CVE-2025-29659

CVE-2025-29659 affects Yi IOT XY-3820, version 6.0.24.10. The vulnerability is a Remote Command Execution via the cmd_listen function in the cmd binary, with network access and no user interaction required (CVSS v3.1: 9.8, Critical). The reports do not specify a fixed version; a workaround sugges...

The vulnerability of the `ovs_vport_cmd_fill_info()` function in the `net/openvswitch/datapath.c` module, which is part of the Open vSwitch router support in the Linux operating system, allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the ovsvportcmdfillinfo function in the net/openvswitch/datapath.c module, which is part of the Open vSwitch router support in the Linux operating system, relates to the reutilization of previously released memory. Exploiting this vulnerability could allow an attacker to...

CVE-2025-30222

Shescape is a simple shell escape library for JavaScript. Versions 1.7.2 through 2.1.1 are vulnerable to potential environment variable exposure on Windows with CMD. This impact users of Shescape on Windows that explicitly configure shell: 'cmd.exe' or shell: true using any of...

GHSA-66PP-5P9W-Q87J Shescape has potential environment variable exposure on Windows with CMD

Impact This impact users of Shescape on Windows that explicitly configure shell: 'cmd.exe' or shell: true using any of quote/quoteAll/escape/escapeAll. An attacker may be able to get read-only access to environment variables. Example: javascript import as cp from "node:childprocess"; import...

Shescape has potential environment variable exposure on Windows with CMD

Impact This impact users of Shescape on Windows that explicitly configure shell: 'cmd.exe' or shell: true using any of quote/quoteAll/escape/escapeAll. An attacker may be able to get read-only access to environment variables. Example: javascript import as cp from "node:childprocess"; import...

CVE-2025-30222

Shescape is a simple shell escape library for JavaScript. Versions 1.7.2 through 2.1.1 are vulnerable to potential environment variable exposure on Windows with CMD. This impact users of Shescape on Windows that explicitly configure shell: 'cmd.exe' or shell: true using any of...

CVE-2025-30222 Shescape has potential environment variable exposure on Windows with CMD

Shescape is a simple shell escape library for JavaScript. Versions 1.7.2 through 2.1.1 are vulnerable to potential environment variable exposure on Windows with CMD. This impact users of Shescape on Windows that explicitly configure shell: 'cmd.exe' or shell: true using any of...

CVE-2025-30222

Shescape vulnerability (CVE-2025-30222) affects versions 1.7.2–2.1.1 of the JavaScript shell-escape library. On Windows, when shell: 'cmd.exe' or shell: true is configured and any of quote/quoteAll/escape/escapeAll is used, an attacker may gain read-only access to environment variables due to env...

CVE-2025-30222 Shescape has potential environment variable exposure on Windows with CMD

Shescape is a simple shell escape library for JavaScript. Versions 1.7.2 through 2.1.1 are vulnerable to potential environment variable exposure on Windows with CMD. This impact users of Shescape on Windows that explicitly configure shell: 'cmd.exe' or shell: true using any of...

CVE-2025-30222 Shescape has potential environment variable exposure on Windows with CMD

Shescape is a simple shell escape library for JavaScript. Versions 1.7.2 through 2.1.1 are vulnerable to potential environment variable exposure on Windows with CMD. This impact users of Shescape on Windows that explicitly configure shell: 'cmd.exe' or shell: true using any of...

UBUNTU-CVE-2025-2361

A vulnerability was found in Mercurial SCM 4.5.3/71.19.145.211. It has been declared as problematic. This vulnerability affects unknown code of the component Web Interface. The manipulation of the argument cmd leads to cross site scripting. The attack can be initiated remotely. The exploit has be...

CVE-2025-2361

A vulnerability was found in Mercurial SCM 4.5.3/71.19.145.211. It has been declared as problematic. This vulnerability affects unknown code of the component Web Interface. The manipulation of the argument cmd leads to cross site scripting. The attack can be initiated remotely. The exploit has be...

PT-2025-11389 · Unknown +3 · Mercurial Scm +3

Name of the Vulnerable Software and Affected Versions: Mercurial SCM version 4.5.3 Description: A vulnerability was found in the Web Interface component of Mercurial SCM, where the manipulation of the cmd argument leads to cross-site scripting. The attack can be initiated remotely. Recommendation...

Linux Distros Unpatched Vulnerability : CVE-2022-48848

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: tracing/osnoise: Do not unregister events twice Nicolas reported that using: trace-cmd recor...

Linux Distros Unpatched Vulnerability : CVE-2024-46689

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: soc: qcom: cmd-db: Map shared memory as WC, not WB Linux does not write into cmd-db region...

CVE-2024-45340

A flaw was found in cmd/go. This vulnerability allows a malicious server to obtain credentials for unintended domains via improper segmentation of credentials by domain. By default, this issue primarily affects credentials stored in the user's .netrc file...

The vulnerability of the target_completecmd function in the target_core_transport.c component of the Linux operating system allows a hacker to trigger a service failure.

The vulnerability of the targetcompletecmd function in the targetcoretransport.c component of the Linux operating system is related to pointer dereferencing errors. Exploiting this vulnerability could allow an attacker to cause a service failure...

CVE-2024-38325

IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI could allow a remote attacker to obtain sensitive information, caused by sending network requests over an insecure channel. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle...

Malicious code in arcus-cmd-utils (npm)

This package executes a base64-encoded script to download an Electron-based infostealer binary, aimed at exfiltrating cryptocurrency wallets, credentials, and other sensitive data. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware...

MAL-2025-360 Malicious code in arcus-cmd-utils (npm)

This package executes a base64-encoded script to download an Electron-based infostealer binary, aimed at exfiltrating cryptocurrency wallets, credentials, and other sensitive data. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware...