Lucene search
+L

134 matches found

NVD
NVD
added 3 days ago4 views

CVE-2026-47767

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 5.4.46 until 5.4.52, 6.4.40, 7.4.12, and 8.0.12, the CVE-2024-50340 fix gated runtime argv parsing on empty$GET, but parsestr and the web SAPI can disagree, allowing a crafted query string to...

9.8CVSS0.00386EPSS
Exploits0References6
Cvelist
Cvelist
added 3 days ago35 views

CVE-2026-47767 Symfony: SymfonyRuntime CVE-2024-50340 Patch Bypass: Web Requests Can Still Set APP_ENV/APP_DEBUG via parse_str/SAPI Argv Mismatch

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 5.4.46 until 5.4.52, 6.4.40, 7.4.12, and 8.0.12, the CVE-2024-50340 fix gated runtime argv parsing on empty$GET, but parsestr and the web SAPI can disagree, allowing a crafted query string to...

8.3CVSS0.00386EPSS
Exploits0References6
OSV
OSV
added 2026/07/02 4:5 p.m.10 views

GHSA-MHQ8-78PJ-5J79 OpenClaw's POSIX node system.run safe-bin allowlist could be widened by shell expansion

Summary On POSIX nodes, OpenClaw's system.run safe-bin checks could approve a command before shell expansion changed how the command was interpreted. A value that appeared to be a safe-bin argument could expand into additional shell words and become a file operand. This issue is limited to paired...

7.1CVSS6.1AI score0.00191EPSS
Exploits0References2
OSV
OSV
added 2026/07/02 3:57 p.m.7 views

GHSA-2J8V-HWGC-X698 OpenClaw: Shell wrapper argv could change between approval and execution

Summary Shell wrapper argv could change between approval and execution. In affected versions, a command request using a shell wrapper form could approve one resolved argv shape and rebuild another for execution. This advisory is scoped to the named feature and configuration. It does not change...

8.7CVSS6AI score0.00982EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/29 5:50 p.m.9 views

Important: Red Hat Security Advisory: evince security update

An update for evince is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

8.4CVSS5.8AI score0.00529EPSS
Exploits1References2
Rockylinux
Rockylinux
added 2026/06/25 6:0 a.m.5 views

evince security update

An update is available for evince. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The evince packages provide a simple multi-page document viewer for Portable...

8.4CVSS5.9AI score0.00529EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.10 views

AlmaLinux 8 : evince (ALSA-2026:28998)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:28998 advisory. atril: evince: xreader: PDF /GoToR action argv injection enables single-click RCE via --gtk-module dlopen CVE-2026-46529 Tenable has extracted the preceding...

8.4CVSS5.9AI score0.00529EPSS
Exploits1References3
OSV
OSV
added 2026/06/24 12:0 a.m.6 views

ALSA-2026:28998 Important: evince security update

The evince packages provide a simple multi-page document viewer for Portable Document Format PDF, PostScript PS, Encapsulated PostScript EPS files, and, with additional back-ends, also the Device Independent File format DVI files. Security Fixes: atril: evince: xreader: PDF /GoToR action argv...

8.4CVSS5.9AI score0.00529EPSS
Exploits1References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/22 12:0 p.m.11 views

Malicious code in @tinyfox/shapecheck (npm)

@tinyfox/shapecheck malicious version 0.8.7, published by [email protected] is a trojanized npm package belonging to the wshu.net credential-stealer campaign. The campaign published trojanized look-alike utility packages across 12+ scopes whose publisher accounts all follow the pattern...

5.9AI score
Exploits0References7
OSV
OSV
added 2026/06/22 12:0 p.m.18 views

MAL-2026-6312 Malicious code in @tinyfox/shapecheck (npm)

@tinyfox/shapecheck malicious version 0.8.7, published by [email protected] is a trojanized npm package belonging to the wshu.net credential-stealer campaign. The campaign published trojanized look-alike utility packages across 12+ scopes whose publisher accounts all follow the pattern...

5.9AI score
Exploits0References7
AlmaLinux
AlmaLinux
added 2026/06/22 12:0 a.m.5 views

Important: evince security update

The evince packages provide a simple multi-page document viewer for Portable Document Format PDF, PostScript PS, Encapsulated PostScript EPS files, and, with additional back-ends, also the Device Independent File format DVI files. Security Fixes: atril: evince: xreader: PDF /GoToR action argv...

8.4CVSS5.8AI score0.00529EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/06/10 7:46 p.m.44 views

CVE-2026-46529 PDF /GoToR action argv injection enables single-click RCE via --gtk-module dlopen

Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A single-click remote code execution vulnerability in versions prior to 1.26.3 and 1.28.4 allows an attacker to achieve arbitrary code execution as the user by tricking them into clicking a link inside...

8.4CVSS0.00529EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/06/10 7:46 p.m.11 views

CVE-2026-46529 PDF /GoToR action argv injection enables single-click RCE via --gtk-module dlopen

Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A single-click remote code execution vulnerability in versions prior to 1.26.3 and 1.28.4 allows an attacker to achieve arbitrary code execution as the user by tricking them into clicking a link inside...

8.4CVSS6.4AI score0.00529EPSS
Exploits1References3
Snyk
Snyk
added 2026/06/09 9:58 p.m.4 views

Interpretation Conflict

Overview symfony/runtime is an Enables decoupling PHP applications from global state Affected versions of this package are vulnerable to Interpretation Conflict via the SymfonyRuntime::getInput process. An attacker can modify environment variables and enable debug mode by sending specially crafte...

9.8CVSS5.8AI score0.00386EPSS
Exploits0References3
OSV
OSV
added 2026/05/27 2:17 p.m.8 views

UBUNTU-CVE-2026-46023

In the Linux kernel, the following vulnerability has been resolved: dm mirror: fix integer overflow in createdirtylog The argument count calculation in createdirtylog performs argsused = 2 + paramcount before validating against argc. When a user provides a paramcount close to UINTMAX via the devi...

5.5CVSS5.8AI score0.0013EPSS
Exploits0References7
EUVD
EUVD
added 2026/05/26 12:0 a.m.13 views

EUVD-2026-31843

FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the Juniper router integration plugin. The log function in src/juniperplugin/fastnetmonjuniper.php lines 117-118 constructs shell commands by concatenating the $msg parameter directly into exec calls:...

6AI score0.01645EPSS
Exploits1References3
EUVD
EUVD
added 2026/05/26 12:0 a.m.12 views

EUVD-2026-31949

FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the MikroTik router integration plugin. The log function in src/mikrotikplugin/fastnetmonmikrotik.php lines 107-108 constructs shell commands by concatenating the $msg parameter directly into exec calls:...

8.1CVSS5.9AI score0.0107EPSS
Exploits0References3
OSV
OSV
added 2026/05/26 12:0 a.m.2 views

CVE-2026-48695

FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the MikroTik router integration plugin. The log function in src/mikrotikplugin/fastnetmonmikrotik.php lines 107-108 constructs shell commands by concatenating the $msg parameter directly into exec calls:...

8.1CVSS6.1AI score0.0107EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Composer

Composer is a dependency manager for PHP. Users who publish a composer.phar file to a publicly accessible web server where the file can be executed as a PHP file may be subject to a remote code execution vulnerability if PHP also has registerargcargv enabled in php.ini. Versions 2.6.4, 2.2.22, an...

8.8CVSS8.6AI score0.0139EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: ksmbd: fixed a possible memory leak in smb2lock. argv needs to be freed when setupasyncwork fails, or when the current process is awakened...

5.3AI score0.00156EPSS
Exploits0References2
Rows per page
Query Builder