100 matches found
MAL-2026-5794 Malicious code in neural-network-scan (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 898c75e5a6ae94d115820736ffd2ca4cb948f72655d5c0175a3432cec835768c The package ships a collect.js script that imports childprocess and performs an HTTP POST carrying host identifiers hostname referenced multiple time...
CVE-2026-32260
Deno is a JavaScript, TypeScript, and WebAssembly runtime. From 2.7.0 to 2.7.1, A command injection vulnerability exists in Deno's node:childprocess polyfill shell: true mode that bypasses the fix for CVE-2026-27190. The two-stage argument sanitization in transformDenoShellCommand...
CVE-2026-32260 Command Injection via incomplete shell metacharacter blocklist in node:child_process (bypass of CVE-2026-27190 fix)
Deno is a JavaScript, TypeScript, and WebAssembly runtime. From 2.7.0 to 2.7.1, A command injection vulnerability exists in Deno's node:childprocess polyfill shell: true mode that bypasses the fix for CVE-2026-27190. The two-stage argument sanitization in transformDenoShellCommand...
SUSE CVE-2026-27190
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.6.8, a command injection vulnerability exists in Deno's node:childprocess implementation. This vulnerability is fixed in 2.6.8...
CVE-2026-27190
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.6.8, a command injection vulnerability exists in Deno's node:childprocess implementation. This vulnerability is fixed in 2.6.8...
CVE-2026-27190
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.6.8, a command injection vulnerability exists in Deno's node:childprocess implementation. This vulnerability is fixed in 2.6.8...
CVE-2026-27190 Deno has a Command Injection via Incomplete shell metacharacter blocklist in node:child_process
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.6.8, a command injection vulnerability exists in Deno's node:childprocess implementation. This vulnerability is fixed in 2.6.8...
CVE-2026-27190 Deno has a Command Injection via Incomplete shell metacharacter blocklist in node:child_process
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.6.8, a command injection vulnerability exists in Deno's node:childprocess implementation. This vulnerability is fixed in 2.6.8...
CVE-2026-27190 Deno has a Command Injection via Incomplete shell metacharacter blocklist in node:child_process
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.6.8, a command injection vulnerability exists in Deno's node:childprocess implementation. This vulnerability is fixed in 2.6.8...
EUVD-2021-0846
Malware in sbrugna...
EUVD-2021-1230
Malware in sbrugna...
EUVD-2021-0697
Malware in sbrugna...
EUVD-2021-0733
Malware in sbrugna...
EUVD-2023-1412
Malicious code in bioql PyPI...
EUVD-2023-31584
Malicious code in bioql PyPI...
EUVD-2024-35895
Malicious code in bioql PyPI...
CVE-2023-27849
rails-routes-to-json v1.0.0 was discovered to contain a remote code execution RCE vulnerability via the childprocess function...
CVE-2021-33360
An issue found in Stoqey gnuplot v.0.0.3 and earlier allows attackers to execute arbitrary code via the src/index.ts, plotCallack, childprocess, and/or filePath parameters...
OS Command Execution
HFS is vulnerable to OS Command Execution. The vulnerability is due to using execSync instead of spawnSync in a childprocess to execute the df shell command, which allows an attacker to execute OS commands remotely via the file upload feature...
Node.js 18.x < 18.20.2 / 20.x < 20.12.2 / 21.x < 21.7.3 Multiple Vulnerabilities (Wednesday, April 10, 2024 Security Releases).
The version of Node.js installed on the remote host is prior to 18.20.2, 20.12.2, 21.7.3. It is, therefore, affected by multiple vulnerabilities as referenced in the Wednesday, April 10, 2024 Security Releases advisory. - Due to the improper handling of batch files in childprocess.spawn /...