162 matches found
EUVD-2005-1289
Malware in sbrugna...
EUVD-2018-19727
Malware in sbrugna...
EUVD-2017-0763
Malware in sbrugna...
EUVD-2019-9232
Malware in sbrugna...
EUVD-2021-22921
Malicious code in bioql PyPI...
EUVD-2022-40792
Malicious code in bioql PyPI...
EUVD-2025-29630
Malicious code in bioql PyPI...
EUVD-2025-7663
Malicious code in bioql PyPI...
CVE-2025-59050
Greenshot is an open source Windows screenshot utility. Greenshot 1.3.300 and earlier deserializes attacker-controlled data received in a WMCOPYDATA message using BinaryFormatter.Deserialize without prior validation or authentication, allowing a local process at the same integrity level to trigge...
CVE-2025-56803
CVE-2025-56803 affects Figma Desktop for Windows v125.6.5. The vulnerability is a command injection in the local plugin loader: if a plugin manifest.json includes a string in the build field, it is passed to Node.js child_process.exec without validation, enabling arbitrary OS command execution wh...
Exploit for CVE-2025-56803
CVE-2025-56803 Command Injection Vulnerability via Plugin...
CVE-2025-5048
Autodesk AutoCAD is affected by CVE-2025-5048 via DGN file parsing that can trigger a memory corruption, enabling arbitrary code execution in the current process. The vulnerability is exploitable locally with user interaction required (per the CVE metrics and ZDI advisory). The root cause is rela...
Linux Distros Unpatched Vulnerability : CVE-2014-7230
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users to obtain...
Command Injection
node-code-sandbox-mcp is vulnerable to command injection. The vulnerability is due to the unsanitized use of input parameters within a call to childprocess.execSync, which allows an attacker to inject arbitrary system commands and achieve remote code execution, bypassing sandbox protections...
GHSA-5W57-2CCQ-8W95 Node.js Sandbox MCP Server vulnerability can lead to Sandbox Escape via Command Injection
Summary A command injection vulnerability exists in the node-code-sandbox-mcp MCP Server. The vulnerability is caused by the unsanitized use of input parameters within a call to childprocess.execSync, enabling an attacker to inject arbitrary system commands. Successful exploitation can lead to...
Falco 0.41.3
Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco...
Falco 0.41.0
Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco...
CVE-2021-23874
Arbitrary Process Execution vulnerability in McAfee Total Protection MTP prior to 16.0.30 allows a local user to gain elevated privileges and execute arbitrary code bypassing MTP self-defense...
CVE-2018-8044
K7Computing Pvt Ltd K7Antivirus Premium 15.1.0.53 is affected by: Incorrect Access Control. The impact is: Local Process Execution local. The component is: K7Sentry.sys...
CVE-2019-19620
In SecureWorks Red Cloak Windows Agent before 2.0.7.9, a local user can bypass the generation of telemetry alerts by removing NT AUTHORITY\SYSTEM permissions from a file. This is limited in scope to the collection of process-execution telemetry, for executions against specific files where the...