Lucene search
K

33 matches found

Cvelist
Cvelist
added 2026/06/16 3:26 p.m.28 views

CVE-2026-44932 indirect remote shell command injection via unsanitized DHCP options in wicked

Passing of unsanitized strings from DHCP replies into the wicked dhcp client before wicked 0.6.79 could be used by attackers operating a malicious DHCP server to execute code on the local machine...

8.8CVSS0.00297EPSS
Exploits0References6
CVE
CVE
added 2026/06/16 3:26 p.m.37 views

CVE-2026-44932

Wicked (openSUSE/SUSE Linux) is affected by CVE-2026-44932 through an indirect remote shell command injection via unsanitized DHCP options. The root cause is unsanitized DHCP strings being handled by the wicked DHCP client, with leaseinfo dump output and certain option processing allowing code ex...

8.8CVSS5.5AI score0.00297EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/14 12:0 a.m.8 views

SUSE SLES15 Security Update : wicked (SUSE-SU-2026:2354-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:2354-1 advisory. - CVE-2026-44932: Fixed indirect remote shell command injection via unsanitized DHCP options bsc1265221. Tenable has extracted the preceding...

8.8CVSS5.3AI score0.00297EPSS
Exploits0References4
SUSE Linux
SUSE Linux
added 2026/06/10 2:55 p.m.12 views

Security update for wicked

This update for wicked fixes the following issues: CVE-2026-44932: Fixed indirect remote shell command injection via unsanitized DHCP options bsc1265221. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

8.8CVSS5.5AI score0.00297EPSS
Exploits0References6
OSV
OSV
added 2026/06/10 2:53 p.m.5 views

SUSE-SU-2026:2350-1 Security update for wicked

This update for wicked fixes the following issues: - CVE-2026-44932: Fixed indirect remote shell command injection via unsanitized DHCP options bsc1265221...

8.8CVSS5.5AI score0.00297EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/11 7:37 p.m.8 views

Arbitrary Code Injection

Overview mermaid is a package for generation of diagrams and flowcharts from text in a similar manner as markdown. Affected versions of this package are vulnerable to Arbitrary Code Injection due to improper sanitization of configuration options such as fontFamily, themeCSS, and altFontFamily. An...

7.1CVSS5.9AI score0.00398EPSS
Exploits0References2
OSV
OSV
added 2026/03/24 1:23 p.m.5 views

CVE-2026-33311 @dicebear/core and @dicebear/initials Vulnerable to SVG Injection via Unsanitized Options

DiceBear is an avatar library for designers and developers. Starting in version 5.0.0 and prior to versions 5.4.4, 6.1.4, 7.1.4, 8.0.3, and 9.4.1, SVG attribute values derived from user-supplied options backgroundColor, fontFamily, textColor were not XML-escaped before interpolation into SVG...

4.7CVSS5.9AI score0.00181EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/19 5:49 p.m.2 views

Cross-site Scripting (XSS)

Overview @dicebear/core is an An avatar library for designers and developers. Affected versions of this package are vulnerable to Cross-site Scripting XSS via unsanitized interpolation of user-supplied options in the createAvatar function. An attacker can execute arbitrary scripts in the context ...

4.7CVSS5.8AI score0.00181EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/19 5:49 p.m.11 views

SVG Injection via Unsanitized Options in @dicebear/core and @dicebear/initials

Summary SVG attribute values derived from user-supplied options backgroundColor, fontFamily, textColor were not XML-escaped before interpolation into SVG output. This could allow Cross-Site Scripting XSS when applications pass untrusted input to createAvatar and serve the resulting SVG inline or...

4.7CVSS5.8AI score0.00181EPSS
Exploits0References3Affected Software2
Cvelist
Cvelist
added 2026/03/18 3:5 a.m.31 views

CVE-2026-31938 jsPDF has HTML Injection in New Window paths

jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.2.1, user control of the options argument of the output function allows attackers to inject arbitrary HTML such as scripts into the browser context the created PDF is opened in. The vulnerability can be exploited in the followi...

9.6CVSS0.00264EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/17 5:7 p.m.6 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in jspdf.js, when user-controlled values are passed to the options argument, then included unsanitized in the generated HTML and opened by another user. An attacker can cause the execution of scripts in the...

9.6CVSS5.7AI score0.00264EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/17 5:7 p.m.14 views

jsPDF has HTML Injection in New Window paths

Impact User control of the options argument of the output function allows attackers to inject arbitrary HTML such as scripts into the browser context the created PDF is opened in. The affected overloads and options are: "pdfobjectnewwindow": the pdfObjectUrl option and the entire options object,...

9.6CVSS5.8AI score0.00264EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/02/06 8:58 p.m.11 views

CVE-2026-25581

SCEditor has a DOM XSS vulnerability pre-3.2.1 when configuration options passed to sceditor.create() (e.g., emoticons, charset) are not sanitised. An attacker who can control these options can inject malicious payloads, as demonstrated by the provided PoC where an onerror handler is injected via...

5.4CVSS5.4AI score0.00216EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.7 views

PT-2026-6797

Name of the Vulnerable Software and Affected Versions SCEditor versions prior to 3.2.1 Description SCEditor is a lightweight WYSIWYG BBCode and XHTML editor. A lack of sanitisation of configuration options passed to the sceditor.create function allows an attacker who can control these options—suc...

5.4CVSS5.1AI score0.00216EPSS
Exploits1References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.23 views

EUVD-2021-1436

Malware in sbrugna...

9.8CVSS9.4AI score0.04025EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/09/25 1:34 p.m.6 views

CVE-2025-59831 `git-comiters` Command Injection vulnerability

git-commiters is a Node.js function module providing committers stats for their git repository. Prior to version 0.1.2, there is a command injection vulnerability in git-commiters. This vulnerability manifests with the library's primary exported API: gitCommitersoptions, callback which allows...

8.7CVSS0.0228EPSS
Exploits1References2
OSV
OSV
added 2024/07/11 6:15 a.m.4 views

CVE-2024-6026

The Slider by 10Web WordPress plugin before 1.2.56 does not sanitise and escape some of its Slide options, which could allow authenticated users with access to the Sliders by default Administrator, however this can be changed via the Slider by 10Web WordPress plugin before 1.2.56's options and th...

5.4CVSS5.8AI score0.00375EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/11/23 12:0 a.m.4 views

PT-2023-7469 · Openssl · Openssl

Name of the Vulnerable Software and Affected Versions: openssl aka node-openssl versions through 2.0.0 Description: The issue is related to the absence of input data sanitization in the openssl package of the NPM package manager. This allows a remote attacker to execute arbitrary commands by...

10CVSS8AI score0.01909EPSS
Exploits1References11
RedHat Linux
RedHat Linux
added 2022/10/05 10:44 a.m.2 views

chart.js: prototype pollution

A flaw was found in chart.js. This issue occurs when the options parameter is not properly sanitized when it is processed. When options are processed, the object's keys that are being set are not checked, possibly allowing a prototype pollution...

9.8CVSS5.7AI score0.04678EPSS
Exploits1References4
OSV
OSV
added 2021/07/26 9:23 p.m.16 views

GHSA-3FXP-VWXM-2R5P Command injection in gitlogplus

All versions of package gitlogplus are vulnerable to Command Injection via the main functionality, as options attributes are appended to the command to be executed without sanitization...

9.8CVSS7.2AI score0.04025EPSS
Exploits1References4
Rows per page
Query Builder