CVE-2026-43893

exiftool-vendored provides cross-platform Node.js access to ExifTool. Prior to 35.19.0, exiftool-vendored starts ExifTool in -stayopen True -@ - mode, where arguments are read from stdin one per line. In affected versions, several caller-supplied strings were interpolated into ExifTool arguments...

SUSE CVE-2026-45190

Net::CIDR::Lite versions before 0.24 for Perl does not properly validate IP address and CIDR mask inputs, which may allow IP ACL bypass. Inputs containing a trailing newline or non-ASCII digit characters pass the validators but are then re-encoded by the parser to a different address than the inp...

CVE-2026-45190 Net::CIDR::Lite versions before 0.24 for Perl does not properly validate IP address and CIDR mask inputs, which may allow IP ACL bypass

Net::CIDR::Lite versions before 0.24 for Perl does not properly validate IP address and CIDR mask inputs, which may allow IP ACL bypass. Inputs containing a trailing newline or non-ASCII digit characters pass the validators but are then re-encoded by the parser to a different address than the inp...

CVE-2026-45190

Net::CIDR::Lite versions before 0.24 for Perl does not properly validate IP address and CIDR mask inputs, which may allow IP ACL bypass. Inputs containing a trailing newline or non-ASCII digit characters pass the validators but are then re-encoded by the parser to a different address than the inp...

PT-2026-39538

Name of the Vulnerable Software and Affected Versions Net::CIDR::Lite versions prior to 0.24 Description Net::CIDR::Lite for Perl fails to properly validate IP address and CIDR mask inputs. Inputs containing non-ASCII digit characters or a trailing newline pass validation but are re-encoded by th...

CVE-2026-5463

Command injection vulnerability in console.runmodulewithoutput in pymetasploit3 through version 1.0.6 allows attackers to inject newline characters into module options such as RHOSTS. This breaks the intended command structure and causes the Metasploit console to execute additional unintended...

pymetasploit3 vulnerable to command injection in console.run_module_with_output()

Command injection vulnerability in console.runmodulewithoutput in pymetasploit3 through version 1.0.6 allows attackers to inject newline characters into module options such as RHOSTS. This breaks the intended command structure and causes the Metasploit console to execute additional unintended...

CVE-2026-30312

DSAI-Cline's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on string-based parsing to validate commands; while it intercepts dangerous operators such as ;, &&, ||, |, and...

CVE-2026-30312

CVE-2026-30312 affects DSAI-Cline’s command auto-approval module. AOS command injection exists due to newline characters embedded in whitelisted input, bypassing the string-based validation and causing the PowerShell interpreter to treat the newline as a separator, which can lead to Remote Code E...

CVE-2026-30313

DSAI-Cline's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on string-based parsing to validate commands; while it intercepts dangerous operators such as ;, &&, ||, |, and...

CVE-2026-30313

CVE-2026-30313 affects DSAI-Cline’s command auto-approval module. The vulnerability stems from a string-based whitelist that fails to account for raw newline characters in input, allowing an attacker to insert a newline between a whitelisted command and malicious code (for example, git log malici...

PT-2026-20983

Name of the Vulnerable Software and Affected Versions Deno versions prior to 2.6.8 Description A command injection issue exists in Deno's node:child process implementation. The issue allows for arbitrary command execution through crafted input provided to the spawnSync function when the shell...

Linux Distros Unpatched Vulnerability : CVE-2025-15366

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The imaplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control...

EUVD-2025-206304

The imaplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters...

Linux Distros Unpatched Vulnerability : CVE-2019-10053

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Suricata 4.1.x before 4.1.4. If the input of the function SSHParseBanner is composed only of a \n character, then the program runs in...

PT-2025-32447 · Pypi · Pyload-Ng

Summary A log injection vulnerability was identified in pyload in API /json/add package. This vulnerability allows user with add packages permission to inject arbitrary messages into the logs gathered by pyload. Details pyload will generate a log entry when creating new package using API /json/ad...

UBUNTU-CVE-2024-50343

symfony/validator is a module for the Symphony PHP framework which provides tools to validate values. It is possible to trick a Validator configured with a regular expression using the $ metacharacters, with an input ending with \n. Symfony as of versions 5.4.43, 6.4.11, and 7.1.4 now uses the D...

rubygem-tzinfo: arbitrary code execution

A flaw was found in rubygem-tzinfo. When using the Timezone.get function, it fails to validate time zone identifiers correctly, allowing a new line character input within the identifier. This flaw allows an attacker to use the new line character and write any code, which will be executed within t...

rubygem-tzinfo: arbitrary code execution

A flaw was found in rubygem-tzinfo. When using the Timezone.get function, it fails to validate time zone identifiers correctly, allowing a new line character input within the identifier. This flaw allows an attacker to use the new line character and write any code, which will be executed within t...

SUSE CVE-2019-10053

An issue was discovered in Suricata 4.1.x before 4.1.4. If the input of the function SSHParseBanner is composed only of a \n character, then the program runs into a heap-based buffer over-read. This occurs because the erroneous search for \r results in an integer underflow...