CVE-2026-42890

CVE-2026-42890 affects the macOS desktop application Actual (version 25.x, Electron 39.2.7). The ELECTRON_RUN_AS_NODE fuse was not disabled, allowing a local attacker who can place a file on disk or influence command-line arguments to invoke Actual.app with ELECTRON_RUN_AS_NODE=1. This converts t...

Debian dsa-6300 : node-shell-quote - security update

The remote Debian 12 / 13 host has a package installed that is affected by a vulnerability as referenced in the dsa-6300 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6300-1 [email protected] https://www.debian.org/security/...

EUVD-2025-176475

Malicious code in sed-node-shell-long-authorize npm...

The vulnerability of a node’s shell for the `curl` command, related to the failure to eliminate special elements used in operating system commands, allows a perpetrator to execute arbitrary commands.

The vulnerability of a node’s command-line interface for the curl command relates to the failure to address the special elements used in operating system commands. Exploiting this vulnerability allows an attacker who operates remotely to execute arbitrary commands...