Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

195 matches found

RedhatCVE
RedhatCVEadded 2026/05/19 7:57 p.m.4 views

CVE-2026-29962

HSC MailInspector v5.3.3-7 contains a Local File Inclusion LFI vulnerability caused by improper control of user-supplied file paths. The endpoint /vendor/phpunit/phpunit.php processes user-controlled parameters that directly affect file access operations without adequate validation, sanitization,...

7.5CVSS5.9AI score0.00054EPSS
Exploits1References1
NVD
NVDadded 2026/05/18 6:17 p.m.8 views

CVE-2026-29962

HSC MailInspector v5.3.3-7 contains a Local File Inclusion LFI vulnerability caused by improper control of user-supplied file paths. The endpoint /vendor/phpunit/phpunit.php processes user-controlled parameters that directly affect file access operations without adequate validation, sanitization,...

7.5CVSS0.00054EPSS
Exploits1References3
Cvelist
Cvelistadded 2026/05/18 12:0 a.m.34 views

CVE-2026-29962

HSC MailInspector v5.3.3-7 contains a Local File Inclusion LFI vulnerability caused by improper control of user-supplied file paths. The endpoint /vendor/phpunit/phpunit.php processes user-controlled parameters that directly affect file access operations without adequate validation, sanitization,...

0.00054EPSS
Exploits1References3
CNNVD
CNNVDadded 2026/05/18 12:0 a.m.6 views

HSC MailInspector 安全漏洞

HSC MailInspector is a mail security analysis and filtering system developed by the Brazilian company HSC. Version 5.3.3-7 of HSC MailInspector contains security vulnerabilities. These vulnerabilities stem from improper control of file paths provided to users. When the...

7.5CVSS5.8AI score0.00054EPSS
Exploits1References2
EUVD
EUVDadded 2026/05/18 12:0 a.m.4 views

EUVD-2026-30781

HSC MailInspector v5.3.3-7 contains a Local File Inclusion LFI vulnerability caused by improper control of user-supplied file paths. The endpoint /vendor/phpunit/phpunit.php processes user-controlled parameters that directly affect file access operations without adequate validation, sanitization,...

5.9AI score0.00054EPSS
Exploits1References3
CVE
CVEadded 2026/05/18 12:0 a.m.4 views

CVE-2026-29962

The CVE-2026-29962 issue affects HSC MailInspector v5.3.3-7 and is an LFI vulnerability caused by improper validation of user-supplied file paths. The endpoint /vendor/phpunit/phpunit.php processes parameters that directly influence file access, enabling path traversal to read arbitrary files fro...

7.5CVSS5.9AI score0.00054EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/05/18 12:0 a.m.2 views

CVE-2026-29962

HSC MailInspector v5.3.3-7 contains a Local File Inclusion LFI vulnerability caused by improper control of user-supplied file paths. The endpoint /vendor/phpunit/phpunit.php processes user-controlled parameters that directly affect file access operations without adequate validation, sanitization,...

5.9AI score0.00054EPSS
Exploits1References4
Positive Technologies
Positive Technologiesadded 2026/05/18 12:0 a.m.7 views

PT-2026-41705

HSC MailInspector v5.3.3-7 contains a Local File Inclusion LFI vulnerability caused by improper control of user-supplied file paths. The endpoint /vendor/phpunit/phpunit.php processes user-controlled parameters that directly affect file access operations without adequate validation, sanitization,...

5.9AI score0.00054EPSS
Exploits1References4
Tenable Nessus
Tenable Nessusadded 2026/05/09 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-41570

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PHPUnit is a testing framework for PHP. In versions 12.5.21 and 13.1.5, PHPUnit forwards PHP INI settings to child processes used for isolated/PHPT test executi...

7.8CVSS6.6AI score0.00075EPSS
Exploits0References2
NVD
NVDadded 2026/05/08 3:16 p.m.3 views

CVE-2026-41570

PHPUnit is a testing framework for PHP. In versions 12.5.21 and 13.1.5, PHPUnit forwards PHP INI settings to child processes used for isolated/PHPT test execution as -d name=value command-line arguments without neutralizing INI metacharacters. Because PHP's INI parser interprets " as a string...

7.8CVSS0.00075EPSS
Exploits0References2
OSV
OSVadded 2026/05/08 3:16 p.m.3 views

DEBIAN-CVE-2026-41570

PHPUnit is a testing framework for PHP. In versions 12.5.21 and 13.1.5, PHPUnit forwards PHP INI settings to child processes used for isolated/PHPT test execution as -d name=value command-line arguments without neutralizing INI metacharacters. Because PHP's INI parser interprets " as a string...

