8015 matches found
MAL-2026-6248 Malicious code in jsonschema-viewer (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3692022b4caf5ac51d868aaae58e793520ac3bd36703841eb615942baf85bb87 The package's only function — main in src/jsonschemaviewer/main.py, registered as the jsonschema-viewer console script — invokes os.system to fetch a...
CVE-2026-56236 Capgo CLI - Arbitrary File Overwrite via Symlink-Following in Local Credential Operations
Capgo CLI before 12.128.2 contains arbitrary file overwrite vulnerabilities in login and build credentials operations that follow symlinks without validation. Attackers can create malicious symlinks in repositories to overwrite arbitrary files or expose credentials with world-readable permissions...
Astra Linux – Vulnerability in Parsec
The vulnerability of the parsecmdlin function in the PARSEC security subsystem is related to improper memory release after its use. Exploiting this vulnerability allows an attacker to cause a service failure...
Astra Linux – Vulnerability in Wheel
A vulnerability was discovered in Python Packaging Authority PyPA Wheel 0.37.1 and earlier. This vulnerability allows remote attackers to cause a denial of service by using attacker-controlled input to the wheel cli...
Astra Linux – Vulnerability in glibc
The iconv program in the GNU C Library also known as glibc or libc6 version 2.31 and earlier, when invoked with multiple suffixes in the destination encoding TRANSLATE or IGNORE along with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, resulting in a...
Astra Linux – Vulnerability in librabbitmq
A vulnerability was discovered in the C AMQP client library also known as rabbitmq-c for RabbitMQ in versions up to 0.13.0. credentials can only be entered via the command line e.g., for amqp-publish or amqp-consume, and therefore they are visible to local attackers who can list processes along...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: init/main.c: Fixed a potential memory overflow issue with staticcommandline. We allocated memory of size ‘xlen + strlenbootcommandline + 1 for staticcommandline. However, the strings copied into staticcommandline were actually fr...
Astra Linux – Vulnerability in rabbitMQ-server
RabbitMQ is a multi-protocol messaging broker. In rabbitMQ-server prior to version 3.8.17, adding a new user through the management UI could result in the user’s banner being displayed in a confirmation message without proper tag sanitization, potentially allowing for JavaScript code execution...
Astra Linux – Vulnerability in Ansible
A flaw was discovered in Ansible 2.7.16 and earlier versions, as well as 2.8.8 and earlier, and 2.9.5 and earlier. When a password is set using the “password” argument of the svn module, it is used in the svn command line, thereby exposing it to other users within the same node. An attacker could...
ROOT-APP-MAVEN-CVE-2025-67635 CVE-2025-67635 in io.root.org.jenkins-ci.main:cli - Patched by Root
Root has patched CVE-2025-67635 in the io.root.org.jenkins-ci.main:cli package for Root:Maven. Multiple fixed versions available...
EUVD-2026-37751
A vulnerability in the vmadmin CLI of Cisco Umbrella Virtual Appliance could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied commands. An attacker with vmadmin privileges could exploit this...
CVE-2026-20246 Cisco Umbrella Virtual Appliance Privilege Escalation Vulnerability
A vulnerability in the vmadmin CLI of Cisco Umbrella Virtual Appliance could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied commands. An attacker with vmadmin privileges could exploit this...
postgresql: PostgreSQL libpq: Buffer overflow allows server superuser to overwrite client stack memory
A flaw was found in PostgreSQL libpq. A server superuser can exploit a buffer overflow vulnerability in the PQfn function, which is used by client functions such as loexport, loread, lolseek64, and lotell64. This allows the superuser to send an arbitrarily large response, overwriting the client's...
[SECURITY] Fedora 44 Update: 7zip-26.01-1.fc44
7-Zip is a file archiver with a high compression ratio. The main features of 7-Zip are: High compression ratio in 7z format with LZMA and LZMA2 compression Supported formats: Packing / unpacking: 7z, XZ, BZIP2, GZIP, TAR, ZIP and WIM Unpacking only: AR, ARJ, CAB, CHM, CPIO, CramFS, DMG, EXT, FAT,...
PT-2026-49536
Name of the Vulnerable Software and Affected Versions browserstack-cypress-cli versions prior to 1.36.4 Description The browserstack-cypress-cli allows users to run Cypress tests on BrowserStack. An OS command injection is possible through the cypress config file configuration parameter. In the...
Malicious code in claudechor (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4a9cbb36cf7ed82685830b5d3a2b341bff9ef86e2688842d1f54259b2b6fb533 The package's bin entry reads installer-owned Claude credential files /.claude/.credentials.json and /.claude.json — written by Anthropic's official...
CVE-2026-42853
Vulnerability: CVE-2026-42853 affects ApostropheCMS CLI (@apostrophecms/cli) versions up to 3.6.0. Description: command injection in the apos create flow caused by embedding unsanitized password-prompt input directly into a shell command, enabling arbitrary command execution on the host. Root cau...
aetherion
/\ | | | | | |...
CVE-2026-44170 MariaDB: Argument injection in CONNECT REST Xcurl on Windows via unsanitized URL
MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, MariaDB on WIndows with installed CONNECT engine and enabled REST support interpolated table HTTP...
CVE-2026-44170
MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, MariaDB on WIndows with installed CONNECT engine and enabled REST support interpolated table HTTP...