CVE-2026-39052

Oinone Pamirs 7.0.0 contains a code execution vulnerability via ScriptRunner. The method ScriptRunner.runString expression, String type, Map context evaluates attacker-controlled script expressions through the underlying script engine without sandboxing or allowlist restrictions...

CVE-2026-39052

CVE-2026-39052 affects Oinone Pamirs 7.0.0. The vulnerability is a code execution flaw where ScriptRunner.run(String expression, String type, Map context) evaluates attacker‑controlled script expressions through the underlying script engine without sandboxing or allowlist restrictions. The root c...

SUSE CVE-2026-44244

GitPython is a python library used to interact with Git repositories. Prior to version 3.1.49, GitConfigParser.setvalue passes values to Python's configparser without validating for newlines. GitPython's own write converts embedded newlines into indented continuation lines e.g. \n becomes \n\t, b...

CVE-2026-44244

GitPython is a python library used to interact with Git repositories. Prior to version 3.1.49, GitConfigParser.setvalue passes values to Python's configparser without validating for newlines. GitPython's own write converts embedded newlines into indented continuation lines e.g. \n becomes \n\t, b...

Mozilla Firefox Focus for iOS 安全漏洞

Mozilla Firefox Focus for iOS is a privacy browser designed specifically for iOS devices by the Mozilla Foundation in the United States. Versions of Mozilla Firefox Focus for iOS prior to 148.2 contained a security vulnerability. This vulnerability allowed malicious scripts to display web content...

CVE-2025-14714 TCC Bypass via Inherited Permissions in Bundled Interpreter

An Authentication Bypass vulnerability existed where the application bundled an interpreter Python that inherits the Transparency, Consent, and Control TCC permissions granted by the user to the main application bundle By executing the bundled interpreter directly the attacker's scripts run with...

EUVD-2007-3564

Malware in sbrugna...

EUVD-2025-21085

Malicious code in bioql PyPI...

SUSE CVE-2025-27614

Gitk is a Tcl/Tk based Git history browser. Starting with 2.41.0, a Git repository can be crafted in such a way that with some social engineering a user who has cloned the repository can be tricked into running any script e.g., Bourne shell, Perl, Python, ... supplied by the attacker by invoking...

Gitk 操作系统命令注入漏洞

Gitk is an open source graphical tool that comes with Git for viewing information such as commit history and branch structure of a Git repository. Gitk suffers from an operating system command injection vulnerability that stems from the following: a user who clones the repository can be tricked...

PT-2023-29020 · Unknown · Subrion Cms

Name of the Vulnerable Software and Affected Versions: Subrion CMS version 4.2.1 Description: Multiple Cross-Site Scripting XSS vulnerabilities in the installation of Subrion CMS allow a local attacker to execute arbitrary web scripts via a crafted payload injected into the dbhost, dbname, dbuser...

Chamilo LMS Cross-Site Scripting Vulnerability (CNVD-2016-02403)

Chamilo LMS is an open source online learning and collaboration system developed by the Chamilo Association. The system supports the creation of instructional content, distance training and online question and answer sessions. Chamilo LMS suffers from a cross-site scripting vulnerability that ste...

Juniper Networks Junos J-Web Cross-Site Scripting Vulnerability

Juniper Networks Junos is a Juniper Networks network operating system designed for the company's hardware systems. The operating system provides a secure programming interface and the Junos SDK. A cross-site scripting vulnerability exists in Juniper Networks Junos, which arises from the program's...