CVE-2025-30222

Shescape is a simple shell escape library for JavaScript. Versions 1.7.2 through 2.1.1 are vulnerable to potential environment variable exposure on Windows with CMD. This impact users of Shescape on Windows that explicitly configure shell: 'cmd.exe' or shell: true using any of...

Shescape has potential environment variable exposure on Windows with CMD

Impact This impact users of Shescape on Windows that explicitly configure shell: 'cmd.exe' or shell: true using any of quote/quoteAll/escape/escapeAll. An attacker may be able to get read-only access to environment variables. Example: javascript import as cp from "node:childprocess"; import...

GHSA-66PP-5P9W-Q87J Shescape has potential environment variable exposure on Windows with CMD

Impact This impact users of Shescape on Windows that explicitly configure shell: 'cmd.exe' or shell: true using any of quote/quoteAll/escape/escapeAll. An attacker may be able to get read-only access to environment variables. Example: javascript import as cp from "node:childprocess"; import...

CVE-2025-30222

Shescape is a simple shell escape library for JavaScript. Versions 1.7.2 through 2.1.1 are vulnerable to potential environment variable exposure on Windows with CMD. This impact users of Shescape on Windows that explicitly configure shell: 'cmd.exe' or shell: true using any of...

CVE-2025-30222

Shescape vulnerability (CVE-2025-30222) affects versions 1.7.2–2.1.1 of the JavaScript shell-escape library. On Windows, when shell: 'cmd.exe' or shell: true is configured and any of quote/quoteAll/escape/escapeAll is used, an attacker may gain read-only access to environment variables due to env...

CVE-2025-30222 Shescape has potential environment variable exposure on Windows with CMD

Shescape is a simple shell escape library for JavaScript. Versions 1.7.2 through 2.1.1 are vulnerable to potential environment variable exposure on Windows with CMD. This impact users of Shescape on Windows that explicitly configure shell: 'cmd.exe' or shell: true using any of...

CVE-2025-30222 Shescape has potential environment variable exposure on Windows with CMD

Shescape is a simple shell escape library for JavaScript. Versions 1.7.2 through 2.1.1 are vulnerable to potential environment variable exposure on Windows with CMD. This impact users of Shescape on Windows that explicitly configure shell: 'cmd.exe' or shell: true using any of...

CVE-2025-30222 Shescape has potential environment variable exposure on Windows with CMD

Shescape is a simple shell escape library for JavaScript. Versions 1.7.2 through 2.1.1 are vulnerable to potential environment variable exposure on Windows with CMD. This impact users of Shescape on Windows that explicitly configure shell: 'cmd.exe' or shell: true using any of...

UBUNTU-CVE-2025-2361

A vulnerability was found in Mercurial SCM 4.5.3/71.19.145.211. It has been declared as problematic. This vulnerability affects unknown code of the component Web Interface. The manipulation of the argument cmd leads to cross site scripting. The attack can be initiated remotely. The exploit has be...

CVE-2025-2361

A vulnerability was found in Mercurial SCM 4.5.3/71.19.145.211. It has been declared as problematic. This vulnerability affects unknown code of the component Web Interface. The manipulation of the argument cmd leads to cross site scripting. The attack can be initiated remotely. The exploit has be...

PT-2025-11389 · Unknown +3 · Mercurial Scm +3

Name of the Vulnerable Software and Affected Versions: Mercurial SCM version 4.5.3 Description: A vulnerability was found in the Web Interface component of Mercurial SCM, where the manipulation of the cmd argument leads to cross-site scripting. The attack can be initiated remotely. Recommendation...

Linux Distros Unpatched Vulnerability : CVE-2022-48848

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: tracing/osnoise: Do not unregister events twice Nicolas reported that using: trace-cmd recor...

Linux Distros Unpatched Vulnerability : CVE-2024-46689

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: soc: qcom: cmd-db: Map shared memory as WC, not WB Linux does not write into cmd-db region...

CVE-2024-45340

A flaw was found in cmd/go. This vulnerability allows a malicious server to obtain credentials for unintended domains via improper segmentation of credentials by domain. By default, this issue primarily affects credentials stored in the user's .netrc file...

The vulnerability of the target_completecmd function in the target_core_transport.c component of the Linux operating system allows a hacker to trigger a service failure.

The vulnerability of the targetcompletecmd function in the targetcoretransport.c component of the Linux operating system is related to pointer dereferencing errors. Exploiting this vulnerability could allow an attacker to cause a service failure...

CVE-2024-38325

IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI could allow a remote attacker to obtain sensitive information, caused by sending network requests over an insecure channel. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle...

MAL-2025-360 Malicious code in arcus-cmd-utils (npm)

This package executes a base64-encoded script to download an Electron-based infostealer binary, aimed at exfiltrating cryptocurrency wallets, credentials, and other sensitive data. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware...

Malicious code in arcus-cmd-utils (npm)

This package executes a base64-encoded script to download an Electron-based infostealer binary, aimed at exfiltrating cryptocurrency wallets, credentials, and other sensitive data. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the improper completion of ent-slotted when cmdallocindex fails in the net/mlx5 module.This could result in...

UBUNTU-CVE-2024-56700

In the Linux kernel, the following vulnerability has been resolved: media: wl128x: Fix atomicity violation in fmcsendcmd Atomicity violation occurs when the fmcsendcmd function is executed simultaneously with the modification of the fmdev-respskb value. Consider a scenario where, after passing th...