158498 matches found
CVE-2026-30307
Roo Code's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on fragile regular expressions to parse command structures; while it attempts to intercept dangerous operations, i...
CVE-2026-30305
Syntx's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on fragile regular expressions to parse command structures; while it attempts to intercept dangerous operations, it...
CVE-2026-30313
DSAI-Cline's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on string-based parsing to validate commands; while it intercepts dangerous operators such as ;, &&, ||, |, and...
CVE-2026-30307
Roo Code's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on fragile regular expressions to parse command structures; while it attempts to intercept dangerous operations, i...
CVE-2026-30305
Syntx's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on fragile regular expressions to parse command structures; while it attempts to intercept dangerous operations, it...
CVE-2026-30305
The CVE-2026-30305 issue affects Syntx’s command auto-approval module. The vulnerability arises from fragile regular expressions used to parse commands, which fail to handle Shell command substitution syntax (e.g., $(...) and backticks). An attacker can craft a command such as git log --grep="$(m...
CVE-2026-30307
Summary: CVE-2026-30307 affects Roo Code’s command auto-approval module. The vulnerability stems from parsing command structures with fragile regular expressions that do not account for Shell command substitution (e.g., $(...) and backticks). An attacker can craft a command like: git log --grep="...
CVE-2026-30307
Roo Code's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on fragile regular expressions to parse command structures; while it attempts to intercept dangerous operations, i...
CVE-2026-4946
Ghidra versions prior to 12.0.3 improperly process annotation directives embedded in automatically extracted binary data, resulting in arbitrary command execution when an analyst interacts with the UI. Specifically, the @execute annotation which is intended for trusted, user-authored comments is...
CVE-2026-4946 NSA Ghidra Auto-Analysis Annotation Command Execution
Ghidra versions prior to 12.0.3 improperly process annotation directives embedded in automatically extracted binary data, resulting in arbitrary command execution when an analyst interacts with the UI. Specifically, the @execute annotation which is intended for trusted, user-authored comments is...
CVE-2026-4946 NSA Ghidra Auto-Analysis Annotation Command Execution
Ghidra versions prior to 12.0.3 improperly process annotation directives embedded in automatically extracted binary data, resulting in arbitrary command execution when an analyst interacts with the UI. Specifically, the @execute annotation which is intended for trusted, user-authored comments is...
CVE-2026-4946
Ghidra up to version 12.0.2 is affected by a flaw where annotation directives embedded in automatically extracted binary data (notably the @execute directive parsed from auto-analysis comments like CFStrings in Mach‑O) are executed when an analyst clicks benign-looking UI text. This yields arbitr...
CVE-2026-4946
Ghidra versions prior to 12.0.3 improperly process annotation directives embedded in automatically extracted binary data, resulting in arbitrary command execution when an analyst interacts with the UI. Specifically, the @execute annotation which is intended for trusted, user-authored comments is...
PT-2026-28677
Name of the Vulnerable Software and Affected Versions Ghidra versions prior to 12.0.3 Description The software improperly processes annotation directives embedded in automatically extracted binary data, leading to arbitrary command execution when a user interacts with the user interface. The...
CVE-2026-33045
Home Assistant is open source home automation software that puts local control and privacy first. Starting in version 2025.02 and prior to version 2026.01 the "remaining charge time"-sensor for mobile phones imported/included from Android Auto it appears is vulnerable cross-site scripting, simila...
Incorrect Authorization
Apache Artemis is vulnerable to Incorrect Authorization. The vulnerability is due to incorrect authorization, where an authenticated user with the 'createDurableQueue' permission but without the 'createAddress' permission can create a temporary address when attempting to create a non-durable JMS...
GHSA-48C2-RRV3-QJMP vulnerabilities
Vulnerabilities for packages: lerna, opensearch-dashboards, saf, tileserver-gl-fips, vitess, tileserver-gl, gemini-cli, redisinsight, langfuse-fips, argo-workflows, prism, langfuse, wazuh-dashboard, opentelemetry-auto-instrumentations-node, opensearch-dashboards-fips, kibana...
EUVD-2026-16775
Home Assistant has stored XSS in history-graphs...
Cross-site Scripting (XSS)
Overview home-assistant-frontend is a The Home Assistant frontend Affected versions of this package are vulnerable to Cross-site Scripting XSS via the History-graph card in the history graph display component. An attacker can execute arbitrary JavaScript in a victim’s browser by supplying a...
CVE-2026-33045
Home Assistant is open source home automation software that puts local control and privacy first. Starting in version 2025.02 and prior to version 2026.01 the "remaining charge time"-sensor for mobile phones imported/included from Android Auto it appears is vulnerable cross-site scripting, simila...