8074 matches found
[SECURITY] Fedora 43 Update: upower-1.91.3-2.fc43
UPower formerly DeviceKit-power provides a daemon, API and command line tools for managing power devices attached to the system...
CVE-2026-5801
Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in Semtek Informatics Software Consulting Trade Ltd. Co. SEM-PMP allows Command Line Execution through SQL Injection. This issue affects SEM-PMP: through 23042026...
CVE-2026-5801
SEM-PMP (Semtek Informatics Software Consulting Trade Ltd. Co.) is affected by CVE-2026-5801 due to improper neutralization of special elements in SQL commands, enabling SQL injection that can lead to Command Line Execution. The vulnerability is rated CVSS v3.1 base score 9.8 (CRITICAL) with netw...
EUVD-2026-42972
Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in Semtek Informatics Software Consulting Trade Ltd. Co. SEM-PMP allows Command Line Execution through SQL Injection. This issue affects SEM-PMP: through 23042026...
CVE-2026-5801 SQLi in Semtek Informatics' SEM-PMP
Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in Semtek Informatics Software Consulting Trade Ltd. Co. SEM-PMP allows Command Line Execution through SQL Injection. This issue affects SEM-PMP: through 23042026...
CVE-2026-53449 Coturn: Arbitrary File Write via CLI psd Command
Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.13.0, the psd print sessions dump CLI command in coturn takes a filename argument and directly passes it to fopen with no path validation. An authenticated admin with CLI access can overwrite arbitrary files writable ...
CVE-2026-54000
osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. Prior to 5.23.1, on Windows, a local unprivileged attacker can cause a heap buffer out-of-bounds write if there is a query of the processes table targeting a maliciously crafted process, due to uncheck...
EUVD-2026-42919
osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. Prior to 5.23.1, on Windows, a local unprivileged attacker can cause a heap buffer out-of-bounds write if there is a query of the processes table targeting a maliciously crafted process, due to uncheck...
CVE-2026-0286
A command injection vulnerability in the management plane of Palo Alto Networks PAN-OS® software enables an authenticated administrator to execute arbitrary OS commands as root. The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of...
Important: Red Hat Security Advisory: RHTAS 1.4 - GA Release of Model Transparency 1.0.2
The GA release of the RHTAS Model Transparency CLI image. For more details please visit the product documentation at https://access.redhat.com/documentation/en-us/redhattrustedartifactsigner/1.4 The RHTAS Model Transparency CLI image can be used to sign and verify AI/ML workloads...
CVE-2026-33390
An Incorrect Privilege Assignment vulnerability was discovered in the synchronization functionality due to Arc sensors receiving CLI permissions. An authenticated user with limited privileges can push administrative CLI commands through the sync, altering the device configuration, and/or affectin...
CVE-2026-47828
During bosh create-env and bosh delete-env, the CLI uploads compiled CPI packages and rendered job templates to the new VM's DAV blobstore over HTTPS without verifying the server certificate, even though a CA certificate for that endpoint is available in the installation manifest. A network...
EUVD-2026-42515
Argument Injection in bosh-cli allows a compromised BOSH Director to inject arbitrary OpenSSH options into the locally-spawned ssh process when an operator runs bosh ssh -c, bosh logs -f, or other non-interactive SSH paths, leading to local command execution on the operator's workstation. Affecte...
EUVD-2026-42514
During bosh create-env and bosh delete-env, the CLI uploads compiled CPI packages and rendered job templates to the new VM's DAV blobstore over HTTPS without verifying the server certificate, even though a CA certificate for that endpoint is available in the installation manifest. A network...
CVE-2026-47828
The CVE affects bosh-cli versions prior to 7.10.4. During bosh create-env/delete-env, the CLI uploads CPI packages and rendered job templates to the VM’s DAV blobstore over HTTPS without verifying the server certificate, despite a CA certificate being present in the manifest. This enables a netwo...
CVE-2026-47826
CVE-2026-47826 is a directory traversal vulnerability in the BOSH CLI (blobs.yaml path). Affected are BOSH CLI versions before v7.10.4; exploitation can allow an attacker to write arbitrary files and exfiltrate sensitive data via crafted input in blobs.yaml. Connected advisories from Snyk describ...
CVE-2026-41857
CVE-2026-41857 affects BOSH CLI prior to 7.10.5. A compromised (malicious) BOSH Director can cause arbitrary shell commands to run on the operator’s workstation when using bosh ssh, bosh scp, or bosh logs -f with default flags. Impact is high (confidentiality, integrity, availability). Mitigation...
[SECURITY] Fedora 44 Update: upower-1.91.3-1.fc44
UPower formerly DeviceKit-power provides a daemon, API and command line tools for managing power devices attached to the system...
MAL-2026-7021 Malicious code in @vite-js/ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 476576198de86a58304788ac79ac3c8ca21b5029d9e824e3ffab41f539146c3b Package @vite-js/ui impersonates the official vite package: package.json declares author 'Evan You', homepage 'https://vitejs.dev', ships an unmodifi...
Important: Red Hat Security Advisory: RHTAS 1.4.2 - CLI Stack Release
The 1.4.2 release of the RHTAS CLIs. For more details please visit the product documentation at https://access.redhat.com/documentation/en-us/redhattrustedartifactsigner/1.4 The RHTAS CLI Stack images for RHTAS 1.4.2...