Lucene search
K

1708 matches found

Github Security Blog
Github Security Blog
added 2026/03/11 7:53 p.m.5 views

Shescape escape() leaves bracket glob expansion active on Bash, BusyBox, and Dash

Summary Shescapeescape does not escape square-bracket glob syntax for Bash, BusyBox sh, and Dash. Applications that interpolate the return value directly into a shell command string can cause an attacker-controlled value like secret12 to expand into multiple filesystem matches instead of a single...

6.9CVSS5.8AI score0.00214EPSS
Exploits1References6Affected Software1
EUVD
EUVD
added 2026/03/11 7:53 p.m.6 views

EUVD-2026-11333

Shescape escape leaves bracket glob expansion active on Bash, BusyBox, and Dash...

6.9CVSS5.8AI score0.00214EPSS
Exploits1References4
OSV
OSV
added 2026/03/11 7:53 p.m.3 views

GHSA-9JFH-9XRQ-4VWM Shescape escape() leaves bracket glob expansion active on Bash, BusyBox, and Dash

Summary Shescapeescape does not escape square-bracket glob syntax for Bash, BusyBox sh, and Dash. Applications that interpolate the return value directly into a shell command string can cause an attacker-controlled value like secret12 to expand into multiple filesystem matches instead of a single...

6.9CVSS5.9AI score0.00214EPSS
Exploits1References6
CVE
CVE
added 2026/03/11 7:50 p.m.16 views

CVE-2026-32094

CVE-2026-32094 affects the JavaScript library Shescape. Prior to 2.1.10, Shescape#escape() does not escape square-bracket glob syntax used by Bash, BusyBox sh, and Dash. If an application interpolates the returned value directly into a shell command, attacker-controlled input such as secret[12] c...

6.9CVSS5.8AI score0.00214EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/11 7:50 p.m.3 views

CVE-2026-32094 Shescape escape() leaves bracket glob expansion active on Bash, BusyBox, and Dash

Shescape is a simple shell escape library for JavaScript. Prior to 2.1.10, Shescapeescape does not escape square-bracket glob syntax for Bash, BusyBox sh, and Dash. Applications that interpolate the return value directly into a shell command string can cause an attacker-controlled value like...

6.9CVSS5.8AI score0.00214EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/11 7:50 p.m.31 views

CVE-2026-32094 Shescape escape() leaves bracket glob expansion active on Bash, BusyBox, and Dash

Shescape is a simple shell escape library for JavaScript. Prior to 2.1.10, Shescapeescape does not escape square-bracket glob syntax for Bash, BusyBox sh, and Dash. Applications that interpolate the return value directly into a shell command string can cause an attacker-controlled value like...

6.9CVSS0.00214EPSS
Exploits1References2
SUSE Linux
SUSE Linux
added 2026/03/11 5:6 p.m.4 views

Security update for busybox

This update for busybox fixes the following issues: CVE-2023-42363: use-after-free vulnerability in xasprintf function in xfuncsprintf.c bsc1217580. CVE-2023-42364: use-after-free in the awk.c evaluate function bsc1217584. CVE-2023-42365: use-after-free in the awk.c copyvar function bsc1217585...

8.8CVSS6.2AI score0.02793EPSS
Exploits6References32
OSV
OSV
added 2026/03/11 5:6 p.m.4 views

SUSE-SU-2026:0872-1 Security update for busybox

This update for busybox fixes the following issues: - CVE-2023-42363: use-after-free vulnerability in xasprintf function in xfuncsprintf.c bsc1217580. - CVE-2023-42364: use-after-free in the awk.c evaluate function bsc1217584. - CVE-2023-42365: use-after-free in the awk.c copyvar function...

7.2CVSS6.2AI score0.02793EPSS
Exploits6References17
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.8 views

PT-2026-24813

Summary Shescapeescape does not escape square-bracket glob syntax for Bash, BusyBox sh, and Dash. Applications that interpolate the return value directly into a shell command string can cause an attacker-controlled value like secret12 to expand into multiple filesystem matches instead of a single...

