362038 matches found
CVE-2026-53925
Glances is an open-source system cross-platform monitoring tool. From 4.0.8 until 4.5.5, the securepopen function in glances/secure.py interprets file redirection, | pipe, and && command chaining operators in command strings. These operators are applied without any validation on the target file...
CVE-2026-54090
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.33.8, when a shell interpreter is configured e.g. /bin/sh -c, the command allowlist can be bypassed through shell metacharacters. The allowlist...
CVE-2026-50549
Cursor is a code editor built for programming with AI. Prior to 3.0, Cursor runs agent terminal commands in a sandbox by default. Before a Write, the agent canonicalizes the target path to confirm it stays inside the workspace, but when canonicalization fails it falls back to the original path an...
CVE-2026-46607
Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, glances/outdated.py uses pickle.load to read a version-check cache file stored at a predictable, world-accessible path /.cache/glances/glances-version.db or $XDGCACHEHOME/glances/glances-version.db. No integrity chec...
CVE-2026-44017
A flaw was found in Docling. The EasyOCR model download functionality improperly extracts ZIP archives without validating member paths, enabling Zip Slip attacks. If an attacker compromises the model download source e.g., via a supply chain or Man-in-the-Middle MITM attack, they could write...
CVE-2026-57521
Bitwarden Server before 2026.5.0 contains a broken access control vulnerability that allows any authenticated user to access arbitrary organization billing data by supplying an arbitrary organizationId to the PreviewInvoiceController endpoints without membership or authorization checks. Attackers...
CVE-2026-44990
A flaw was found in the sanitize-html library. Under its default configuration, an attacker can embed malicious content within a disallowed xmp element. This vulnerability allows the attacker to bypass the HTML sanitization process, leading to stored Cross-Site Scripting XSS. Successful...
GO-2026-5344 Boxlite: Path Traversal Vulnerability Leads to Arbitrary File Write on the Host in github.com/boxlite-ai/boxlite/sdks/go
Boxlite: Path Traversal Vulnerability Leads to Arbitrary File Write on the Host in github.com/boxlite-ai/boxlite/sdks/go...
CVE-2026-53011
A flaw was found in the Linux kernel's networking scheduler, specifically within the taprio module. When the system attempts to switch schedules, a use-after-free vulnerability occurs in the advancesched function. This happens because a pointer to an old schedule entry is still used after the...
CVE-2026-53047
A flaw was found in the Linux kernel's EFI Extensible Firmware Interface capsule loader. An incorrect size calculation during memory reallocation for physical addresses can lead to an undersized buffer. This issue, specifically on 32-bit systems with Physical Address Extension PAE, may result in ...
CVE-2026-52989
A flaw was found in the nvmet-tcp component of the Linux kernel. The nvmettcpbuildpduiovec function fails to propagate errors when detecting out-of-bounds PDU lengths or offsets. This can lead to uninitialized memory being used by subsequent operations, such as reading incoming network data into ...
CVE-2026-56786
RTKLIB 2.4.3 contains an out-of-bounds write in decode_type1033 that fails to clamp length counters to the destination buffer. This allows up to a 191-byte overflow into fixed 64-byte descriptor fields when processing a crafted RTCM3 type-1033 message. An attacker controlling an NTRIP or serial R...
CVE-2026-56786 RTKLIB 2.4.3 - Out-of-bounds Write in decode_type1033 via Crafted RTCM3 Message
RTKLIB through 2.4.3 contains an out-of-bounds write vulnerability in decodetype1033 function that fails to clamp length counters to destination buffer size, allowing up to 191-byte overflow into fixed 64-byte descriptor fields. An attacker controlling an NTRIP or serial RTCM3 correction stream c...
EUVD-2026-39525
NewsBlur before 14.5.0 contains a broken access control vulnerability that allows authenticated users to read private notification feeds by supplying arbitrary userid values to the GET /social/interactions endpoint without ownership verification. Attackers can enumerate userid values to access...
libpng: libpng: Arbitrary code execution due to use-after-free vulnerability
A flaw was found in libpng, a library used for processing PNG Portable Network Graphics image files. This vulnerability arises from improper memory management where a heap-allocated buffer is aliased between internal data structures. When specific functions are called, a freed memory region can...
CVE-2026-46607 Glances: Insecure Pickle Deserialization in Version Cache Leads to Arbitrary Code Execution
Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, glances/outdated.py uses pickle.load to read a version-check cache file stored at a predictable, world-accessible path /.cache/glances/glances-version.db or $XDGCACHEHOME/glances/glances-version.db. No integrity chec...
CVE-2026-46607
CVE-2026-46607 describes an insecure deserialization vulnerability in Glances, where a version-check cache file (~/.cache/glances/glances-version.db) is loaded with pickle without validation. An attacker with write access to the cache path can introduce a malicious pickle and achieve arbitrary co...
CVE-2026-53925
Summary of CVE-2026-53925 (Glances) In Glances, versions 4.0.8 through 4.5.5, the secure_popen() function in glances/secure.py parses shell-like operators (>, |, &&) in command strings without validating the target path or commands. When AMP module commands/service_cmd values are read from gla...
CVE-2026-53925 Glances: Arbitrary file write and command execution via `secure_popen` redirection and chaining operators in AMP command configuration
Glances is an open-source system cross-platform monitoring tool. From 4.0.8 until 4.5.5, the securepopen function in glances/secure.py interprets file redirection, | pipe, and && command chaining operators in command strings. These operators are applied without any validation on the target file...
CVE-2026-54090
Summary (CVE-2026-54090) : File Browser before version 2.33.8 is vulnerable to a command allowlist bypass when a shell interpreter is configured (e.g., /bin/sh -c). The allowlist checks only the first token, but the full raw input is passed to the shell, allowing metacharacters (semicolon, pipe, ...