Lucene search
+L

28 matches found

NVD
NVD
added 2026/07/08 9:16 a.m.10 views

CVE-2026-57248

When the application opens a PDF file and JavaScript writes annotation attributes, there is a lack of sufficient object type and argument checks. As a result, due to the damage to the internal structure of the annotations, it causes the application to crash during subsequent release...

7.8CVSS0.00116EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/08 7:36 a.m.6 views

CVE-2026-57248

When the application opens a PDF file and JavaScript writes annotation attributes, there is a lack of sufficient object type and argument checks. As a result, due to the damage to the internal structure of the annotations, it causes the application to crash during subsequent release...

7.8CVSS5.9AI score0.00116EPSS
Exploits0References2Affected Software2
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.15 views

PT-2026-56347

Name of the Vulnerable Software and Affected Versions Foxit PDF Editor/Reader affected versions not specified Description Insufficient object type and argument checks occur when the application opens a PDF file and JavaScript writes annotation attributes. This leads to damage in the internal...

7.8CVSS6AI score0.00116EPSS
Exploits0References5
OSV
OSV
added 2026/06/16 9:31 p.m.6 views

GHSA-3V3J-737J-7G74 Duplicate Advisory: Linux and macOS exec allowlists skipped configured argument patterns

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-v2ww-5rh7-2h5v. This link is maintained to preserve external references. Original Description OpenClaw before 2026.5.12 contains an argument pattern validation bypass in the exec allowlist that allows attackers ...

8.3CVSS5.5AI score0.00347EPSS
Exploits0References3
OSV
OSV
added 2026/04/17 10:23 p.m.5 views

GHSA-9QHQ-V63V-FV3J PraisonAI has an incomplete fix for CVE-2026-34935 - OS Command Injection

Summary The fix for PraisonAI's MCP command handling does not add a command allowlist or argument validation to parsemcpcommand, allowing arbitrary executables like bash, python, or /bin/sh with inline code execution flags to pass through to subprocess execution. Affected Package - Ecosystem: PyP...

9.8CVSS6.7AI score0.00824EPSS
Exploits2References5
RustSec
RustSec
added 2025/05/06 12:0 p.m.9 views

Lack of sufficient checks in public API

The following functions in the anon-vec crate are unsound due to insufficient checks on their arguments:: - AnonVec::getref - AnonVec::getmut - AnonVec::removeget The crate was built as a learning project and is not being maintained...

7AI score
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2024/09/05 12:0 a.m.12 views

PT-2024-14256 · Unknown · Trusted Firmware-M

Name of the Vulnerable Software and Affected Versions: Trusted Firmware-M versions through 2.0.0 Description: An issue was discovered in the logging subsystem of Trusted Firmware-M, where the lack of argument verification allows attackers to read sensitive data via the login function...

4.7CVSS6.4AI score0.00293EPSS
Exploits0References8
BDU FSTEC
BDU FSTEC
added 2023/12/19 12:0 a.m.7 views

The vulnerability of Siemens SCALANCE and RUGGEDCOM industrial switches lies in the insufficient checking of arguments passed in commands, allowing attackers to execute arbitrary commands.

The vulnerability of Siemens SCALANCE and RUGGEDCOM industrial switches lies in insufficient verification of the arguments passed in the commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

8.3CVSS7.2AI score0.00644EPSS
Exploits0References3Affected Software13
BDU FSTEC
BDU FSTEC
added 2023/10/29 12:0 a.m.7 views

The vulnerability of software for managing data storage on Dell EMC PowerEdge MX Dell SmartFabric Storage systems is related to insufficient checking of arguments passed in commands, allowing an attacker to execute arbitrary commands.

The vulnerability is related to insufficient checking of arguments passed to the command. Exploitation of this vulnerability allows a remote attacker to execute arbitrary commands...

9CVSS8AI score0.00766EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/10/21 12:0 a.m.12 views

The vulnerability of the printer web page module (ARM) of Honeywell PM43, which allows a intruder to execute arbitrary commands

The vulnerability of the printer web page module ARM of Honeywell PM43 is related to insufficient checking of arguments passed in commands. Exploiting this vulnerability can allow a remote attacker to execute arbitrary commands...

9.9CVSS8.1AI score0.33094EPSS
Exploits3References5
BDU FSTEC
BDU FSTEC
added 2023/09/05 12:0 a.m.7 views

The vulnerability of the readVideoInfo method in the software tool for creating/distributing content with LG Simple Editor allows a perpetrator to escalate their privileges and execute arbitrary code.

