25101 matches found
Deno 操作系统命令注入漏洞
Deno is a simple, modern, and secure JavaScript and TypeScript runtime environment developed by Deno itself. Version 2.7.0 to 2.7.1 of Deno contains a vulnerability related to operating system command injection. This vulnerability stems from a command injection issue within the node:childprocess...
CVE-2026-3930
Unsafe navigation in Navigation in Google Chrome on iOS prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium...
EUVD-2026-11305
RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things IoT devices and other embedded devices. In 2026.01 and earlier, the default handler for the wellknowncore resource coapwellknowncoredefaulthandler writes user-provided option data and...
CVE-2026-27703
RIOT OS contains a vulnerability in the default handler for the well_known_core resource (coap_well_known_core_default_handler). In 2026.01 and earlier, it writes user-provided option data and other data into a fixed-size buffer without validating the destination size, enabling an out-of-bounds w...
CVE-2026-27703 RIOT has an Out-of-Bounds Write in nanoCoAP Handler
RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things IoT devices and other embedded devices. In 2026.01 and earlier, the default handler for the wellknowncore resource coapwellknowncoredefaulthandler writes user-provided option data and...
CVE-2026-0230
A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on macOS allows a local administrator to disable the agent. This issue could be leveraged by malware to perform malicious activity without detection...
CVE-2026-0230 Cortex XDR Agent: Local Administrator can disable the agent on macOS
A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on macOS allows a local administrator to disable the agent. This issue could be leveraged by malware to perform malicious activity without detection...
CVE-2026-0230
CVE-2026-0230 affects the Palo Alto Networks Cortex XDR agent on macOS. A flaw in the agent’s protection mechanism lets a local administrator disable the agent, potentially enabling malware to operate without detection. The exposure is local (vector: LOCAL) with high privileges required (PR:H) an...
CVE-2026-0230 Cortex XDR Agent: Local Administrator can disable the agent on macOS
A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on macOS allows a local administrator to disable the agent. This issue could be leveraged by malware to perform malicious activity without detection...
CVE-2026-31861 Shell Command Injection in Git Routes [CloudCLI UI]
Cloud CLI aka Claude Code UI is a desktop and mobile UI for Claude Code, Cursor CLI, Codex, and Gemini-CLI. Prior to 1.24.0, The /api/user/git-config endpoint constructs shell commands by interpolating user-supplied gitName and gitEmail values into command strings passed to childprocess.exec. The...
CVE-2026-31861
CVE-2026-31861 affects Cloud CLI (Claude Code UI). The /api/user/git-config endpoint interpolates user-supplied gitName/gitEmail into shell commands executed via child_process.exec(), placing input inside double quotes with only " escaped. Bash will still interpret backticks, $() substitutions, a...
CVE-2026-20040
A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI...
CVE-2026-20046 Cisco IOS XR Software CLI Privilege Escalation Vulnerability
A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local attacker to elevate privileges and gain full administrative control of an affected device. This vulnerability is due to incorrect mapping of a command to task groups...
CVE-2026-20040
The vulnerability CVE-2026-20040 affects Cisco IOS XR Software CLI. It stems from insufficient validation of user arguments passed to specific CLI commands, allowing an authenticated, low-privilege attacker to elevate privileges to root and execute arbitrary commands on the underlying OS. The iss...
CVE-2026-20040 Cisco IOS XR Software CLI Privilege Escalation Vulnerability
A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI...
CVE-2026-3843
Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 on Linux contains a SQL Injection vulnerability CWE-89 in the system configuration module. A remote attacker can send specially crafted HTTP POST requests to the /php/request.php endpoint via the sql parameter in...
OPENSUSE-SU-2026:20342-1 Security update for go1.26
This update for go1.26 fixes the following issues: Changes in go1.26: go1.26.1 released 2026-03-05 includes security fixes to the crypto/x509, html/template, net/url, and os packages, as well as bug fixes to the go command, the go fix command, the compiler, and the os and reflect packages...
CVE-2024-14026
A command injection vulnerability has been reported to affect several QNAP operating system versions. If an attacker gains local network access who have also gained a user account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in th...
CVE-2024-14026
A command injection vulnerability has been reported to affect several QNAP operating system versions. If an attacker gains local network access who have also gained a user account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in th...
CVE-2024-14026
A command injection vulnerability has been reported to affect several QNAP operating system versions. If an attacker gains local network access who have also gained a user account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in th...