Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via unsanitized header or query parameter match values in the HTTPRoute resource. An attacker can bypass listener hostname constraints and...

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via unsanitized header or query parameter match values in the HTTPRoute resource. An attacker can bypass listener hostname constraints and...

CVE-2026-1665

A command injection vulnerability exists in nvm Node Version Manager versions 0.40.3 and below. The nvmdownload function uses eval to execute wget commands, and the NVMAUTHHEADER environment variable was not sanitized in the wget code path though it was sanitized in the curl code path. An attacke...

CVE-2026-1665

A command injection vulnerability exists in nvm Node Version Manager versions 0.40.3 and below. The nvmdownload function uses eval to execute wget commands, and the NVMAUTHHEADER environment variable was not sanitized in the wget code path though it was sanitized in the curl code path. An attacke...

CVE-2025-64325 Emby Server is Vulnerable to Remote Code Execution Through XSS in Admin Dashboard

Emby Server is a personal media server. Prior to version 4.8.1.0 and prior to Beta version 4.9.0.0-beta, a malicious user can send an authentication request with a manipulated X-Emby-Client value, which gets added to the devices section of the admin dashboard without sanitization. This issue has...

PT-2025-47414

Name of the Vulnerable Software and Affected Versions Emby Server versions prior to 4.8.1.0 Emby Server versions prior to 4.9.0.0-beta Description Emby Server is a personal media server. A malicious user can send an authentication request with a manipulated X-Emby-Client value. This value is adde...

Medium: pcs

Issue Overview: Rack is a modular Ruby web server interface. The Rack::Sendfile middleware logs unsanitised header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences such as newline characters into the header, resulting in log injection. This...

Log Injection

Rack is vulnerable to log injection. The vulnerability is due to the Rack::Sendfile middleware logging unsanitized header values from the X-Sendfile-Type header, allowing an attacker to inject escape sequences into logs...

SUSE CVE-2007-6203

Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting XSS style attacks using web client components that can send arbitrary...

PHP Nuke v.8.0 (referer) SQL Injection

PHP Nuke v.8.0 referer SQL Injection Author: Gerendi Sandor Attila Original advisory: http://gsasec.blogspot.com/2009/05/php-nuke-v80-referer-sql-injection.html Date: May 14, 2009 Package: PHP-Nuke Product homepage: http://phpnuke.org/ Versions Affected: v.8.0 Other versions may also be affected...