Astra Linux – Vulnerability in Ruby 2.5

REXML is an XML toolkit for Ruby. The REXML gem version 3.3.2 has a DoS vulnerability when it parses an XML document that contains many entity expansions using SAX2 or the pull parser API. The REXML gem versions 3.3.3 and later include a patch to fix this vulnerability...

CVE-2026-33750

A flaw was found in the brace-expansion library, a component used for generating strings based on patterns. A remote attacker could exploit this vulnerability by providing a specially crafted brace pattern that includes a zero step value. This malicious input causes the library's sequence...

CVE-2026-29783

The shell tool within GitHub Copilot CLI versions prior to and including 0.0.422 can allow arbitrary code execution through crafted bash parameter expansion patterns. An attacker who can influence the commands executed by the agent e.g., via prompt injection through repository files, MCP server...

Command Injection

Overview @github/copilot is a GitHub Copilot CLI brings the power of Copilot coding agent directly to your terminal. Affected versions of this package are vulnerable to Command Injection via crafted bash parameter expansion patterns in the shell command assessment process. An attacker can execute...

CVE-2026-29783 GitHub Copilot CLI allows for dangerous shell expansion patterns that enable arbitrary command execution

The shell tool within GitHub Copilot CLI versions prior to and including 0.0.422 can allow arbitrary code execution through crafted bash parameter expansion patterns. An attacker who can influence the commands executed by the agent e.g., via prompt injection through repository files, MCP server...

CVE-2026-29783

The shell tool within GitHub Copilot CLI versions prior to and including 0.0.422 can allow arbitrary code execution through crafted bash parameter expansion patterns. An attacker who can influence the commands executed by the agent e.g., via prompt injection through repository files, MCP server...

CVE-2026-29783

The CVE concerns GitHub Copilot CLI shell tool pre-0.0.423. Affected: Copilot CLI versions up to and including 0.0.422. Issue: the shell safety assessment misclassifies certain bash parameter expansion patterns as read-only, allowing arbitrary code execution when an attacker can influence the com...

CVE-2026-29783 GitHub Copilot CLI allows for dangerous shell expansion patterns that enable arbitrary command execution

The shell tool within GitHub Copilot CLI versions prior to and including 0.0.422 can allow arbitrary code execution through crafted bash parameter expansion patterns. An attacker who can influence the commands executed by the agent e.g., via prompt injection through repository files, MCP server...

PT-2026-23732

Name of the Vulnerable Software and Affected Versions GitHub Copilot CLI versions prior to 0.0.423 Description The shell tool within GitHub Copilot CLI is susceptible to arbitrary code execution through crafted bash parameter expansion patterns. An attacker influencing commands executed by the...

Azure Linux 3.0 Security Update: ruby / rubygem-rexml (CVE-2024-41946)

The version of ruby / rubygem-rexml installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-41946 advisory. - REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses a...

Engel P-Adic Isogeny-Based Cryptography over Laurent Series: Foundations, Security, and an ESP32 Implementation

Securing the Internet of Things IoT against quantum attacks requires public-key cryptography that i remains compact and ii runs efficiently on microcontrollers, capabilities many post-quantum PQ schemes lack due to large keys and heavy arithmetic. We address both constraints simultaneously with, ...

EUVD-2006-6152

Malware in sbrugna...

GHSA-VXMW-7H4F-HQXH PyPI publish GitHub Action vulnerable to injectable expression expansions in action steps

Summary gh-action-pypi-publish makes use of GitHub Actions expression expansions i.e. $ ... in contexts that are potentially attacker controllable. Depending on the trigger used to invoke gh-action-pypi-publish, this may allow an attacker to execute arbitrary code within the context of a workflow...

CVE-2025-0617

An attacker with access to an HX 10.0.0 and previous versions, may send specially-crafted data to the HX console. The malicious detection would then trigger file parsing containing exponential entity expansions in the consumer process thus causing a Denial of Service...

CLSA-2025-1746653856 ruby: Fix of 2 CVEs

upgrade rexml version to 3.3.3 - CVE-2024-41946: fix DoS vulnerability when parsing many entity expansions with SAX2 or pull parser API - CVE-2024-41123: fix DoS vulnerability when parsing XML with specific characters...

rexml: DoS vulnerability in REXML

A flaw was found in the REXML package. Reading an XML file that contains many entity expansions may lead to a denial of service due to resource starvation. An attacker can use this flaw to trick a user into processing an untrusted XML file...

rexml: DoS vulnerability in REXML

A flaw was found in the REXML package. Reading an XML file that contains many entity expansions may lead to a denial of service due to resource starvation. An attacker can use this flaw to trick a user into processing an untrusted XML file...

PT-2025-3984 · Hx · Hx

Name of the Vulnerable Software and Affected Versions: HX versions 10.0.0 and earlier Description: An attacker with access to the vulnerable software may send specially-crafted data to the HX console. The malicious detection would then trigger file parsing containing exponential entity expansions...

rexml: DoS vulnerability in REXML

A flaw was found in the REXML package. Reading an XML file that contains many entity expansions may lead to a denial of service due to resource starvation. An attacker can use this flaw to trick a user into processing an untrusted XML file...

rexml: DoS vulnerability in REXML

A flaw was found in the REXML package. Reading an XML file that contains many entity expansions may lead to a denial of service due to resource starvation. An attacker can use this flaw to trick a user into processing an untrusted XML file...