Lucene search
K

49 matches found

OSV
OSV
added 2026/07/06 12:0 a.m.2 views

OPENSUSE-SU-2026:11189-1 obs-service-appimage-0.12.4-1.1 on GA media

These are all security issues fixed in the obs-service-appimage-0.12.4-1.1 package on the GA media of openSUSE Tumbleweed...

10CVSS5.9AI score0.00375EPSS
Exploits0References1
NVD
NVD
added 2026/06/30 11:17 p.m.6 views

CVE-2026-54672

electron-updater allows for automatic updates for Electron apps. Prior to 26.15.0, AppImage targets built by app-builder-lib could use an empty path component when setting the LDLIBRARYPATH environment variable at runtime. This causes the current working directory to be added to the dynamic linke...

7.8CVSS0.00129EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/30 10:15 p.m.6 views

CVE-2026-54672

electron-updater allows for automatic updates for Electron apps. Prior to 26.15.0, AppImage targets built by app-builder-lib could use an empty path component when setting the LDLIBRARYPATH environment variable at runtime. This causes the current working directory to be added to the dynamic linke...

7.8CVSS6.1AI score0.00129EPSS
Exploits0References3Affected Software2
OSV
OSV
added 2026/06/30 10:15 p.m.4 views

CVE-2026-54672 electron-updater: Uncontrolled search path elements within `AppImage` built by `app-builder-lib`

electron-updater allows for automatic updates for Electron apps. Prior to 26.15.0, AppImage targets built by app-builder-lib could use an empty path component when setting the LDLIBRARYPATH environment variable at runtime. This causes the current working directory to be added to the dynamic linke...

7.8CVSS6.2AI score0.00129EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/30 10:15 p.m.28 views

CVE-2026-54672 electron-updater: Uncontrolled search path elements within `AppImage` built by `app-builder-lib`

electron-updater allows for automatic updates for Electron apps. Prior to 26.15.0, AppImage targets built by app-builder-lib could use an empty path component when setting the LDLIBRARYPATH environment variable at runtime. This causes the current working directory to be added to the dynamic linke...

7.8CVSS0.00129EPSS
Exploits0References2
CVE
CVE
added 2026/06/30 10:15 p.m.18 views

CVE-2026-54672

CVE-2026-54672 : The issue affects electron-updater with AppImage targets built by app-builder-lib prior to 26.15.0. At runtime, an empty path component in LD_LIBRARY_PATH can cause the current working directory to be added to the dynamic linker search path, potentially enabling an attacker to pl...

7.8CVSS6.1AI score0.00129EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.7 views

PT-2026-54018

Name of the Vulnerable Software and Affected Versions electron-updater versions prior to 26.15.0 Description AppImage targets built by app-builder-lib can use an empty path component when setting the LD LIBRARY PATH environment variable at runtime. This behavior causes the current working directo...

7.8CVSS6.1AI score0.00129EPSS
Exploits0References10
Rosalinux
Rosalinux
added 2026/06/01 8:37 a.m.30 views

Advisory ROSA-SA-2026-3297

CVE-ID: CVE-2024-41817 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: The vulnerability in the AppImage version of ImageMagick relates to the use of an empty path during the installation of environment variables MAGICKCONFIGUREPATH and LDLIBRARYPATH. This allows attackers to execute arbitrary code by...

9.8CVSS6.5AI score0.04065EPSS
Exploits14
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/24 8:52 a.m.13 views

Malicious code in twokey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 20c6d8e22fd03dd5ff39bac81bcbffd05db3b2a08dcf9768332094ffcca4eebd The package's postinstall hook unconditionally executes node bin/twokey.js --desktop --enable-autostart, which performs three install-time actions...

5.9AI score
Exploits0References5
OSV
OSV
added 2026/05/24 8:52 a.m.10 views

MAL-2026-4697 Malicious code in twokey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 20c6d8e22fd03dd5ff39bac81bcbffd05db3b2a08dcf9768332094ffcca4eebd The package's postinstall hook unconditionally executes node bin/twokey.js --desktop --enable-autostart, which performs three install-time actions...

5.9AI score
Exploits0References5
UbuntuCve
UbuntuCve
added 2026/04/28 8:16 a.m.6 views

CVE-2026-41525

KDE Dolphin before 25.12.3 allows applications in a Flatpak or with AppArmor confinement to open folders outside of the application sandbox without additional scrutiny. Dolphin's implementation of the FileManager1 protocol allows the path given to be any type of file, including scripts or...

6.5CVSS5.8AI score0.00127EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2020-17954

Malware in sbrugna...

6.5CVSS5.9AI score0.01919EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.10 views

EUVD-2020-17953

Malware in sbrugna...

6.5CVSS5.9AI score0.01919EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2020-25266

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AppImage appimaged before 1.0.3 does not properly check whether a downloaded file is a valid appimage. For example, it will accept a crafted mp3 file that...

5.5CVSS6.2AI score0.0034EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2020-25265

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AppImage libappimage before 1.0.3 allows attackers to trigger an overwrite of a system-installed .desktop file by providing a .desktop file that contains Name=...

6.5CVSS6.6AI score0.01919EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2024/08/06 2:0 a.m.6 views

SUSE CVE-2024-41817

ImageMagick is a free and open-source software suite, used for editing and manipulating digital images. The AppImage version ImageMagick might use an empty path when setting MAGICKCONFIGUREPATH and LDLIBRARYPATH environment variables while executing, which might lead to arbitrary code execution b...

7.8CVSS8.1AI score0.00926EPSS
Exploits2References3
RedhatCVE
RedhatCVE
added 2024/07/31 8:19 a.m.94 views

CVE-2024-41817

A flaw was found in ImageMagick. The 'AppImage' version of ImageMagick, when executed with an empty path in the MAGICKCONFIGUREPATH and LDLIBRARYPATH environment variables, can load malicious configuration files or shared libraries in the current directory, resulting in arbitrary code execution...

7.3CVSS7AI score0.00926EPSS
Exploits2References4
OSV
OSV
added 2024/07/29 4:15 p.m.4 views

UBUNTU-CVE-2024-41817

ImageMagick is a free and open-source software suite, used for editing and manipulating digital images. The AppImage version ImageMagick might use an empty path when setting MAGICKCONFIGUREPATH and LDLIBRARYPATH environment variables while executing, which might lead to arbitrary code execution b...

7.8CVSS7.3AI score0.00926EPSS
Exploits2References5
Cvelist
Cvelist
added 2024/07/29 3:53 p.m.61 views

CVE-2024-41817 Arbitrary Code Execution in `AppImage` version `ImageMagick`

ImageMagick is a free and open-source software suite, used for editing and manipulating digital images. The AppImage version ImageMagick might use an empty path when setting MAGICKCONFIGUREPATH and LDLIBRARYPATH environment variables while executing, which might lead to arbitrary code execution b...

7CVSS0.00926EPSS
Exploits2References3
Vulnrichment
Vulnrichment
added 2024/07/29 3:53 p.m.58 views

CVE-2024-41817 Arbitrary Code Execution in `AppImage` version `ImageMagick`

ImageMagick is a free and open-source software suite, used for editing and manipulating digital images. The AppImage version ImageMagick might use an empty path when setting MAGICKCONFIGUREPATH and LDLIBRARYPATH environment variables while executing, which might lead to arbitrary code execution b...

7CVSS7.9AI score0.00926EPSS
Exploits2References3
Rows per page
Query Builder