30918 matches found
PT-2026-6212
Name of the Vulnerable Software and Affected Versions melange versions 0.3.0 through 0.40.2 Description melange enables users to create apk packages using declarative pipelines. A security issue exists in versions 0.3.0 through 0.40.2 where an attacker with the ability to supply build input value...
📄 LimeSurvey 5.2.4 Remote Code Execution
Proof of concept exploit for LimeSurvey version 5.2.4 that loads a malicious PHP plugin and executes a reverse shell. ============================================================================================================================================= | Title : LimeSurvey 5.2.4 reverse...
Claude Code 跨站脚本漏洞
Claude Code is an open-source proxy encoding tool developed by Anthropic. Versions of Claude Code prior to 2.0.74 contained a cross-site scripting vulnerability. This vulnerability stemmed from a Bash command validation flaw during the parsing of ZSH “clobber” syntax, which could allow bypassing...
PT-2026-6187
Name of the Vulnerable Software and Affected Versions Claude Code versions prior to 2.0.74 Description Claude Code is an agentic coding tool affected by a Bash command validation flaw when parsing ZSH clobber syntax. This flaw allowed bypassing directory restrictions and writing files outside the...
PT-2026-5921
Name of the Vulnerable Software and Affected Versions Brocade Fabric OS versions prior to 9.2.1c2 Brocade Fabric OS versions 9.2.2 through 9.2.2a Description A flaw exists within Brocade Fabric OS that may allow an authenticated attacker possessing administrative privileges to manipulate path...
GHSA-GP56-F67F-M4PX CI4MS Vulnerable to Remote Code Execution (RCE) via Arbitrary File Creation and Save in File Editor
Summary A critical vulnerability has been identified in CI4MS that allows an authenticated user with file editor permissions to achieve Remote Code Execution RCE. By leveraging the file creation and save endpoints, an attacker can upload and execute arbitrary PHP code on the server. Vulnerability...
Arbitrary Command Injection
cai-framework is vulnerable to Arbitrary Command Injection. The vulnerability is due to passing user-controlled input directly to shell commands via subprocess.Popen with shell=True, which allows an attacker to inject malicious arguments for example -exec in the findfile tool and execute arbitrar...
GO-2026-4380 Dozzle Agent Label-Based Access Control Bypass Allows Unauthorized Container Shell Access in github.com/amir20/dozzle
Dozzle Agent Label-Based Access Control Bypass Allows Unauthorized Container Shell Access in github.com/amir20/dozzle...
Signal K set-system-time plugin vulnerable to RCE - Command Injection
Summary A Command Injection vulnerability allows authenticated users with write permissions to execute arbitrary shell commands on the Signal K server when the set-system-time plugin is enabled. Unauthenticated users can also exploit this vulnerability if security is disabled on the Signal K...
Exploit for Improper Input Validation in Unrealircd
UnrealIRCD 3.2.8.1 Backdoor Exploit A clean, flexible exploit...
CVE-2026-1757
A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to fr...
Wireshark: NULL Pointer Dereference in Wireshark
A flaw was found in Wireshark’s SSH dissector, caused by a missing NULL check in key exchange parameter handling. This vulnerability can trigger a segmentation fault when processing malformed SSH traffic or crafted capture files, potentially causing the application to crash and resulting in a...
OPENSUSE-SU-2026:20151-1 Security update for wireshark
This update for wireshark fixes the following issues: Update to Wireshark 4.4.13: - CVE-2025-11626: MONGO dissector infinite loop bsc1251933. - CVE-2025-13499: Kafka dissector crash bsc1254108. - CVE-2025-13945: HTTP3 dissector crash bsc1254471. - CVE-2025-13946: MEGACO dissector infinite loop...
CVE-2026-1757 Libxml2: memory leak leading to local denial of service in xmllint interactive shell
A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to fr...
CVE-2026-1757
A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to fr...
CVE-2026-1757
CVE-2026-1757 describes a memory leak in the interactive shell of the libxml2 xmllint utility. When a user enters input consisting only of whitespace, the shell skips command execution but does not free the allocated buffer, allowing memory to accumulate over repeated actions. This can lead to lo...
EUVD-2026-5101
A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to fr...
CVE-2026-1757 Libxml2: memory leak leading to local denial of service in xmllint interactive shell
A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to fr...
CVE-2026-1757
A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to fr...
CVE-2026-1757
A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to fr...