7.8CVSS6.6AI score0.00075EPSS
Exploits0References1
OSV
OSVadded 2026/05/08 3:16 p.m.2 views

UBUNTU-CVE-2026-41570

PHPUnit is a testing framework for PHP. In versions 12.5.21 and 13.1.5, PHPUnit forwards PHP INI settings to child processes used for isolated/PHPT test execution as -d name=value command-line arguments without neutralizing INI metacharacters. Because PHP's INI parser interprets " as a string...

7.8CVSS6.5AI score0.00075EPSS
Exploits0References4
CVE
CVEadded 2026/05/08 2:33 p.m.8 views

CVE-2026-41570

PHPUnit versions 12.5.21 and 13.1.5 forward PHP INI settings to child processes as -d name=value without neutralizing metacharacters, allowing newline-based directive injection. This can lead to remote code execution via auto_prepend_file in the child process. Patches are available in PHPUnit 12....

7.8CVSS6.6AI score0.00075EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVEadded 2026/05/08 2:33 p.m.4 views

CVE-2026-41570

PHPUnit is a testing framework for PHP. In versions 12.5.21 and 13.1.5, PHPUnit forwards PHP INI settings to child processes used for isolated/PHPT test execution as -d name=value command-line arguments without neutralizing INI metacharacters. Because PHP's INI parser interprets " as a string...

7.8CVSS6.5AI score0.00075EPSS
Exploits0
Cvelist
Cvelistadded 2026/05/08 2:33 p.m.24 views

CVE-2026-41570 PHPUnit: Argument injection via newline in PHP INI values forwarded to child processes

PHPUnit is a testing framework for PHP. In versions 12.5.21 and 13.1.5, PHPUnit forwards PHP INI settings to child processes used for isolated/PHPT test execution as -d name=value command-line arguments without neutralizing INI metacharacters. Because PHP's INI parser interprets " as a string...

7.8CVSS0.00075EPSS
Exploits0References2
CNNVD
CNNVDadded 2026/05/08 12:0 a.m.3 views

PHPUnit 参数注入漏洞

PHPUnit is a PHP unit testing framework developed by Sebastian Bergmann. Versions 12.5.21 and 13.1.5 of PHPUnit contain parameter injection vulnerabilities. These vulnerabilities arise from failing to neutralize INI meta-characters when forwarding PHP INI settings to child processes, which may le...

7.8CVSS6.2AI score0.00075EPSS
Exploits0References1
Snyk
Snykadded 2026/04/22 2:56 p.m.2 views

CRLF Injection

Overview Affected versions of this package are vulnerable to CRLF Injection via the settingsToParameters process. An attacker can execute arbitrary code and alter the configuration of child processes by injecting newline characters into PHP INI values that are forwarded to child processes. This...

8.5CVSS6.3AI score0.00075EPSS
Exploits0References3
OSV
OSVadded 2026/04/22 2:56 p.m.0 views

GHSA-MH6W-VXFF-9WQP PHPUnit: Argument injection via newline in PHP INI values forwarded to child processes

Impact PHPUnit forwards PHP INI settings to child processes used for isolated/PHPT test execution as -d name=value command-line arguments without neutralizing INI metacharacters. Because PHP's INI parser interprets " as a string delimiter, ; as the start of a comment, and most importantly a newli...

7.8CVSS6.2AI score
Exploits0References5
Github Security Blog
Github Security Blogadded 2026/04/22 2:56 p.m.4 views

PHPUnit: Argument injection via newline in PHP INI values forwarded to child processes

Impact PHPUnit forwards PHP INI settings to child processes used for isolated/PHPT test execution as -d name=value command-line arguments without neutralizing INI metacharacters. Because PHP's INI parser interprets " as a string delimiter, ; as the start of a comment, and most importantly a newli...

7.8CVSS6.2AI score0.00236EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blogadded 2026/04/18 12:59 a.m.3 views

PHPUnit has Argument injection via newline in PHP INI values that are forwarded to child processes

Impact PHPUnit forwards PHP INI settings to child processes used for isolated/PHPT test execution as -d name=value command-line arguments without neutralizing INI metacharacters. Because PHP's INI parser interprets " as a string delimiter, ; as the start of a comment, and most importantly a newli...

7.8CVSS6.6AI score0.00075EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder