.0029EPSS
Exploits0References5
CVE
CVE
added 5 days ago12 views

CVE-2026-56288

CVE-2026-56288 affects GNU patch. A NULL pointer dereference can occur while processing specially crafted unified-diff patch files due to improper handling of consecutive end-of-file newline markers, leading to a crash and denial of service. The issue is mitigated by the fixed patch in commit e6d...

5.5CVSS5.9AI score0.00125EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added last week6 views

CVE-2026-14740

DBI versions before 1.650 for Perl read one byte out-of-bounds in preparse when deleting an initial SQL comment. The preparse method normalises SQL and removes comments. When the SQL starts with a comment line, the deletion of that line during normalisation led to an out-of-bounds read by one byt...

6AI score0.00407EPSS
Exploits0References4
Snyk
Snyk
added last week7 views

Improper Neutralization

Overview Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Affected versions of this package are vulnerable to Improper Neutralization via the DomainNameValidator process. An attacker can inject arbitrary HTTP headers by submitting input...

6.1CVSS6AI score0.00217EPSS
Exploits0References2
EUVD
EUVD
added last week8 views

EUVD-2026-42045

An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. DomainNameValidator does not prohibit newlines in domain names unless used via a form field, since CharField strips newlines. If an application uses values with newlines in an HTTP response, header injection can occur. Djan...

6.1CVSS5.8AI score0.00217EPSS
Exploits0References3
Debian CVE
Debian CVE
added last week5 views

CVE-2026-53878

An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. DomainNameValidator does not prohibit newlines in domain names unless used via a form field, since CharField strips newlines. If an application uses values with newlines in an HTTP response, header injection can occur. Djan...

6.1CVSS5.8AI score0.00217EPSS
Exploits0
Cvelist
Cvelist
added last week34 views

CVE-2026-34152 Coolify: Command Injection via Newline in Pre/Post Deployment Commands (Heredoc Transport)

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, pre-deployment and post-deployment commands are single-quote escaped but then sent through SSH heredoc transport that preserves newlines, allowing an authenticated user to...

8.8CVSS0.00372EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/07/07 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-53878

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Django 6.0 before 6.0.7 and 5.2 before 5.2.16. DomainNameValidator does not prohibit newlines in domain names unless used via a form...

6.1CVSS6.1AI score0.00217EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/06 7:54 p.m.7 views

EUVD-2026-24973

cut: -s only-delimited ignored when delimiter is a newline...

3.3CVSS6AI score0.00135EPSS
Exploits0References5
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-500 pymetasploit3 vulnerable to command injection in console.run_module_with_output()

Command injection vulnerability in console.runmodulewithoutput in pymetasploit3 through version 1.0.6 allows attackers to inject newline characters into module options such as RHOSTS. This breaks the intended command structure and causes the Metasploit console to execute additional unintended...

9.3CVSS6.1AI score0.01923EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.8 views

Astra Linux – Vulnerability in Python 3.11

The imaplib module, when a user-controlled command is passed to it, can have additional commands injected using newlines. Mitigation rejects commands that contain control characters...

5.9CVSS6.8AI score0.0036EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.11 views

Astra Linux – Vulnerability in Python 3.11

User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL’s media type...

6CVSS7.1AI score0.0048EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/22 12:31 p.m.9 views

EUVD-2026-38229

MISP allowed a site administrator to configure an arbitrary filesystem path for the NDJSON error log used by JsonLogTool. Because log entries can include attacker-controlled content, an authenticated attacker with site administrator privileges could direct log output to a PHP file in a...

8.7CVSS6.6AI score0.00383EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.21 views

PT-2026-51292

Name of the Vulnerable Software and Affected Versions Net::Statsite::Client versions prior to 1.1.1 Description Net::Statsite::Client, a client for the statsite protocol a variant of statsd, allows metric injections. This occurs because newlines are not removed from metric names, and values are n...

9.1CVSS5.9AI score0.00352EPSS
Exploits0References12
RedhatCVE
RedhatCVE
added 2026/06/18 7:43 p.m.8 views

CVE-2026-53437

A flaw was found in Jenkins. This vulnerability allows a remote attacker to perform phishing attacks by crafting a malicious redirect URL. The flaw occurs because Jenkins improperly validates redirect URLs after login, specifically when tab or newline characters are present between the // in the...

7.4CVSS5AI score0.00364EPSS
Exploits0References4
NVD
NVD
added 2026/06/17 11:17 p.m.13 views

CVE-2026-44644

LiquidJS is a Shopify/GitHub Pages compatible template engine written in pure JavaScript. Versions 10.25.7 and below are vulnerable to XSS through a flaw in the striphtml filter logic. The striphtml filter is intended to remove HTML tags from a string before rendering, and is widely used as an XS...

6.1CVSS0.00203EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/17 9:50 p.m.16 views

CVE-2026-44644 LiquidJS's strip_html filter bypass via newline characters in HTML tags enables XSS

LiquidJS is a Shopify/GitHub Pages compatible template engine written in pure JavaScript. Versions 10.25.7 and below are vulnerable to XSS through a flaw in the striphtml filter logic. The striphtml filter is intended to remove HTML tags from a string before rendering, and is widely used as an XS...

6.1CVSS0.00203EPSS
Exploits0References3
CVE
CVE
added 2026/06/17 9:50 p.m.37 views

CVE-2026-44644

CVE-2026-44644 affects liquidjs versions 10.25.7 and earlier. The strip_html filter uses a regex where the catch‑all branch () does not match line terminators, allowing a newline inside a tag (e.g., ) to bypass sanitization. If applications render attacker-controlled input via {{ x | strip_html }...

6.1CVSS5.3AI score0.00203EPSS
Exploits0References3
Rows per page
Query Builder