CVE-2026-45253

ptracePTSCREMOTE failed to properly validate parameters for the syscall2 and syscall2 meta-system calls. As a result, a user with the ability to debug a process may trigger arbitrary code execution in the kernel, even if the target process has no special privileges. The missing validation allows ...

EUVD-2025-37929

A vulnerability in the XiaozhangBang Voluntary Like System V8.8 allows remote attackers to manipulate the zhekou parameter in the /topfirst.php Pay module, enabling unauthorized discounts. By sending a crafted HTTP POST request with zhekou set to an abnormally low value, an attacker can purchase...

CVE-2025-51384

D-LINK DI-8200 16.07.26A1 is vulnerable to Buffer Overflow in the ipsecnetasp function via the remotip parameter...

CVE-2024-38927

Open Robotics Robotic Operating System 2 ROS2 and Nav2 humble versions were discovered to contain a use-after-free via the nav2amcl process. This vulnerability is triggered via remotely sending a request to change the value of dynamic-parameter /amcl dobeamskip...

CVE-2024-38925

Open Robotics Robotic Operating System 2 ROS2 and Nav2 humble versions were discovered to contain a use-after-free via the nav2amcl process. This vulnerability is triggered via remotely sending a request for change the value of dynamic-parameter/amcl zmax...

CVE-2024-38923

Open Robotics Robotic Operating System 2 ROS2 and Nav2 humble versions were discovered to contain a use-after-free via the nav2amcl process. This vulnerability is triggered via remotely sending a request to change the value of dynamic-parameter/amcl odomframeid...

Nav2 安全漏洞

Nav2 is the ROS community's navigation framework and system for ROS2. A security vulnerability exists in Nav2 that originates from the nav2amcl process containing post-release reuse. The vulnerability is triggered by remotely sending a request to change the value of lasermodeltype in the dynamic...

CVE-2024-38925

Open Robotics Robotic Operating System 2 ROS2 and Nav2 humble versions were discovered to contain a use-after-free via the nav2amcl process. This vulnerability is triggered via remotely sending a request for change the value of dynamic-parameter/amcl zmax...

Nav2 安全漏洞

Nav2 is the ROS community's navigation framework and system for ROS2. A security vulnerability exists in Nav2 that originates from the nav2amcl process containing post-release reuse. The vulnerability is triggered by remotely sending a request to change the value of zrand in the dynamic...

Nav2 安全漏洞

Nav2 is the ROS community's navigation framework and system for ROS2. A security vulnerability exists in Nav2 that originates from the nav2amcl process containing post-release reuse. The vulnerability is triggered by remotely sending a request to change the value of dobeamskip in the dynamic...

Nav2 安全漏洞

Nav2 is the ROS community's navigation framework and system for ROS2. A security vulnerability exists in Nav2 that originates from a post-release reuse vulnerability contained in the nav2amcl process. An attacker exploiting this vulnerability could be triggered by remotely sending a request to...

Command Injection

git is vulnerable to Command Injection. The vulnerability exists in the fetch function in lib.rb because remote parameter does not properly sanitize which allows a malicious attacker to inject and execute arbitrary codes...

GHSA-69P6-WVMQ-27GG Command injection in ruby-git

The package prior to v1.11.0 is vulnerable to Command Injection via git argument injection. When calling the fetchremote = 'origin', opts = function, the remote parameter is passed to the git fetch subcommand in a way such that additional flags can be set. The additional flags can be used to...

CVE-2022-25648

The package git before 1.11.0 are vulnerable to Command Injection via git argument injection. When calling the fetchremote = 'origin', opts = function, the remote parameter is passed to the git fetch subcommand in a way that additional flags can be set. The additional flags can be used to perform...

Command injection

The package git before 1.11.0 are vulnerable to Command Injection via git argument injection. When calling the fetchremote = 'origin', opts = function, the remote parameter is passed to the git fetch subcommand in a way that additional flags can be set. The additional flags can be used to perform...

CVE-2022-25648

The package git before 1.11.0 are vulnerable to Command Injection via git argument injection. When calling the fetchremote = 'origin', opts = function, the remote parameter is passed to the git fetch subcommand in a way that additional flags can be set. The additional flags can be used to perform...

ruby-git 参数注入漏洞

ruby-git is a Ruby library. It can be used to create, read, and manipulate Git repositories by wrapping system calls in git binaries. A security vulnerability exists in ruby-git, which stems from the fact that when the fetchremote = origin, opts = function is called, the remote argument is passed...

Command injection

Totolink routers s X5000R V9.1.0u.6118B20201102 and A7000R V9.1.0u.6115B20201022 were discovered to contain a command injection vulnerability in the Tunnel 6in4 function via the remote6in4 parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

Command injection

The package simple-git before 3.3.0 are vulnerable to Command Injection via argument injection. When calling the .fetchremote, branch, handlerFn function, both the remote and branch parameters are passed to the git fetch subcommand. By injecting some git options it was possible to get arbitrary...

Command Injection

Overview git is a Ruby library that can be used to create, read and manipulate Git repositories by wrapping system calls to the git binary. Affected versions of this package are vulnerable to Command Injection via git argument injection. When calling the fetchremote = 'origin', opts = function, t...