PT-2026-35151

Name of the Vulnerable Software and Affected Versions electerm affected versions not specified Description A command injection issue exists in the runLinux function within github.com/elcterm/electerm/npm/install.js:130. The function appends remote version strings, which can be controlled by an...

React Server Components have a Denial of Service Vulnerability

Impact A denial of service vulnerability exists in React Server Components, affecting the following packages: react-server-dom-parcel, react-server-dom-turbopack, react-server-dom-webpack versions 19.0.0, 19.1.0 and 19.2.0. The vulnerability is triggered by sending specially crafted HTTP requests...

GHSA-8JX2-RHFH-Q928 godot-mcp has Command Injection via unsanitized projectPath

Impact A Command Injection vulnerability in godot-mcp allows remote code execution. The executeOperation function passed user-controlled input e.g., projectPath directly to exec, which spawns a shell. An attacker could inject shell metacharacters like $command or &calc to execute arbitrary comman...

React Server Components have multiple Denial of Service Vulnerabilities

Impact It was found that the fixes to address DoS in React Server Components were incomplete and we found multiple denial of service vulnerabilities still exist in React Server Components. We recommend updating immediately. The vulnerability exists in versions 19.0.0, 19.0.1, 19.0.2, 19.0.3,...

PT-2025-3138 · Undefined · Undefined

🚨🚨 『The vulnerabilities are trivial to reverse and exploit though, and we encourage users to to upgrade ASAP to the latest SimpleHelp release,』 CVE-2024-55726 CVE-2024-55727 CVE-2024-55728 Critical Vulnerabilities in SimpleHelp Remote Support Software https://t.co/F8dpl2me1D...

PT-2023-9141 · Owlet · Owlet Cam

Name of the Vulnerable Software and Affected Versions: Owlet Cam versions v1 and v2 Description: A command injection vulnerability exists in the IOCTL that manages OTA updates, allowing a specially crafted command to lead to command execution as the root user. An attacker can make authenticated...

CVE-2019-5490

Certain versions between 2.x to 5.x refer to advisory of the NetApp Service Processor firmware were shipped with a default account enabled that could allow unauthorized arbitrary command execution. Any platform listed in the advisory Impact section may be affected and should be upgraded to a fixe...

Fedora 26 : phpMyAdmin (2017-481515e199)

Upstream announcement : Welcome to phpMyAdmin 4.7.7, a regular maintenance release containing bug fixes and a security fix. The security vulnerability is a XSRF/CSRF flaw; you can read more at https://www.phpmyadmin.net/security/PMASA-2017-9/ As a result of this, we recommend all users upgrade...

BIND -- Remote DOS

The Internet Systems Consortium reports: Organizations across the Internet reported crashes interrupting service on BIND 9 nameservers performing recursive queries. Affected servers crashed after logging an error in query.c with the following message: "INSIST! dnsrdatasetisassociatedsigrdataset"...

[slackware-security] rsync security update

Rsync is a file transfer client and server. A security problem which may lead to unauthorized machine access or code execution has been fixed by upgrading to rsync-2.5.7. This problem only affects machines running rsync in daemon mode, and is easier to exploit if the non-default option "use chroo...

[SECURITY] New versions of cfengine fixes symlink attack

The maintainer of Debian GNU/Linux cfengine package found a error in the way cfengine handles temporary files when it runs the tidy action on homedirectories, which makes it suspectible to a symlink attack. The author has been notified of the problem but has not released a fix yet. We recommend y...