GHSA-M3C4-PRHW-MRX6 Deno has an incomplete fix for command-injection prevention on Windows — case-insensitive extension bypass

Summary A prior patch aimed to block spawning Windows batch/shell files by returning an error when a spawned path’s extension matched .bat or .cmd. That check performs a case-sensitive comparison against lowercase literals and therefore can be bypassed when the extension uses alternate casing for...

MiracleLinux 4 : ipa-3.0.0-26.2.0.1.AXS4 (AXSA:2013-421:02)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2013-421:02 advisory. IPA is an integrated solution to provide centrally managed Identity machine, user, virtual machines, groups, authentication credentials, Policy configuration...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001522)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001522 advisory. An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations often occur in batch hypercalls, where a number of operatio...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000778)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000778 advisory. The nfnetlinkrcvbatch function in net/netfilter/nfnetlink.c in the Linux kernel before 4.5 does not check whether a batch message's length field is large enough, whi...

CVE-2026-22864

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Before 2.5.6, a prior patch aimed to block spawning Windows batch/shell files by returning an error when a spawned path’s extension matched .bat or .cmd. That check performs a case-sensitive comparison against lowercase literals and...

CVE-2026-22864 Deno has an incomplete fix for command-injection prevention on Windows — case-insensitive extension bypass

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Before 2.5.6, a prior patch aimed to block spawning Windows batch/shell files by returning an error when a spawned path’s extension matched .bat or .cmd. That check performs a case-sensitive comparison against lowercase literals and...

CVE-2026-22864

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Before 2.5.6, a prior patch aimed to block spawning Windows batch/shell files by returning an error when a spawned path’s extension matched .bat or .cmd. That check performs a case-sensitive comparison against lowercase literals and...

CVE-2026-22864

CVE-2026-22864 affects Deno before version 2.5.6. The patch intended to block spawning Windows batch/shell files checked the extension against lowercase .bat/.cmd using a case-sensitive comparison, which can be bypassed by alternate casing (e.g., .BAT/.Bat). This results in a case-insensitive-lik...

CVE-2026-22864 Deno has an incomplete fix for command-injection prevention on Windows — case-insensitive extension bypass

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Before 2.5.6, a prior patch aimed to block spawning Windows batch/shell files by returning an error when a spawned path’s extension matched .bat or .cmd. That check performs a case-sensitive comparison against lowercase literals and...

CVE-2026-22864 Deno has an incomplete fix for command-injection prevention on Windows — case-insensitive extension bypass

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Before 2.5.6, a prior patch aimed to block spawning Windows batch/shell files by returning an error when a spawned path’s extension matched .bat or .cmd. That check performs a case-sensitive comparison against lowercase literals and...

CVE-2026-22864

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Before 2.5.6, a prior patch aimed to block spawning Windows batch/shell files by returning an error when a spawned path’s extension matched .bat or .cmd. That check performs a case-sensitive comparison against lowercase literals and...

PT-2026-3146

Name of the Vulnerable Software and Affected Versions Deno versions prior to 2.5.6 Description Deno is a JavaScript, TypeScript, and WebAssembly runtime. A previous attempt to prevent the execution of Windows batch and shell files by checking file extensions .bat or .cmd was ineffective due to a...

org.iplass:iplass-admin (>=4.0.0 <=4.0.20), org.iplass:iplass-gem (>=4.0.0 <=4.0.20) +7 more potentially affected by CVE-2025-15056 via org.webjars.npm:quill (>=2.0.0-rc.2 <=2.0.2)

org.webjars.npm:quill MAVEN version =2.0.0-rc.2, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =2.10.2, =2.10.3-ssr.3 Source cves: CVE-2025-15056 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-14927398...

CVE-2022-23115

Cross-site request forgery CSRF vulnerabilities in Jenkins batch task Plugin 1.19 and earlier allows attackers with Overall/Read access to retrieve logs, build or delete a batch task...

CVE-1999-0337

AIX batch queue bsh allows local and remote users to gain additional privileges when network printing is enabled...

Exploit for Missing Authentication for Critical Function in Jetbrains Teamcity

Bash Command Examples Batch Scanning python teamcit...

Exploit for CVE-2025-68926

PoC Usage Instructions Single-target Detection python...

Exploit for CVE-2024-25600

🧱 BrickBreaker !Pythonhttps://img.shields.io/badge/Pytho...

PT-2026-26583

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains an issue within the netfilter subsystem related to nf tables. During transaction processing, multiple catchall elements may exist, including one active and one...

This Year in Spring – December 30th, 2025

Hi, Spring fans! Can you believe it? It's already the 30th of December! I celebrated Christmas with my family in Los Angeles, then we jumped on a flight headed for Southeast Asia to ring in the New Year with more friends and family. I'm sitting at a café in the sweltering city of Kuala Lumpur,...