CVE-2026-22718

The VSCode extension for Spring CLI are vulnerable to command injection, resulting in command execution on the users machine...

Malicious website can execute commands on the local system through XSS in the OpenCode web UI

Summary A malicious website can abuse the server URL override feature of the OpenCode web UI to achieve cross-site scripting on http://localhost:4096. From there, it is possible to run arbitrary commands on the local system using the /pty/ endpoints provided by the OpenCode API. Code execution vi...

CVE-2026-22813 Malicious website can execute commands on the local system through XSS in the OpenCode web UI

OpenCode is an open source AI coding agent. The markdown renderer used for LLM responses will insert arbitrary HTML into the DOM. There is no sanitization with DOMPurify or even a CSP on the web interface to prevent JavaScript execution via HTML injection. This means controlling the LLM response...

CVE-2026-22813

The CVE-2026-22813 issue affects OpenCode, where the markdown renderer for LLM responses does not sanitize HTML, allowing arbitrary HTML/JavaScript to run in the OpenCode web UI at http://localhost:4096. The root cause is lack of DOM sanitization and CSP, enabling XSS that can leverage the localh...

CVE-2026-22813 Malicious website can execute commands on the local system through XSS in the OpenCode web UI

OpenCode is an open source AI coding agent. The markdown renderer used for LLM responses will insert arbitrary HTML into the DOM. There is no sanitization with DOMPurify or even a CSP on the web interface to prevent JavaScript execution via HTML injection. This means controlling the LLM response...

CVE-2020-10049

A vulnerability has been identified in SIMATIC RTLS Locating Manager All versions V2.10.2. The start-stop scripts for the services of the affected application could allow a local attacker to include arbitrary commands that are executed when services are started or stopped interactively by system...

CVE-1999-0689

The CDE dtspcd daemon allows local users to execute arbitrary commands via a symlink attack...

CVE-2025-2296

A flaw was found in EDK2 EFI Development Kit 2. This vulnerability allows an attacker to cause arbitrary command execution and impact Confidentiality, Integrity, and Availability via improper input validation by local access. Mitigation To reduce the risk by disabling direct-boot mode, ensuring a...

Plugin Alliance Installation Manager 安全漏洞

Plugin Alliance Installation Manager is a plugin manager from US-based Plugin Alliance. A security vulnerability exists in Plugin Alliance Installation Manager version v1.4.0 that originates when the InstallationHelper service accepts an unauthenticated XPC connection, which could lead to the...

Fortinet Fortigate Restricted CLI command bypass (FG-IR-24-361)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-361 advisory. - An Incorrect Provision of Specified Functionality vulnerability CWE-684 in FortiOS 7.6.0, 7.4.0 through 7.4.5, 7.2.5 throug...

EUVD-2025-34246

An Incorrect Provision of Specified Functionality vulnerability CWE-684 in FortiOS 7.6.0, 7.4.0 through 7.4.5, 7.2.5 through 7.2.10, 7.0.0 through 7.0.15, 6.4 all versions may allow a local authenticated attacker to execute system commands via crafted CLI commands...

CVE-2025-58325

CVE-2025-58325 describes an issue in FortiOS where a local, authenticated attacker can execute system commands via crafted CLI commands. Affected firmware includes FortiOS 7.6.0 and 7.4.0–7.4.5, 7.2.5–7.2.10, 7.0.0–7.0.15, and all 6.4 versions. The vulnerability is categorized as CWE-684 (Incorre...

CVE-2025-36565

Dell PowerProtect Data Domain with Data Domain Operating System DD OS of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Argument Delimiters in a...

EUVD-2000-0905

Malware in sbrugna...

EUVD-2006-1830

Malware in sbrugna...

EUVD-2006-4995

Malware in sbrugna...

EUVD-2001-0111

Malware in sbrugna...

EUVD-2005-4662

Malware in sbrugna...

EUVD-2004-0151

Malware in sbrugna...

EUVD-2008-5886

Malware in sbrugna...