6.9CVSS5.9AI score0.00214EPSS
Exploits1References11
RedhatCVE
RedhatCVE
added 2026/03/06 7:52 a.m.3 views

CVE-2026-29126

Incorrect permission assignment world-writable file in /etc/udhcpc/default.script in International Data Casting IDC SFX2100 Satellite Receiver allows a local unprivileged attacker to potentially execute arbitrary commands with root privileges local privilege escalation and persistence via...

8.5CVSS6AI score0.00142EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2026/03/05 7:50 a.m.130 views

Kernel-Exploitation

🏆 Ultimate Master Guide: Kernel Exploit Labs Welcome to the b...

6AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.12 views

PT-2026-23122

Name of the Vulnerable Software and Affected Versions IDC SFX2100 Satellite Receiver affected versions not specified Description A misconfiguration involving incorrect permission assignment of a world-writable file, specifically /etc/udhcpc/default.script, exists. This allows a local, unprivilege...

8.5CVSS6AI score0.00142EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2026/03/05 12:0 a.m.6 views

SUSE SLED15 / SLES15 Security Update : busybox (SUSE-SU-2026:0759-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0759-1 advisory. - CVE-2026-26157: Arbitrary file overwrite and potential code execution via incomplete path sanitization...

7CVSS6.2AI score0.00682EPSS
Exploits2References7
OpenVAS
OpenVAS
added 2026/03/05 12:0 a.m.4 views

SUSE: Security Advisory (SUSE-SU-2026:0758-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7CVSS6AI score0.00682EPSS
Exploits2References5
OpenVAS
OpenVAS
added 2026/03/05 12:0 a.m.5 views

openSUSE Security Advisory (SUSE-SU-2026:0758-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7CVSS6AI score0.00682EPSS
Exploits2References5
OSV
OSV
added 2026/03/03 12:16 p.m.2 views

SUSE-SU-2026:0759-1 Security update for busybox

This update for busybox fixes the following issues: - CVE-2026-26157: Arbitrary file overwrite and potential code execution via incomplete path sanitization bsc1258163. - CVE-2026-26158: Arbitrary file modification and privilege escalation via unvalidated tar archive entries bsc1258167...

7CVSS6.3AI score0.00682EPSS
Exploits2References5
SUSE Linux
SUSE Linux
added 2026/03/03 12:16 p.m.4 views

Security update for busybox

This update for busybox fixes the following issues: CVE-2026-26157: Arbitrary file overwrite and potential code execution via incomplete path sanitization bsc1258163. CVE-2026-26158: Arbitrary file modification and privilege escalation via unvalidated tar archive entries bsc1258167. Patch...

7.1CVSS6.3AI score0.00682EPSS
Exploits2References8
OSV
OSV
added 2026/03/03 12:16 p.m.4 views

SUSE-SU-2026:0758-1 Security update for busybox

This update for busybox fixes the following issues: - CVE-2026-26157: Arbitrary file overwrite and potential code execution via incomplete path sanitization bsc1258163. - CVE-2026-26158: Arbitrary file modification and privilege escalation via unvalidated tar archive entries bsc1258167...

7CVSS6.3AI score0.00682EPSS
Exploits2References5
Github Security Blog
Github Security Blog
added 2026/03/02 10:30 p.m.9 views

OpenClaw's exec allow-always can be bypassed via unrecognized multiplexer shell wrappers (busybox/toybox sh -c)

Summary OpenClaw exec approvals could be bypassed in allowlist mode when allow-always was granted through unrecognized multiplexer shell wrappers notably busybox sh -c and toybox sh -c. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.2.22-2 - Latest published vulnerable...

7.1CVSS6AI score0.00333EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/02 10:30 p.m.2 views

GHSA-GWQP-86Q6-W47G OpenClaw's exec allow-always can be bypassed via unrecognized multiplexer shell wrappers (busybox/toybox sh -c)

Summary OpenClaw exec approvals could be bypassed in allowlist mode when allow-always was granted through unrecognized multiplexer shell wrappers notably busybox sh -c and toybox sh -c. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.2.22-2 - Latest published vulnerable...

6.9CVSS6AI score0.00333EPSS
Exploits0References3
Rows per page
Query Builder