The vulnerability of the readVideoInfo method in the LG Simple Editor software for creating and distributing content is related to insufficient checking of arguments passed in commands. Exploiting this vulnerability can allow an attacker to enhance their privileges and execute arbitrary code...

10CVSS8AI score0.87649EPSS
Exploits4References3
BDU FSTEC
BDU FSTEC
added 2023/06/20 12:0 a.m.7 views

The vulnerability of the UploadFirmwareFile function in the microprogramming software for TOTOLINK X18 allows a hacker to execute arbitrary commands.

The vulnerability of the UploadFirmwareFile function in TOTOLINK X18 microprogrammed router software is related to insufficient checking of arguments passed in the command. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using the FileName parameter...

10CVSS8.1AI score0.02014EPSS
Exploits1References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/06/20 12:0 a.m.6 views

The vulnerability of the setTracerouteCfg function in the TOTOLINK X18 router microprogramming system allows a hacker to execute arbitrary commands.

The vulnerability of the setTracerouteCfg function in TOTOLINK X18 router microprogramming systems is related to insufficient checking of arguments passed in commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

10CVSS8.1AI score0.02014EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2023/04/27 12:0 a.m.9 views

PT-2023-2617 · Myscada · Myscada Mypro

Name of the Vulnerable Software and Affected Versions: mySCADA myPRO versions 8.26.0 and prior Description: The issue is related to insufficient checking of arguments passed to a command, allowing an authenticated user to inject arbitrary operating system commands. This could enable a remote...

9CVSS7.4AI score0.00746EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/04/27 12:0 a.m.4 views

PT-2023-2616 · Myscada · Myscada Mypro

Name of the Vulnerable Software and Affected Versions: mySCADA myPRO versions 8.26.0 and prior Description: The issue is related to insufficient checking of arguments passed to a command, allowing a remote attacker to execute arbitrary code in the operating system. An authenticated user could...

10CVSS7.5AI score0.4481EPSS
Exploits3References5
BDU FSTEC
BDU FSTEC
added 2022/09/09 12:0 a.m.9 views

The vulnerability of the byte_4C0160 function in D-Link DSL-3782 router microprogramming software allows a hacker to enhance their privileges and execute arbitrary commands.

The vulnerability of the byte4C0160 function in D-Link DSL-3782 router microprogramming software is related to insufficient checking of arguments passed to certain CLI commands. Exploiting this vulnerability can allow an attacker to enhance their privileges and execute arbitrary commands...

5.5CVSS8AI score0.04226EPSS
Exploits1References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/08/15 12:0 a.m.7 views

The vulnerability of the File Server Cache service in the Teamcenter product lifecycle management system allows a hacker to execute arbitrary commands.

The vulnerability of the File Server Cache service in the Teamcenter product lifecycle management system is related to insufficient checking of arguments passed to commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...

7.6CVSS8AI score0.01112EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/06/22 12:0 a.m.9 views

The vulnerability of the “Main” function in TOTOLINK A3000RU router microprogramming software allows a intruder to execute arbitrary commands.

The vulnerability of the “Main” function in TOTOLINK A3000RU router microprogramming systems is related to insufficient checking of arguments passed in commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands through the QUERYSTRING parameter...

10CVSS8.4AI score0.56248EPSS
Exploits1References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/02/25 12:0 a.m.10 views

The vulnerabilities of the DIR846A1_FW100A43.bin and DIR846enFW100A53DLA-Retail.bin microprogramming systems of D-Link DIR-846 allow a hacker to execute arbitrary commands.

The vulnerability of the DIR846A1FW100A43.bin and DIR846enFW100A53DLA-Retail.bin microprogramming systems of D-Link DIR-846 routers is related to insufficient checking of arguments passed in commands. Exploiting this vulnerability can allow a remote attacker to execute arbitrary commands...

10CVSS8.1AI score0.06573EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2022/02/25 12:0 a.m.9 views

The vulnerabilities of the DIR846A1_FW100A43.bin and DIR846enFW100A53DLA-Retail.bin microprogramming systems of D-Link DIR-846 allow a hacker to execute arbitrary commands.

The vulnerability of the DIR846A1FW100A43.bin and DIR846enFW100A53DLA-Retail.bin microprogramming systems of D-Link DIR-846 routers is related to insufficient checking of arguments passed in commands. Exploiting this vulnerability can allow a malicious actor to execute arbitrary commands using a...

10CVSS8.1AI score0.33287EPSS
Exploits1References3
Rows per page
Query Builder