Lucene search
K

1576 matches found

Vulnrichment
Vulnrichment
added 2026/06/01 5:17 p.m.11 views

CVE-2024-52011 launch-editor vulnerable to command injection via the crafted request on Windows

launch-editor allows users to open files with line numbers in editor from Node.js. Prior to version 2.9.0, due to the insufficient sanitization of the file argument in the launchEditor, an attacker can execute arbitrary commands on Windows by supplying a filename that contains special characters...

7.5CVSS6AI score0.00521EPSS
Exploits0References2
CVE
CVE
added 2026/06/01 5:17 p.m.69 views

CVE-2024-52011

The CVE affects the launch-editor component used with Node.js in vite prior to version 2.9.0, where insufficient sanitization of the file argument in launchEditor allowed an attacker to execute arbitrary commands on Windows by supplying a filename with special characters. The issue is resolved in...

8.3CVSS6AI score0.00521EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/01 5:17 p.m.32 views

CVE-2024-52011 launch-editor vulnerable to command injection via the crafted request on Windows

launch-editor allows users to open files with line numbers in editor from Node.js. Prior to version 2.9.0, due to the insufficient sanitization of the file argument in the launchEditor, an attacker can execute arbitrary commands on Windows by supplying a filename that contains special characters...

7.5CVSS0.00521EPSS
Exploits0References2
Circl
Circl
added 2026/06/01 1:32 p.m.8 views

CVE-2026-53632

creationtimestamp| type| source ---|---|--- 2026-06-01 13:32:41+00:00| published-proof-of-concept| https://github.com/vitejs/launch-editor/security/advisories/GHSA-v6wh-96g9-6wx3...

5.5CVSS5AI score0.00322EPSS
Exploits0References1
OSV
OSV
added 2026/06/01 7:40 a.m.12 views

MAL-2026-5162 Malicious code in nrwl.angular-console (VSCode:https://open-vsx.org)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 12636eadc931d19fc68ca6d30f5397404c6b782a67537c770c944ed9337a4125 The compromised version of the Nx Console VS Code extension contains malicious code injected into its main execution file. When a develope...

6.1AI score
Exploits0References4
OSV
OSV
added 2026/06/01 7:40 a.m.12 views

MAL-2026-5161 Malicious code in nrwl.angular-console (VSCode)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 12636eadc931d19fc68ca6d30f5397404c6b782a67537c770c944ed9337a4125 The compromised version of the Nx Console VS Code extension contains malicious code injected into its main execution file. When a develope...

6.1AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/01 7:40 a.m.14 views

Malicious code in nrwl.angular-console (VSCode)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 12636eadc931d19fc68ca6d30f5397404c6b782a67537c770c944ed9337a4125 The compromised version of the Nx Console VS Code extension contains malicious code injected into its main execution file. When a develope...

6.1AI score
Exploits0References4
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.11 views

Google Android 安全漏洞

Google Android is an open-source operating system based on Linux, developed by Google Inc. There is a security vulnerability in Google Android, which stems from the getCallingPackageName function in Shared.java code. This function contains obfuscation, potentially allowing bypass of activity laun...

7.8CVSS5.6AI score0.00068EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.10 views

launch-editor 命令注入漏洞

Launch-editor is a Vite open-source tool that allows opening an editor from Node.js and navigating to a specified row and column. Versions of Launch-editor prior to 2.9.0 had a command injection vulnerability. This vulnerability stemmed from insufficient cleanup of the file parameter, which could...

8.3CVSS5.8AI score0.00521EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.15 views

PT-2026-45495

Name of the Vulnerable Software and Affected Versions launch-editor versions prior to 2.9.0 vite versions prior to 5.4.9 Description Insufficient sanitization of the file argument in the launchEditor function allows an attacker to execute arbitrary commands on Windows systems by providing a...

8.3CVSS6.1AI score0.00521EPSS
Exploits0References12
OSV
OSV
added 2026/06/01 12:0 a.m.14 views

ASB-A-467082881

In resumeConfigurationDispatch of ActivityRecord.java, there is a possible background application launch bal due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS5.9AI score0.00082EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/28 1:22 p.m.11 views

CVE-2026-49237 Local Privilege Escalation in Canonical Multipass

An issue was discovered in Canonical Multipass for macOS before version 1.16.3 due to an incomplete fix for CVE-2025-5199. While the patch in version 1.16.0 updated the ownership of the multipassd daemon binary to root:wheel, five co-located binaries multipass, qemu-img, qemu-system-aarch64,...

7.8CVSS6AI score0.00141EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/28 1:22 p.m.20 views

EUVD-2026-32900

An issue was discovered in Canonical Multipass for macOS before version 1.16.3 due to an incomplete fix for CVE-2025-5199. While the patch in version 1.16.0 updated the ownership of the multipassd daemon binary to root:wheel, five co-located binaries multipass, qemu-img, qemu-system-aarch64,...

7.8CVSS6AI score0.0015EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2026/05/28 1:22 p.m.13 views

CVE-2026-49237

An issue was discovered in Canonical Multipass for macOS before version 1.16.3 due to an incomplete fix for CVE-2025-5199. While the patch in version 1.16.0 updated the ownership of the multipassd daemon binary to root:wheel, five co-located binaries multipass, qemu-img, qemu-system-aarch64,...

7.8CVSS6AI score0.0015EPSS
Exploits2References2
OSV
OSV
added 2026/05/22 2:23 p.m.13 views

MAL-2026-4345 Malicious code in eo-terminal (npm)

Part of a multi-package malicious campaign by npm author toskypi, eo-terminal is a fully-featured infostealer and remote access trojan RAT disguised as "terminal changelog logger utilities." The package README describes a completely different package terminal-logger-utils, indicating a...

6AI score
Exploits0References4
OSV
OSV
added 2026/05/22 7:15 a.m.8 views

MAL-2026-4572 Malicious code in get-package-lint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 383f22ab2e1e8bbb44a44fa3828710f476947837d0b38aa9266eafcbf9959261 Package name typosquats the popular get-package-type and reuses its README/exports verbatim, but adds "postinstall": "node utils.cjs" in package.json...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/22 7:15 a.m.13 views

Malicious code in get-package-lint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 383f22ab2e1e8bbb44a44fa3828710f476947837d0b38aa9266eafcbf9959261 Package name typosquats the popular get-package-type and reuses its README/exports verbatim, but adds "postinstall": "node utils.cjs" in package.json...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/21 9:6 a.m.11 views

Malicious code in http-uploader-dev (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 936024fb65d6ab06a1f01fcd765b534812efb873f076e81303d87c0b141bba2b package.json declares "preinstall": "bun run index.js", which on npm install invokes Bun to run index.js. index.js detects the host OS and shells out...

6.2AI score
Exploits0References8
OSV
OSV
added 2026/05/21 9:6 a.m.9 views

MAL-2026-4580 Malicious code in http-uploader-dev (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 936024fb65d6ab06a1f01fcd765b534812efb873f076e81303d87c0b141bba2b package.json declares "preinstall": "bun run index.js", which on npm install invokes Bun to run index.js. index.js detects the host OS and shells out...

6.2AI score
Exploits0References8
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in virglrenderer

A NULL pointer dereferencing in the vrendrenderer.c file of virglrenderer during versions 0.8.1 allows attackers to cause a denial of service by using commands that attempt to launch a grid without first providing a Compute Shader CS...

5.5CVSS6.3AI score0.00342EPSS
Exploits0References2
Rows per page
Query Builder