Lucene search
K

1574 matches found

OSV
OSV
added 2026/06/03 6:2 p.m.9 views

GHSA-C27G-Q93R-2CWF launch-editor vulnerable to command injection via the crafted request on Windows

Summary Due to the insufficient sanitization of the file argument in the launchEditor, an attacker can execute arbitrary commands on Windows by supplying a filename that contains special characters. Impact If the following conditions are met, an attacker can execute arbitrary commands on the...

7.5CVSS6AI score0.00521EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/03 6:2 p.m.14 views

EUVD-2024-55605

launch-editor vulnerable to command injection via the crafted request on Windows...

7.5CVSS5.8AI score0.00521EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2026/06/03 6:2 p.m.6 views

org.webjars.npm:launch-editor-middleware (=2.2.1) potentially affected by CVE-2024-52011 via org.webjars.npm:launch-editor (=2.2.1)

org.webjars.npm:launch-editor MAVEN version =2.2.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:launch-editor and may be impacted: - org.webjars.npm:launch-editor-middleware =2.2.1 Source cves: CVE-2024-52011 Source advisory:...

8.3CVSS5.4AI score0.00521EPSS
Exploits0
Snyk
Snyk
added 2026/06/03 6:2 p.m.20 views

Arbitrary Command Injection

Overview launch-editor is a launch editor from node.js Affected versions of this package are vulnerable to Arbitrary Command Injection due to improper sanitization of the file argument on Windows systems. An attacker can execute arbitrary commands by supplying a specially crafted filename as the...

8.8CVSS5.9AI score0.00521EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/03 6:2 p.m.34 views

Arbitrary Command Injection

Overview org.webjars.npm:launch-editor is a launch editor from node.js Affected versions of this package are vulnerable to Arbitrary Command Injection due to improper sanitization of the file argument on Windows systems. An attacker can execute arbitrary commands by supplying a specially crafted...

8.8CVSS5.9AI score0.00521EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/03 6:2 p.m.22 views

launch-editor vulnerable to command injection via the crafted request on Windows

Summary Due to the insufficient sanitization of the file argument in the launchEditor, an attacker can execute arbitrary commands on Windows by supplying a filename that contains special characters. Impact If the following conditions are met, an attacker can execute arbitrary commands on the...

8.3CVSS6AI score0.00521EPSS
Exploits0References5Affected Software2
SUSE CVE
SUSE CVE
added 2026/06/03 2:35 a.m.13 views

SUSE CVE-2024-52011

launch-editor allows users to open files with line numbers in editor from Node.js. Prior to version 2.9.0, due to the insufficient sanitization of the file argument in the launchEditor, an attacker can execute arbitrary commands on Windows by supplying a filename that contains special characters...

7.5CVSS6AI score0.00521EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.17 views

PT-2026-46090

Summary Due to the insufficient sanitization of the file argument in the launchEditor, an attacker can execute arbitrary commands on Windows by supplying a filename that contains special characters. Impact If the following conditions are met, an attacker can execute arbitrary commands on the...

7.5CVSS6AI score0.00521EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/02 12:31 a.m.18 views

EUVD-2026-33793

In resumeConfigurationDispatch of ActivityRecord.java, there is a possible background application launch bal due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

5.9AI score0.00082EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/02 12:31 a.m.15 views

EUVD-2025-210011

In multiple locations, there is a possible background activity launch due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

5.9AI score0.00072EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/01 10:25 p.m.15 views

CVE-2024-52011

A flaw was found in launch-editor, a tool that allows users to open files with line numbers in an editor from Node.js. Due to insufficient sanitization of the file argument in the launchEditor function, an attacker can execute arbitrary commands on Windows systems by supplying a filename that...

8.3CVSS5.9AI score0.00521EPSS
Exploits0References5
NVD
NVD
added 2026/06/01 10:16 p.m.13 views

CVE-2026-0099

In onNullBinding of HostEmulationManager.java, there is a possible way to launch an activity from the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

7.8CVSS0.00071EPSS
Exploits0References1
NVD
NVD
added 2026/06/01 10:16 p.m.15 views

CVE-2026-0077

In resumeConfigurationDispatch of ActivityRecord.java, there is a possible background application launch bal due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS0.00082EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/01 9:14 p.m.30 views

CVE-2026-0077

In resumeConfigurationDispatch of ActivityRecord.java, there is a possible background application launch bal due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

0.00082EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/01 9:14 p.m.9 views

CVE-2026-0077

In resumeConfigurationDispatch of ActivityRecord.java, there is a possible background application launch bal due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

5.9AI score0.00082EPSS
Exploits0References1
CVE
CVE
added 2026/06/01 9:14 p.m.36 views

CVE-2026-0077

CVE-2026-0077 is linked to Android’s ActivityRecord.java resumeConfigurationDispatch, where a logic error can trigger a background application launch (bal) and enable local privilege escalation without extra privileges or user interaction. Connected sources (NVD/Red Hat/NCSC EUVD, etc.) confirm t...

7.8CVSS5.9AI score0.00082EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 9:14 p.m.11 views

CVE-2026-0077

In resumeConfigurationDispatch of ActivityRecord.java, there is a possible background application launch bal due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

5.9AI score0.00082EPSS
Exploits0References2
NVD
NVD
added 2026/06/01 7:16 p.m.15 views

CVE-2024-52011

launch-editor allows users to open files with line numbers in editor from Node.js. Prior to version 2.9.0, due to the insufficient sanitization of the file argument in the launchEditor, an attacker can execute arbitrary commands on Windows by supplying a filename that contains special characters...

8.3CVSS0.00521EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/01 5:17 p.m.11 views

CVE-2024-52011 launch-editor vulnerable to command injection via the crafted request on Windows

launch-editor allows users to open files with line numbers in editor from Node.js. Prior to version 2.9.0, due to the insufficient sanitization of the file argument in the launchEditor, an attacker can execute arbitrary commands on Windows by supplying a filename that contains special characters...

7.5CVSS6AI score0.00521EPSS
Exploits0References2
CVE
CVE
added 2026/06/01 5:17 p.m.68 views

CVE-2024-52011

The CVE affects the launch-editor component used with Node.js in vite prior to version 2.9.0, where insufficient sanitization of the file argument in launchEditor allowed an attacker to execute arbitrary commands on Windows by supplying a filename with special characters. The issue is resolved in...

8.3CVSS6AI score0.00521EPSS
Exploits0References6
Rows per page
Query Builder