1769 matches found
CVE-2026-5090 Template::Plugin::HTML versions through 3.102 for Perl allows HTML and JavaScript to be injected
Template::Plugin::HTML versions through 3.102 for Perl allows HTML and JavaScript to be injected. The htmlfilter function did not escape single quotes. HTML attributes inside of single quotes could be have code injected. For example, the variable "var" in would not be properly escaped. An attacke...
Diesel: Command injection in Diesel's implementation of `COPY FROM`/`COPY TO`
Diesel allows users to configure various options for PostgreSQL's COPY FROM and COPY TO statements. These configurations are partially provided as strings or characters. Diesel did not check if any these user-provided options contain a quote character ', which can lead to the injection of...
Improper Encoding or Escaping of Output
Overview Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output due to improper escaping of single quotes in the SSH transport command construction process. An attacker can inject arbitrary shell tokens by including single quotes in the repository path,...
Improper Encoding or Escaping of Output
Overview Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output due to improper escaping of single quotes in the SSH transport command construction process. An attacker can inject arbitrary shell tokens by including single quotes in the repository path,...
go-git: Improper single-quote escaping in go-git SSH transport
Impact go-git's SSH transport constructs the remote exec command by wrapping the repository path in single quotes without escaping single quotes embedded inside the path. This diverges from canonical Git, which shell-quotes the path through sqquotebuf so that an embedded ' becomes the '''...
Template 跨站脚本漏洞
Template is a quick and simple string templating tool developed by Blake Embrey. Versions of Template 3.102 and earlier had a cross-site scripting vulnerability. This vulnerability stemmed from the htmlfilter function not escaping single quotes, which could lead to HTML and JavaScript injection...
Postgrex: Channel-name SQL injection in `Postgrex.Notifications.listen/3`
Summary SQL injection in Postgrex.Notifications.listen/3: the channel argument is interpolated straight into LISTEN "..." / UNLISTEN "..." without escaping the " character. Any caller that lets a user influence the channel name e.g. a pub/sub bridge that uses a tenant id or topic slug as the...
GHSA-W42G-JJ8W-FJ77 Duplicate Advisory: phpMyFAQ: Stored XSS via Utils::parseUrl() in comment rendering
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-9525-27vj-c8r8. This link is maintained to preserve external references. Original Description phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in Utils::parseUrl that allows authenticat...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the websiteUrl field, which is interpolated into an HTML attribute without proper encoding of quote characters. An attacker can execute arbitrary JavaScript in the context of users visiting the catalogue UI b...
HRConvert2 操作系统命令注入漏洞
HRConvert2 is a self-hosted, drag-and-drop file conversion and sharing tool developed by Justin Grimes. Versions of HRConvert2 prior to 3.3.8 had an operating system command injection vulnerability. This vulnerability stemmed from the sanitizeString function not filtering escaped quotes and tabs,...
CVE-2026-44665
fast-xml-builder builds XML from JSON. Prior to 1.1.7, when an input data has quotes in attribute values but process entities is not enabled, it breaks the attribute value into multiple attributes. This gives the room for an attacker to insert unwanted attributes to the XML/HTML. This vulnerabili...
NPM: claude-code-cache-fix vulnerable to local code execution via Python triple-quote injection in tools/quota-statusline.sh
NPM: claude-code-cache-fix vulnerable to local code execution via Python triple-quote injection in tools/quota-statusline.sh vulnerability discovered by ? in WordPress Npm claude-code-cache-fix versions = 3.5.0, 3.5.2...
CVE-2026-44665 fast-xml-builder: Attribute values with unwanted quotes can bypass malicious or unwanted attributes
fast-xml-builder builds XML from JSON. Prior to 1.1.7, when an input data has quotes in attribute values but process entities is not enabled, it breaks the attribute value into multiple attributes. This gives the room for an attacker to insert unwanted attributes to the XML/HTML. This vulnerabili...
CVE-2026-44665 fast-xml-builder: Attribute values with unwanted quotes can bypass malicious or unwanted attributes
fast-xml-builder builds XML from JSON. Prior to 1.1.7, when an input data has quotes in attribute values but process entities is not enabled, it breaks the attribute value into multiple attributes. This gives the room for an attacker to insert unwanted attributes to the XML/HTML. This vulnerabili...
CVE-2026-44665
Summary of CVE-2026-44665 details (from provided sources): The vulnerability affects the fast-xml-builder library, where input data containing quotes in attribute values, if the processEntities flag is not enabled, can cause an attribute value to be split into multiple attributes. This enables an...
Kysely: JSON-path traversal injection via unsanitized path-leg metacharacters in `JSONPathBuilder.key()` / `.at()`
Summary Kysely 0.28.12 added a sanitizeStringLiteral call inside DefaultQueryCompiler.visitJSONPathLeg commit 0a602bf, PR 1727 to fix CVE-2026-32763 GHSA-wmrf-hv6w-mr66. The fix only doubles single quotes ' → ''; it does not escape JSON-path metacharacters ., , , , , ?. When attacker-controlled...
GHSA-Q8W6-W55C-CCV5 Keylime has a hardcoded attestation challenge nonce that allows replay attacks
CVE-2026-6420: Hardcoded attestation challenge nonce allows replay attacks Impact The CertificationParameters.generatechallenge method in the push attestation protocol uses a hardcoded challenge nonce instead of generating a cryptographically random value. This removes the nonce-based replay...
Keylime has a hardcoded attestation challenge nonce that allows replay attacks
CVE-2026-6420: Hardcoded attestation challenge nonce allows replay attacks Impact The CertificationParameters.generatechallenge method in the push attestation protocol uses a hardcoded challenge nonce instead of generating a cryptographically random value. This removes the nonce-based replay...
PT-2026-39898
Name of the Vulnerable Software and Affected Versions Kysely versions prior to 0.28.16 Description Improper input handling in the JSON-path compiler allows attackers to access sensitive JSON data. The software fails to escape JSON-path metacharacters such as ., , , , , and ?, only doubling single...
UBUNTU-CVE-2025-14179
In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the PDO Firebird driver improperly handles NUL bytes when preparing SQL queries. During token-by-token query construction, a string token containing a NUL byte is copied via strncat, which stops at...