132 matches found
CVE-2026-42853
ApostropheCMS is an open-source Node.js content management system. Versions of the @apostrophecms/cli package up to and including 3.6.0 contain a command injection vulnerability in the apos create command. User-supplied input from the password prompt is embedded directly into a shell command...
EUVD-2026-36565
ApostropheCMS is an open-source Node.js content management system. Versions of the @apostrophecms/cli package up to and including 3.6.0 contain a command injection vulnerability in the apos create command. User-supplied input from the password prompt is embedded directly into a shell command...
CVE-2026-42853 @apostrophecms/cli: Command Injection in apos create via Unsanitized Password Input
ApostropheCMS is an open-source Node.js content management system. Versions of the @apostrophecms/cli package up to and including 3.6.0 contain a command injection vulnerability in the apos create command. User-supplied input from the password prompt is embedded directly into a shell command...
Command Injection
Overview @apostrophecms/cli is a Commandline generator and configurator for Apostrophe CMS Affected versions of this package are vulnerable to Command Injection via the apos create command when user-supplied input from the password prompt is embedded directly into a shell command without proper...
GHSA-HCWQ-X9FW-8CFQ @apostrophecms/cli: Command Injection in apos create via Unsanitized Password Input
Summary The @apostrophecms/cli package contains a command injection vulnerability in the apos create command. User-supplied input from the password prompt is embedded directly into a shell command without proper sanitization or escaping. This allows execution of arbitrary commands on the host...
PT-2026-41135
Name of the Vulnerable Software and Affected Versions @apostrophecms/cli versions prior to 3.6.1 Description The @apostrophecms/cli package contains a command injection issue within the apos create command. User-supplied input provided during the password prompt is embedded directly into a shell...
MiracleLinux 7 : gvfs-1.36.2-3.el7 (AXSA:2019-4036:01)
The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2019-4036:01 advisory. gvfs: Incorrect authorization in admin backend allows privileged users to read and modify arbitrary files without prompting for password CVE-2019-3827 Tenabl...
Siemens Ruggedcom ROX Incorrect Implementation of Authentication Algorithm (CVE-2023-4641)
A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from...
Apple iOS和Apple iPadOS 安全漏洞
Apple iOS and Apple iPadOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for iPad tablets. A security vulnerability exists in Apple iOS version 26.2 and Apple iPadOS version 26.2, which stems from a logic issue th...
EUVD-2017-1426
Malware in sbrugna...
EUVD-2021-9077
Malicious code in bioql PyPI...
Liferay Portal和Liferay DXP 安全漏洞
Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...
Linux Distros Unpatched Vulnerability : CVE-2024-39894
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry e.g., for su and Sudo because of an ObscureKeystrokeTiming...
Ubuntu 14.04 LTS / 16.04 LTS : cifs-utils vulnerabilities (USN-7688-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7688-1 advisory. Aurlien Aptel discovered that cifs-utils invoked a shell when requesting a password. In certain environments, a local attacker could possibly...
CLSA-2025-1748945064 Fix CVE(s): CVE-2019-10206, CVE-2019-14856
SECURITY UPDATE: password prompt vulnerability from template expansion - debian/patches/CVE-2019-10206.patch: prevent templating of passwords from prompt to avoid special characters triggering it incorrectly - CVE-2019-10206 - debian/patches/CVE-2019-14856.patch: fix incomplete CVE-2019-10206 pat...
CVE-2023-23493
A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.2, macOS Monterey 12.6.3. An encrypted volume may be unmounted and remounted by a different user without prompting for the password...
CVE-2019-8522
A logic issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.4. An encrypted volume may be unmounted and remounted by a different user without prompting for the password...
CVE-2019-15929
In Craft CMS through 3.1.7, the elevated session password prompt was not being rate limited like normal login forms, leading to the possibility of a brute force attempt on them...
CVE-2025-31124
CVE-2025-31124 (Zitadel) describes a user enumeration flaw in the login flow caused by normalization of the username when the “Ignoring unknown usernames” setting is enabled. Although the UI prompts for a password and returns “Username or Password invalid” for non-existent users, the normalizatio...
CVE-2025-26793
The Web GUI configuration panel of Hirsch formerly Identiv and Viscount Enterphone MESH through 2024 ships with default credentials username freedom, password viscount. The administrator is not prompted to change these credentials on initial configuration, and changing the credentials requires ma...