CVE-2026-10796 nvm executes commands from a malicious Node.js mirror's version strings

nvm Node Version Manager through 0.40.4 executes arbitrary commands from version strings supplied by the configured Node.js/io.js mirror. Commands such as nvm install read the available versions from the mirror's index.tab and use the selected version, without sanitization, to build download URLs...

PT-2026-46295

Name of the Vulnerable Software and Affected Versions nvm versions prior to 0.40.5 Description Command injection occurs when the software executes arbitrary commands from version strings provided by a configured Node.js/io.js mirror. When commands like nvm install read available versions from the...

CVE-2018-25356 SIPp 3.6 Local Buffer Overflow via Command-line Arguments

SIPp 3.6 and earlier contains a local buffer overflow vulnerability in command-line argument handling that allows local attackers to crash the application or execute arbitrary code. Attackers can trigger the vulnerability by supplying oversized input to the -3pcc, -i, or -logfile parameters,...

ALSA-2026:19034 Moderate: python-tornado security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

PT-2026-40114

An improper neutralization of argument delimiters in a command 'argument injection' vulnerability in Fortinet FortiDeceptor 6.0.0 through 6.0.2, FortiDeceptor 5.3.0 through 5.3.3, FortiDeceptor 5.2.0 through 5.2.1, FortiDeceptor 5.1 all versions, FortiDeceptor 5.0 all versions may allow an...

Critical: Red Hat Security Advisory: cockpit: Unauthenticated remote code execution due to SSH command-line argument injection

An update for cockpit is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

CVE-2026-5991

A vulnerability was found in Tenda F451 1.0.0.7. Affected by this issue is the function formWrlExtraSet of the file /goform/WrlExtraSet. The manipulation of the argument GO results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been made public and could be...

CVE-2026-31994 OpenClaw < 2026.2.19 - Local Command Injection via Unsafe cmd Argument Handling in Windows Scheduled Task Script Generation

OpenClaw versions prior to 2026.2.19 contain a local command injection vulnerability in Windows scheduled task script generation due to unsafe handling of cmd metacharacters and expansion-sensitive characters in gateway.cmd files. Local attackers with control over service script generation...

OpenClaw Windows Scheduled Task script generation allowed local command injection via unsafe cmd argument handling

Summary OpenClaw Windows Scheduled Task script generation allowed unsafe argument handling in generated gateway.cmd files. In vulnerable versions, cmd metacharacter-only values could be emitted without safe quoting/escaping, which could lead to unintended command execution when the scheduled task...

EUVD-2023-0272

Malicious code in bioql PyPI...

Ubuntu 14.04 LTS / 16.04 LTS : cifs-utils vulnerabilities (USN-7688-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7688-1 advisory. Aurlien Aptel discovered that cifs-utils invoked a shell when requesting a password. In certain environments, a local attacker could possibly...

Linux Distros Unpatched Vulnerability : CVE-2019-9794

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was discovered where specific command line arguments are not properly discarded during Firefox invocation as a shell handler for URLs. This coul...

USN-7688-1 cifs-utils vulnerabilities

Aurélien Aptel discovered that cifs-utils invoked a shell when requesting a password. In certain environments, a local attacker could possibly use this issue to escalate privileges. CVE-2020-14342 It was discovered that cifs-utils incorrectly used host credentials when mounting a krb5 CIFS file...

Vulnerability of the NetworkServlet.restoreDatabase() function in the system for centrally managing network devices and ports of the Advantech iView, allowing a perpetrator to gain unauthorized access to protected information.

The vulnerability of the NetworkServlet.restoreDatabase function in the system for centrally managing network devices and ports of the Advantech iView platform is related to the implementation or modification of arguments. Exploiting this vulnerability could allow an attacker to gain unauthorized...

USN-7603-1 composer vulnerabilities

Thomas Chauchefoin discovered that Composer did not correctly handle certain arguments. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. CVE-2022-24828, CVE-2023-43655 Ed Cradoc...

Security update for systemd

This update for systemd fixes the following issues: coredump: use %d in kernel core pattern CVE-2025-4598 Revert "macro: terminate the temporary VAARGSFOREACH array with a sentinel" SUSE specific umount: do not move busy network mounts bsc1236177 man/pstore.conf: pstore.conf template is not alway...

The vulnerability of the AT+MNPINGTM software for Industrial Routers Microhard IPn4Gii-NA2 and BulletLTE-NA2 allows a hacker to enhance their privileges.

The vulnerability of the AT+MNPINGTM software for Microhard IPn4Gii-NA2 and BulletLTE-NA2 routers lies in the implementation or modification of certain arguments within the software. Exploiting this vulnerability can allow attackers to enhance their privileges...

The vulnerability of the runcmd() function in the router_command.sh script of Quantenna’s Wi-Fi chip microprogramming system allows a hacker to execute arbitrary commands.

The vulnerability of the runcmd function in the routercommand.sh script of Quantenna’s Wi-Fi chip microprogramming system is related to the implementation or modification of arguments. Exploiting this vulnerability could allow a perpetrator to execute arbitrary commands...

The vulnerability of the get_file_from_qtn() function in the router_command.sh script of the Quantenna Wi-Fi chip’s software allows a hacker to execute arbitrary commands.

The vulnerability of the getfilefromqtn function in the routercommand.sh script of the Quantenna Wi-Fi chip’s microprogramming system is related to the implementation or modification of arguments. Exploiting this vulnerability could allow a perpetrator to execute arbitrary commands...

The vulnerability of the get_syslog_from_qtn() function in the router_command.sh script of the Quantenna Wi-Fi chip’s software allows a hacker to execute arbitrary commands.

The vulnerability of the getsyslogfromqtn function in the routercommand.sh script of the Quantenna Wi-Fi chip’s microprogramming system is related to the implementation or modification of arguments. Exploiting this vulnerability could allow an attacker to execute arbitrary commands...