62 matches found
SUSE CVE-2026-45982
In the Linux kernel, the following vulnerability has been resolved: ACPICA: Fix NULL pointer dereference in acpievaddressspacedispatch Cover a missed execution path with a new check...
CVE-2026-41256
jq is a command-line JSON processor. In 1.8.1 and earlier, Top-level jq programs loaded from a file with -f are truncated at the first embedded NUL byte on current upstream HEAD. A crafted filter file such as . followed by \x00 and arbitrary suffix compiles and executes as only the prefix before...
CVE-2026-34426
OpenClaw is affected in versions prior to commit b57b680, due to inconsistent environment variable normalization between approval and execution paths. This allows attackers to inject attacker-controlled environment variables into execution without proper approval validation, by exploiting differi...
CVE-2026-34426 OpenClaw - Approval Bypass via Environment Variable Normalization
OpenClaw versions prior to commit b57b680 contain an approval bypass vulnerability due to inconsistent environment variable normalization between approval and execution paths, allowing attackers to inject attacker-controlled environment variables into execution without approval system validation...
CVE-2025-67906
In MISP before 2.5.28, app/View/Elements/Workflows/executionPath.ctp allows XSS in the workflow execution path...
EUVD-2025-203326
In MISP before 2.5.28, app/View/Elements/Workflows/executionPath.ctp allows XSS in the workflow execution path...
CVE-2025-67906
In MISP before 2.5.28, app/View/Elements/Workflows/executionPath.ctp allows XSS in the workflow execution path...
PT-2025-51190
Name of the Vulnerable Software and Affected Versions MISP versions prior to 2.5.28 Description The software contains a flaw in the workflow execution path due to improper handling of user-supplied data. Specifically, the executionPath.ctp element within the application allows for Cross-Site...
PT-2026-2534
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the drm/xe subsystem related to handling the num syncs parameter in the exec and vm bind ioctl calls. Without proper bounds checking, a large num...
FACTION 安全漏洞
Faction is an open source pen inspection report generation and evaluation collaboration framework from Faction Security. A security vulnerability exists in FACTION versions prior to 1.7.1 that stems from an extension execution path that allows untrusted extension code to execute arbitrary system...
EUVD-2004-1388
Malware in sbrugna...
EUVD-2004-1260
Malware in sbrugna...
EUVD-2017-2354
Malware in sbrugna...
EUVD-2004-1026
Malware in sbrugna...
EUVD-2004-0157
Malware in sbrugna...
EUVD-2021-9929
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2020-19824
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue in MPV v.0.29.1 fixed in v0.30 allows attackers to execute arbitrary code and crash program via the aoc parameter. CVE-2020-19824 Note that Nessus reli...
CVE-2025-38658
In the Linux kernel, the following vulnerability has been resolved: nvmet: pci-epf: Do not complete commands twice if nvmetreqinit fails Have nvmetreqinit and req-execute complete failed commands. Description of the problem: nvmetreqinit calls nvmetreqcomplete internally upon failure, e.g.,...
CVE-2025-34040
An arbitrary file upload vulnerability exists in the Zhiyuan OA platform via the wpsAssistServlet interface. The realFileType and fileId parameters are improperly validated during multipart file uploads, allowing unauthenticated attackers to upload crafted JSP files outside of intended directorie...
CVE-2025-46783
CVE-2025-46783 affects RICOH Streamline NX V3 PC Client, versions 3.5.0–3.242.0. The issue is a path traversal flaw that could allow arbitrary code execution on the client by tampering with specific files used by the product. Connected sources corroborate the vulnerable range and the potential fo...