1576 matches found
CVE-2024-52011 launch-editor vulnerable to command injection via the crafted request on Windows
launch-editor allows users to open files with line numbers in editor from Node.js. Prior to version 2.9.0, due to the insufficient sanitization of the file argument in the launchEditor, an attacker can execute arbitrary commands on Windows by supplying a filename that contains special characters...
CVE-2024-52011
The CVE affects the launch-editor component used with Node.js in vite prior to version 2.9.0, where insufficient sanitization of the file argument in launchEditor allowed an attacker to execute arbitrary commands on Windows by supplying a filename with special characters. The issue is resolved in...
CVE-2024-52011 launch-editor vulnerable to command injection via the crafted request on Windows
launch-editor allows users to open files with line numbers in editor from Node.js. Prior to version 2.9.0, due to the insufficient sanitization of the file argument in the launchEditor, an attacker can execute arbitrary commands on Windows by supplying a filename that contains special characters...
CVE-2026-53632
creationtimestamp| type| source ---|---|--- 2026-06-01 13:32:41+00:00| published-proof-of-concept| https://github.com/vitejs/launch-editor/security/advisories/GHSA-v6wh-96g9-6wx3...
MAL-2026-5162 Malicious code in nrwl.angular-console (VSCode:https://open-vsx.org)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 12636eadc931d19fc68ca6d30f5397404c6b782a67537c770c944ed9337a4125 The compromised version of the Nx Console VS Code extension contains malicious code injected into its main execution file. When a develope...
MAL-2026-5161 Malicious code in nrwl.angular-console (VSCode)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 12636eadc931d19fc68ca6d30f5397404c6b782a67537c770c944ed9337a4125 The compromised version of the Nx Console VS Code extension contains malicious code injected into its main execution file. When a develope...
Malicious code in nrwl.angular-console (VSCode)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 12636eadc931d19fc68ca6d30f5397404c6b782a67537c770c944ed9337a4125 The compromised version of the Nx Console VS Code extension contains malicious code injected into its main execution file. When a develope...
Google Android 安全漏洞
Google Android is an open-source operating system based on Linux, developed by Google Inc. There is a security vulnerability in Google Android, which stems from the getCallingPackageName function in Shared.java code. This function contains obfuscation, potentially allowing bypass of activity laun...
launch-editor 命令注入漏洞
Launch-editor is a Vite open-source tool that allows opening an editor from Node.js and navigating to a specified row and column. Versions of Launch-editor prior to 2.9.0 had a command injection vulnerability. This vulnerability stemmed from insufficient cleanup of the file parameter, which could...
PT-2026-45495
Name of the Vulnerable Software and Affected Versions launch-editor versions prior to 2.9.0 vite versions prior to 5.4.9 Description Insufficient sanitization of the file argument in the launchEditor function allows an attacker to execute arbitrary commands on Windows systems by providing a...
ASB-A-467082881
In resumeConfigurationDispatch of ActivityRecord.java, there is a possible background application launch bal due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2026-49237 Local Privilege Escalation in Canonical Multipass
An issue was discovered in Canonical Multipass for macOS before version 1.16.3 due to an incomplete fix for CVE-2025-5199. While the patch in version 1.16.0 updated the ownership of the multipassd daemon binary to root:wheel, five co-located binaries multipass, qemu-img, qemu-system-aarch64,...
EUVD-2026-32900
An issue was discovered in Canonical Multipass for macOS before version 1.16.3 due to an incomplete fix for CVE-2025-5199. While the patch in version 1.16.0 updated the ownership of the multipassd daemon binary to root:wheel, five co-located binaries multipass, qemu-img, qemu-system-aarch64,...
CVE-2026-49237
An issue was discovered in Canonical Multipass for macOS before version 1.16.3 due to an incomplete fix for CVE-2025-5199. While the patch in version 1.16.0 updated the ownership of the multipassd daemon binary to root:wheel, five co-located binaries multipass, qemu-img, qemu-system-aarch64,...
MAL-2026-4345 Malicious code in eo-terminal (npm)
Part of a multi-package malicious campaign by npm author toskypi, eo-terminal is a fully-featured infostealer and remote access trojan RAT disguised as "terminal changelog logger utilities." The package README describes a completely different package terminal-logger-utils, indicating a...
MAL-2026-4572 Malicious code in get-package-lint (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 383f22ab2e1e8bbb44a44fa3828710f476947837d0b38aa9266eafcbf9959261 Package name typosquats the popular get-package-type and reuses its README/exports verbatim, but adds "postinstall": "node utils.cjs" in package.json...
Malicious code in get-package-lint (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 383f22ab2e1e8bbb44a44fa3828710f476947837d0b38aa9266eafcbf9959261 Package name typosquats the popular get-package-type and reuses its README/exports verbatim, but adds "postinstall": "node utils.cjs" in package.json...
Malicious code in http-uploader-dev (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 936024fb65d6ab06a1f01fcd765b534812efb873f076e81303d87c0b141bba2b package.json declares "preinstall": "bun run index.js", which on npm install invokes Bun to run index.js. index.js detects the host OS and shells out...
MAL-2026-4580 Malicious code in http-uploader-dev (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 936024fb65d6ab06a1f01fcd765b534812efb873f076e81303d87c0b141bba2b package.json declares "preinstall": "bun run index.js", which on npm install invokes Bun to run index.js. index.js detects the host OS and shells out...
Astra Linux – Vulnerability in virglrenderer
A NULL pointer dereferencing in the vrendrenderer.c file of virglrenderer during versions 0.8.1 allows attackers to cause a denial of service by using commands that attempt to launch a grid without first providing a Compute Shader CS...