EUVD-2026-17907

A flaw was found in libinput. A local attacker who can place a specially crafted Lua bytecode file in certain system or user configuration directories can bypass security restrictions. This allows the attacker to run unauthorized code with the same permissions as the program using libinput, such ...

DEBIAN-CVE-2026-35093

A flaw was found in libinput. A local attacker who can place a specially crafted Lua bytecode file in certain system or user configuration directories can bypass security restrictions. This allows the attacker to run unauthorized code with the same permissions as the program using libinput, such ...

CVE-2026-35093 Libinput: libinput: unauthorized code execution and information disclosure through lua bytecode plugins

A flaw was found in libinput. A local attacker who can place a specially crafted Lua bytecode file in certain system or user configuration directories can bypass security restrictions. This allows the attacker to run unauthorized code with the same permissions as the program using libinput, such ...

CVE-2026-35093

A flaw was found in libinput. A local attacker who can place a specially crafted Lua bytecode file in certain system or user configuration directories can bypass security restrictions. This allows the attacker to run unauthorized code with the same permissions as the program using libinput, such ...

libinput 代码注入漏洞

libinput is an open-source library from freedesktop. It provides a complete input stack for applications that need to handle input devices provided by the kernel. There is a code injection vulnerability in libinput. This vulnerability allows local attackers to place specially crafted Lua bytecode...

CVE-2018-25145 Microhard Systems IPn4G 1.1.0 Configuration Disclosure via Authenticated Download

Microhard Systems IPn4G 1.1.0 contains a configuration file disclosure vulnerability that allows authenticated attackers to download sensitive system configuration files. Attackers can retrieve configuration files from multiple directories including '/www', '/etc/mcli/', and '/tmp' to access syst...

BIT-NGINX-AGENT-2024-7634 NGINX Agent Vulnerability

NGINX Agent's "configdirs" restriction feature allows a highly privileged attacker to gain the ability to write/overwrite files outside of the designated secure directory...

The vulnerability of the config_dirs function in the NGINX Agent demon and the NGINX Instance Manager automation platform allows a hacker to write or overwrite any files they desire.

The vulnerability of the configdirs function in the NGINX Agent demon and the NGINX Instance Manager platform relates to the ability to load arbitrary files beyond the expected directory path. Exploiting this vulnerability allows a malicious actor to write or rewrite arbitrary files remotely...

SUSE CVE-2024-7634

NGINX Agent's "configdirs" restriction feature allows a highly privileged attacker to gain the ability to write/overwrite files outside of the designated secure directory...

SUSE CVE-2019-12761

A code injection issue was discovered in PyXDG before 0.26 via crafted Python code in a Category element of a Menu XML document in a .menu file. XDGCONFIGDIRS must be set up to trigger xdg.Menu.parse parsing within the directory containing this file. This is due to a lack of sanitization in...

DEBIAN-CVE-2019-12761

A code injection issue was discovered in PyXDG before 0.26 via crafted Python code in a Category element of a Menu XML document in a .menu file. XDGCONFIGDIRS must be set up to trigger xdg.Menu.parse parsing within the directory containing this file. This is due to a lack of sanitization in...

CVE-2006-0370

Noah Medling RCBlog 1.03 stores the data and config directories under the web root with insufficient access control, which allows remote attackers to view account names and MD5 password hashes...