Lucene search
K

6853 matches found

Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.5 views

PT-2026-52059

Name of the Vulnerable Software and Affected Versions Jellyfin versions prior to 10.11.10 Description An argument injection issue exists in the subtitle conversion process. The function ConvertTextSubtitleToSrtInternal interpolates the subtitle file path into FFmpeg command-line arguments without...

8.8CVSS5.9AI score0.00357EPSS
Exploits0References5
NVD
NVD
added 2026/06/23 7:17 p.m.6 views

CVE-2026-55736

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in ash-project ash allows a user to set the value of a private action argument that is intended to be controlled only by trusted server-side code. Action arguments declared with public?: false are meant t...

5.9CVSS0.00152EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/23 6:21 p.m.6 views

CVE-2026-55736

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in ash-project ash allows a user to set the value of a private action argument that is intended to be controlled only by trusted server-side code. Action arguments declared with public?: false are meant t...

5.9CVSS5.8AI score0.00152EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/06/23 5:20 p.m.34 views

CVE-2026-49402 Deno: Command Injection via spawnSync & spawn on Windows

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.7.10, Deno's node:childprocess implementation provided an escapeShellArg helper used when callers passed shell: true to spawn / spawnSync / exec and friends. On Windows, the helper failed to quote arguments that contained cmd.e...

8.1CVSS0.00283EPSS
Exploits1References1
CVE
CVE
added 2026/06/23 5:20 p.m.10 views

CVE-2026-49402

Deno is affected by CVE-2026-49402 on Windows when using node:child_process with shell: true. The escapeShellArg() helper failed to properly quote arguments containing cmd.exe metacharacters (e.g., &, |, , ^, !, (, )), and did not neutralize % inside double-quoted strings. This allowed an attacke...

8.1CVSS6.1AI score0.00283EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2026/06/22 9:16 p.m.10 views

CVE-2026-47242

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to 0.6.5 and 0.5.15, when Net::IMAPid is called with a hash argument, although the ID field value strings are correctly quoted escaping quoted specials, they were not validated to prohibit CRLF sequence...

5.8CVSS0.00131EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/22 8:19 p.m.24 views

CVE-2026-47242 Net::IMAP: Command Injection via ID command argument

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to 0.6.5 and 0.5.15, when Net::IMAPid is called with a hash argument, although the ID field value strings are correctly quoted escaping quoted specials, they were not validated to prohibit CRLF sequence...

5.8CVSS0.00131EPSS
Exploits0References1
CVE
CVE
added 2026/06/22 8:17 p.m.47 views

CVE-2026-47240

Summary of CVE-2026-47240 (Net::IMAP, Ruby) : The vulnerability affects Net::IMAP’s IMAP client in Ruby, where several commands accept a “raw data” argument that is validated but could still be exploited if a server does not support non-synchronizing literals. In that case, a server may interpret...

5.8CVSS6AI score0.00491EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/22 8:11 p.m.4 views

CVE-2026-47241

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to 0.6.5 and 0.5.15, several Net::IMAP commands accept a raw string argument which is only validated to prevent CRLF injection and then sent verbatim. If this string is derived from user-controlled inpu...

2.1CVSS5.9AI score0.00239EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/22 8:11 p.m.21 views

CVE-2026-47241 Net::IMAP: Denial of Service via incomplete raw argument validation

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to 0.6.5 and 0.5.15, several Net::IMAP commands accept a raw string argument which is only validated to prevent CRLF injection and then sent verbatim. If this string is derived from user-controlled inpu...

2.1CVSS0.00239EPSS
Exploits0References1
OSV
OSV
added 2026/06/22 2:35 p.m.2 views

OPENSUSE-SU-2026:21012-1 Security update for perl-Config-IniFiles

This update for perl-Config-IniFiles fixes the following issue - CVE-2026-11527: OS command injection and file overwrite via a 2-arg open of the -file argument in makefilehandle bsc1268236...

8.6CVSS5.8AI score0.00618EPSS
Exploits0References2
OSV
OSV
added 2026/06/22 2:27 p.m.2 views

SUSE-SU-2026:22329-1 Security update for perl-Config-IniFiles

This update for perl-Config-IniFiles fixes the following issue - CVE-2026-11527: OS command injection and file overwrite via a 2-arg open of the -file argument in makefilehandle bsc1268236...

8.6CVSS5.8AI score0.00618EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.7 views

RHEL 9 : evince (RHSA-2026:27819)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:27819 advisory. The evince packages provide a simple multi-page document viewer for Portable Document Format PDF, PostScript PS, Encapsulated PostScript EPS files,...

8.4CVSS6AI score0.00529EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/21 9:45 p.m.6 views

CVE-2026-12810

A security flaw has been discovered in Edimax BR-6478AC V2 1.23. Affected by this vulnerability is the function mp of the file /goform/mp of the component POST Request Handler. Performing a manipulation of the argument command results in command injection. The attack may be initiated remotely. Th...

6.5CVSS6.4AI score0.01158EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/06/20 4:43 p.m.33 views

CVE-2026-5366 Git Argument Injection in prefecthq/prefect

Prefect version 3.6.23 is vulnerable to remote code execution due to improper handling of user-controlled input in the GitRepository storage class. The commitsha parameter, which is passed to git commands, lacks validation and does not include a -- separator to distinguish user input from git...

9.9CVSS0.00874EPSS
Exploits3References1
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.6 views

Fedora 43 : perl-HTTP-Daemon (2026-f276b2154e)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-f276b2154e advisory. Changes: 6.17 2026-05-19 23:11:06Z - Fix CVE-2026-8450 affects 6.15 and earlier: 2-arg open in sendfile enabled RCE / arbitrary file write / response-body...

9.1CVSS6.1AI score0.01452EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/19 8:47 p.m.8 views

@cyclonedx/cyclonedx-npm: Shell Injection via Unsanitized --workspace Argument

Summary A command injection vulnerability exists in @cyclonedx/cyclonedx-npm when the CLI is invoked with the --workspace option while the environment variable npmexecpath is unset or empty. User‑supplied --workspace values are passed to a subshell without proper sanitization, enabling attackers ...

8.5CVSS6.3AI score0.0016EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2026/06/19 2:46 p.m.6 views

Arbitrary Argument Injection

Overview bedrock-agentcore is an An SDK for using Bedrock AgentCore Affected versions of this package are vulnerable to Arbitrary Argument Injection via the installpackages function. An attacker can execute arbitrary commands within the sandboxed environment or redirect package resolution to a...

8.4CVSS6AI score0.00302EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: video: fbdev: i740fb: Check the argument of i740calcvclk Since the user can control the arguments of the ioctl function from the user space, special arguments may lead to a divide-by-zero bug. If the user provides an improper...

5.5CVSS6AI score0.00208EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: EDAC/bluefield: Fixed potential integer overflows. The 64-bit argument for the “get DIMM info” SMC call consists of memctrlidx, which is left-shifted by 16 bits and OR-ed with the DIMM index. Since memctrlidx is defined as a 32-b...

5.5CVSS6.2AI score0.00219EPSS
Exploits0References2
Rows per page
Query Builder