30415 matches found
EUVD-2026-31127
Prototype pollution in csv parsing logic during import can lead to untrusted file paths but not arguments entering shell.openExternal after specific user behavior leading to "1-click" command execution...
CVE-2026-9101
Prototype pollution in csv parsing logic during import can lead to untrusted file paths but not arguments entering shell.openExternal after specific user behavior leading to "1-click" command execution...
CVE-2026-9101
The CVE-2026-9101 entry describes a prototype pollution flaw in CSV parsing during import. The underlying issue can allow untrusted file paths (not arguments) to reach shell.openExternal after specific user actions, potentially enabling a limited form of “1-click” command execution. Documents do ...
MAL-2026-4657 Malicious code in randomlogs (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c085eee0876092131c3f909facc237674fcfb1e02bafbafcb34230c87b3a3819 The package's main module index.js lines 6-10 exports a function mal that opens a TCP socket to 223.229.156.10:5513 and pipes a spawned shell /bin/sh...
Malicious code in randomlogs (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c085eee0876092131c3f909facc237674fcfb1e02bafbafcb34230c87b3a3819 The package's main module index.js lines 6-10 exports a function mal that opens a TCP socket to 223.229.156.10:5513 and pipes a spawned shell /bin/sh...
golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS
A flaw in golang.org/x/crypto/ssh/agent causes the SSH agent client to panic when a peer responds with the generic SSHAGENTSUCCESS 0x06 message to requests expecting typed replies e.g., List, Sign. The unmarshal layer produces an unexpected message type, which the client code does not handle,...
Exploit for Path Traversal in Gogs
CVE-2025-8110 PoC Python proof-of-concept script for triggerin...
HOV4X
HOV4X HOVAX - 45 Modules Security Toolkit for Penetration Test...
Exploit for Incorrect Implementation of Authentication Algorithm in Google Android
ADB TLS Auth Bypass Exploit CVE-2026-0073 An automated netw...
Astra Linux - уязвимость в less
Closealtfile in filename.c in less before 606 omits shellquote calls for LESSCLOSE...
Astra Linux - уязвимость в ruby-rack
A sequence injection vulnerability exists in Rack versions 2.0.9.1, 2.1.4.1, and 2.2.3.1. This vulnerability could allow for shell escapes in the Lint and CommonLogger components of Rack...
Astra Linux - уязвимость в xterm
xterm before 375 allows code execution via font ops. For example, an OSC 50 response may trigger Ctrl-g, thereby leading to command execution within the vi line-editing mode of Zsh. NOTE: Font ops are not allowed in the default configurations of xterm in some Linux distributions...
Astra Linux - уязвимость в twisted
Twisted is an event-based framework for internet applications, compatible with Python 3.6+. Before version 22.2.0, Twisted’s SSH client and server implementations allowed accepting an infinite amount of data for the peer’s SSH version identifier. This resulted in a buffer that consumed all...
Astra Linux - уязвимость в erlang
Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server might allow an attacker to perform unauthenticated remote code execution RCE. By exploiting a flaw in the SSH protocol’s message handling, a malicious...
Astra Linux - уязвимость в zsh
In zsh before version 5.8.1, an attacker can gain code execution if they control the command output within the prompt, as demonstrated by using a %F argument. This occurs due to the recursive PROMPTSUBST expansion...
Astra Linux - уязвимость в gegl
The loadcache function in GEGL before version 0.4.34 allows shell expansion when a pathname in a constructed command line is not escaped or filtered. This issue arises due to the use of the system library function for executing the ImageMagick convert fallback in magick-load. NOTE: GEGL versions...
Astra Linux - уязвимость в xorg-server
A vulnerability was discovered in X.Org. This security flaw arises because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This issue can lead to local privileges escalation on systems where the X server is running with privileged access, and may...
Astra Linux - уязвимость в openssh
In SSH in OpenSSH before version 9.6, OS command injection could occur if a user name or host name contained shell metacharacters, and this name was referenced by an expansion token in certain situations. For example, a untrusted Git repository might contain a submodule with shell metacharacters ...
Astra Linux - уязвимость в xorg-server
A heap buffer overflow flaw was discovered in the DisableDevice function of the X.Org server. This issue may cause an application to crash, or in some cases, lead to remote code execution in SSH X11 forwarding environments...
Astra Linux - уязвимость в jruby
In versions of Ruby from 2.4.7, 2.5.x up to 2.5.6, and 2.6.x up to 2.6.4, code injection is possible if the first argument also known as the “command” argument passed to Shell or Shelltest in lib/shell.rb is untrusted data. An attacker can exploit this vulnerability to call arbitrary Ruby methods...