Lucene search
K

6 matches found

EUVD
EUVD
added 2026/04/22 6:31 p.m.7 views

EUVD-2026-25030

A logic error in the env utility of uutils coreutils causes a failure to correctly parse command-line arguments when utilizing the -S split-string option. In GNU env, backslashes within single quotes are treated literally with the exceptions of \ and '. However, the uutils implementation...

3.3CVSS5.8AI score0.00102EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2025/01/01 9:32 a.m.5 views

virtualenv: potential command injection via virtual environment activation scripts

A flaw was found in the virtualenv Python package. Due to the improper handling of quotes in magic template strings, the virtual environment activation script is vulnerable to OS command injection,leading to the loss of confidentiality,integrity and availability of the system...

8.4CVSS5.7AI score0.01557EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2024/12/16 8:11 a.m.3 views

virtualenv: potential command injection via virtual environment activation scripts

A flaw was found in the virtualenv Python package. Due to the improper handling of quotes in magic template strings, the virtual environment activation script is vulnerable to OS command injection,leading to the loss of confidentiality,integrity and availability of the system...

8.4CVSS5.7AI score0.01557EPSS
Exploits1References7
OSV
OSV
added 2021/02/27 5:15 a.m.3 views

UBUNTU-CVE-2021-3148

An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.genthin command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py...

9.8CVSS7.3AI score0.08246EPSS
Exploits0References5
Snyk
Snyk
added 2021/01/12 8:49 a.m.1 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS. This happens because no HTML escaping is being performed when processing quotes. This applies even when the :escapehtml option was being used in combination with :quote. Details Cross-site scripting or XSS is a...

8.3CVSS5.4AI score0.0157EPSS
Exploits0References2
OSV
OSV
added 2021/01/11 7:15 p.m.1 views

DEBIAN-CVE-2020-26298

Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions no HTML escaping was being performed when processing quotes. This applies even when the :escapehtml opti...

5.4CVSS5.7AI score0.0157EPSS
Exploits0References1
Rows per page
Query Builder