CVE-2026-9255

Missing input source validation in the tool authorization prompt in Kiro CLI before 1.28.0 allows a local attacker to execute arbitrary tools, including shell commands, without user approval by crafting content that is piped to kiro-cli via stdin. We recommend you to upgrade to kiro-cli version...

CVE-2026-34426

OpenClaw versions prior to commit b57b680 contain an approval bypass vulnerability due to inconsistent environment variable normalization between approval and execution paths, allowing attackers to inject attacker-controlled environment variables into execution without approval system validation...

CVE-2018-25222

A flaw was found in SC. This stack-based buffer overflow vulnerability allows local attackers to execute arbitrary code. By providing input that exceeds the allocated memory buffer, an attacker can overwrite critical program data, leading to the execution of malicious code within the application'...

EUVD-2006-2696

Malware in sbrugna...

EUVD-2020-2132

Malware in sbrugna...

EUVD-2006-3390

Malware in sbrugna...

EUVD-2022-1255

Malicious code in bioql PyPI...

EUVD-2023-42820

Malicious code in bioql PyPI...

EUVD-2025-1685

Malicious code in bioql PyPI...

EUVD-2024-43184

Malicious code in bioql PyPI...

CVE-2024-43022

An issue in the downloader.php component of TOSEI online store management system v4.02, v4.03, and v4.04 allows attackers to execute a directory traversal...

CVE-2022-35603

A SQL injection vulnerability in CustomerDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter searchTxt...

CVE-2020-1212

An elevation of privilege vulnerability exists when an OLE Automation component improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'OLE Automation Elevation of Privilege Vulnerability'...

CVE-2020-1365

An elevation of privilege vulnerability exists when the Windows Event Logging Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Event Logging Service Elevation of Privilege Vulnerability'. This CVE ID...

CVE-2020-1354

An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows UPnP Device Host Elevation of Privilege Vulnerability'. This CVE ID is unique...

CVE-2020-0934

An elevation of privilege vulnerability exists when the Windows WpcDesktopMonSvc improperly manages memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from...

CVE-2020-0861

An information disclosure vulnerability exists when the Windows Network Driver Interface Specification NDIS improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Network Driver Interface Specification NDIS...

CVE-2020-1271

An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Backup Service Elevation of Privilege Vulnerability'...

CVE-2006-7247

SQL injection vulnerability in the Weblinks comweblinks component for Joomla! and Mambo 1.0.9 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter...

USN-7361-1: Libxslt vulnerability

Ivan Fratric discovered that Libxslt incorrectly handled certain memory operations when handling documents. A remote attacker could use this issue to cause Libxslt to crash, resulting in a denial of service, or possibly execute arbitrary code...