CVE-2026-35167

Kedro is a toolbox for production-ready data science. Prior to 1.3.0, the getversionedpath method in kedro/io/core.py constructs filesystem paths by directly interpolating user-supplied version strings without sanitization. Because version strings are used as path components, traversal sequences...

CVE-2023-26107

All versions of the package sketchsvg are vulnerable to Arbitrary Code Injection when invoking shell.exec without sanitization nor parametrization while concatenating the current directory as part of the command string...

CLSA-2025-1741215546 cups: Fix of CVE-2024-47175

CVE-2024-47175: fixed multiple PPD vulnerabilities by validating inputs, sanitizing strings, quoting localized data, and addressing warnings in cups/ppd-cache.c and scheduler/ipp.c...

HTTP Query String Injection

Description The application does not properly sanitize query string parameters in the cloudflare-kv-http,github and http drivers. In the case of the github and http drivers there is no immediate vulnerability, however a slight risk is presented. When a user controls a key within the...

NodeJS System Information Library Command Injection (CVE-2021-21315)

Binary data nodejscve-2021-21315.nbin...

USN-5348-3 smarty3 vulnerabilities

USN-5348-1 fixed several vulnerabilities in Smarty. This update provides the fixes for CVE-2021-21408, CVE-2021-26119, CVE-2021-26120 and CVE-2021-29454 for Ubuntu 20.04 ESM. Original advisory details: David Gnedt and Thomas Konrad discovered that Smarty was incorrectly sanitizing the paths prese...

USN-5348-1 smarty3 vulnerabilities

David Gnedt and Thomas Konrad discovered that Smarty was incorrectly sanitizing the paths present in the templates. An attacker could possibly use this use to read arbitrary files when controlling the executed template. CVE-2018-13982 It was discovered that Smarty was incorrectly sanitizing the...

Debian: Security Advisory (DLA-2421-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Command Injection in systeminformation

Impact command injection vulnerability Patches Problem was fixed with a shell string sanitation fix. Please upgrade to version = 4.26.2 Workarounds If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to is.services, is.inetChecksite, si.inetLatency,...

CVE-2019-1010174

CImg The CImg Library v.2.3.3 and earlier is affected by: command injection. The impact is: RCE. The component is: loadnetwork function. The attack vector is: Loading an image from a user-controllable url can lead to command injection, because no string sanitization is done on the url. The fixed...

CVE-2019-1010174

CImg The CImg Library v.2.3.3 and earlier is affected by: command injection. The impact is: RCE. The component is: loadnetwork function. The attack vector is: Loading an image from a user-controllable url can lead to command injection, because no string sanitization is done on the url. The fixed...

Command injection

CImg The CImg Library v.2.3.3 and earlier is affected by: command injection. The impact is: RCE. The component is: loadnetwork function. The attack vector is: Loading an image from a user-controllable url can lead to command injection, because no string sanitization is done on the url. The fixed...

CVE-2019-1010174

CImg The CImg Library v.2.3.3 and earlier is affected by: command injection. The impact is: RCE. The component is: loadnetwork function. The attack vector is: Loading an image from a user-controllable url can lead to command injection, because no string sanitization is done on the url. The fixed...

CVE-2019-1010174

CImg The CImg Library v.2.3.3 and earlier is affected by: command injection. The impact is: RCE. The component is: loadnetwork function. The attack vector is: Loading an image from a user-controllable url can lead to command injection, because no string sanitization is done on the url. The fixed...

Fedora 22 : dovecot-2.2.16-2.fc22 (2015-7156)

fixes CVE-2015-3420: SSL/TLS handshake failures leading to a crash of the login process - dovecot updated to 2.2.16 - auth: Don't crash if master user login is attempted without any configured master=yes passdbs - Parsing UTF-8 text for mails could have caused broken results sometimes if bufferin...

Critical: Red Hat Security Advisory: firefox security update

Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings...