33 matches found
CVE-2026-44932 indirect remote shell command injection via unsanitized DHCP options in wicked
Passing of unsanitized strings from DHCP replies into the wicked dhcp client before wicked 0.6.79 could be used by attackers operating a malicious DHCP server to execute code on the local machine...
CVE-2026-44932
Wicked (openSUSE/SUSE Linux) is affected by CVE-2026-44932 through an indirect remote shell command injection via unsanitized DHCP options. The root cause is unsanitized DHCP strings being handled by the wicked DHCP client, with leaseinfo dump output and certain option processing allowing code ex...
SUSE SLES15 Security Update : wicked (SUSE-SU-2026:2354-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:2354-1 advisory. - CVE-2026-44932: Fixed indirect remote shell command injection via unsanitized DHCP options bsc1265221. Tenable has extracted the preceding...
Security update for wicked
This update for wicked fixes the following issues: CVE-2026-44932: Fixed indirect remote shell command injection via unsanitized DHCP options bsc1265221. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
SUSE-SU-2026:2350-1 Security update for wicked
This update for wicked fixes the following issues: - CVE-2026-44932: Fixed indirect remote shell command injection via unsanitized DHCP options bsc1265221...
Arbitrary Code Injection
Overview mermaid is a package for generation of diagrams and flowcharts from text in a similar manner as markdown. Affected versions of this package are vulnerable to Arbitrary Code Injection due to improper sanitization of configuration options such as fontFamily, themeCSS, and altFontFamily. An...
CVE-2026-33311 @dicebear/core and @dicebear/initials Vulnerable to SVG Injection via Unsanitized Options
DiceBear is an avatar library for designers and developers. Starting in version 5.0.0 and prior to versions 5.4.4, 6.1.4, 7.1.4, 8.0.3, and 9.4.1, SVG attribute values derived from user-supplied options backgroundColor, fontFamily, textColor were not XML-escaped before interpolation into SVG...
Cross-site Scripting (XSS)
Overview @dicebear/core is an An avatar library for designers and developers. Affected versions of this package are vulnerable to Cross-site Scripting XSS via unsanitized interpolation of user-supplied options in the createAvatar function. An attacker can execute arbitrary scripts in the context ...
SVG Injection via Unsanitized Options in @dicebear/core and @dicebear/initials
Summary SVG attribute values derived from user-supplied options backgroundColor, fontFamily, textColor were not XML-escaped before interpolation into SVG output. This could allow Cross-Site Scripting XSS when applications pass untrusted input to createAvatar and serve the resulting SVG inline or...
CVE-2026-31938 jsPDF has HTML Injection in New Window paths
jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.2.1, user control of the options argument of the output function allows attackers to inject arbitrary HTML such as scripts into the browser context the created PDF is opened in. The vulnerability can be exploited in the followi...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in jspdf.js, when user-controlled values are passed to the options argument, then included unsanitized in the generated HTML and opened by another user. An attacker can cause the execution of scripts in the...
jsPDF has HTML Injection in New Window paths
Impact User control of the options argument of the output function allows attackers to inject arbitrary HTML such as scripts into the browser context the created PDF is opened in. The affected overloads and options are: "pdfobjectnewwindow": the pdfObjectUrl option and the entire options object,...
CVE-2026-25581
SCEditor has a DOM XSS vulnerability pre-3.2.1 when configuration options passed to sceditor.create() (e.g., emoticons, charset) are not sanitised. An attacker who can control these options can inject malicious payloads, as demonstrated by the provided PoC where an onerror handler is injected via...
PT-2026-6797
Name of the Vulnerable Software and Affected Versions SCEditor versions prior to 3.2.1 Description SCEditor is a lightweight WYSIWYG BBCode and XHTML editor. A lack of sanitisation of configuration options passed to the sceditor.create function allows an attacker who can control these options—suc...
EUVD-2021-1436
Malware in sbrugna...
CVE-2025-59831 `git-comiters` Command Injection vulnerability
git-commiters is a Node.js function module providing committers stats for their git repository. Prior to version 0.1.2, there is a command injection vulnerability in git-commiters. This vulnerability manifests with the library's primary exported API: gitCommitersoptions, callback which allows...
CVE-2024-6026
The Slider by 10Web WordPress plugin before 1.2.56 does not sanitise and escape some of its Slide options, which could allow authenticated users with access to the Sliders by default Administrator, however this can be changed via the Slider by 10Web WordPress plugin before 1.2.56's options and th...
PT-2023-7469 · Openssl · Openssl
Name of the Vulnerable Software and Affected Versions: openssl aka node-openssl versions through 2.0.0 Description: The issue is related to the absence of input data sanitization in the openssl package of the NPM package manager. This allows a remote attacker to execute arbitrary commands by...
chart.js: prototype pollution
A flaw was found in chart.js. This issue occurs when the options parameter is not properly sanitized when it is processed. When options are processed, the object's keys that are being set are not checked, possibly allowing a prototype pollution...
GHSA-3FXP-VWXM-2R5P Command injection in gitlogplus
All versions of package gitlogplus are vulnerable to Command Injection via the main functionality, as options attributes are appended to the command to be executed without sanitization...