Astra Linux - уязвимость в traceroute

In buc Traceroute 2.0.12 through 2.1.2 before 2.1.3, the wrapper scripts do not properly parse command lines...

CVE-2026-30311

Ridvay Code's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on fragile regular expressions to parse command structures; while it attempts to intercept dangerous operations...

CVE-2026-24516

A command injection vulnerability exists in DigitalOcean Droplet Agent through 1.3.2. The troubleshooting actioner component internal/troubleshooting/actioner/actioner.go processes metadata from the metadata service endpoint and executes commands specified in the TroubleshootingAgent.Requesting...

Moderate: Red Hat Security Advisory: vsftpd security update

An update for vsftpd is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

(Pwn2Own) Canon imageCLASS MF654Cdw PJCC Request Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF654Cdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CADM service, which listens on TCP port 9013 by default...

Moderate: Red Hat Security Advisory: vsftpd security update

An update for vsftpd is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this update as...

Moderate: Red Hat Security Advisory: vsftpd security update

An update for vsftpd is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Amazon Linux 2 : vsftpd, --advisory ALAS2-2026-3176 (ALAS-2026-3176)

The version of vsftpd installed on the remote host is prior to 3.0.2-25. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3176 advisory. A flaw was found in vsftpd. This vulnerability allows a denial of service DoS via an integer overflow in the ls command parameter...

Medium: vsftpd

Issue Overview: A flaw was found in vsftpd. This vulnerability allows a denial of service DoS via an integer overflow in the ls command parameter parsing, triggered by a remote, authenticated attacker sending a crafted STAT command with a specific byte sequence. CVE-2025-14242 Affected Packages:...

Arbitrary Code Injection

Overview @anthropic-ai/claude-code is an Use Claude, Anthropic's AI assistant, right from your terminal. Claude can understand your codebase, edit files, run terminal commands, and handle entire workflows for you. Affected versions of this package are vulnerable to Arbitrary Code Injection via th...

Claude Code 代码注入漏洞

Claude Code is an open-source terminal-native AI programming tool developed by Anthropic. Versions of Claude Code prior to 2.0.72 contained a code injection vulnerability. This vulnerability stemmed from command parsing errors, which could allow bypassing confirmation prompts and executing...

PT-2026-6466

Due to an error in command parsing, it was possible to bypass the Claude Code confirmation prompt to trigger execution of untrusted commands through the find command. Reliably exploiting this required the ability to add untrusted content into a Claude Code context window. Users on standard Claude...

RLSA-2026:0606 Moderate: vsftpd security update

The vsftpd packages include a Very Secure File Transfer Protocol FTP daemon, which is used to serve files over a network. Security Fixes: vsftpd: vsftpd: Denial of service via integer overflow in ls command parameter parsing CVE-2025-14242 For more details about the security issues, including the...

vsftpd security update

An update is available for vsftpd. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The vsftpd packages include a Very Secure File Transfer Protocol FTP daemon,...

vsftpd security update

An update is available for vsftpd. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The vsftpd packages include a Very Secure File Transfer Protocol FTP daemon,...

RockyLinux 10 : vsftpd (RLSA-2026:0606)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:0606 advisory. vsftpd: vsftpd: Denial of service via integer overflow in ls command parameter parsing CVE-2025-14242 Tenable has extracted the preceding description block...

RLSA-2026:0608 Moderate: vsftpd security update

The vsftpd packages include a Very Secure File Transfer Protocol FTP daemon, which is used to serve files over a network. Security Fixes: vsftpd: vsftpd: Denial of service via integer overflow in ls command parameter parsing CVE-2025-14242 For more details about the security issues, including the...

ALSA-2026:0608 Moderate: vsftpd security update

The vsftpd packages include a Very Secure File Transfer Protocol FTP daemon, which is used to serve files over a network. Security Fixes: vsftpd: vsftpd: Denial of service via integer overflow in ls command parameter parsing CVE-2025-14242 For more details about the security issues, including the...

RHEL 9 : vsftpd (RHSA-2026:0605)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:0605 advisory. The vsftpd packages include a Very Secure File Transfer Protocol FTP daemon, which is used to serve files over a network. Security Fixes: vsftpd:...

ALSA-2026:0605 Moderate: vsftpd security update

The vsftpd packages include a Very Secure File Transfer Protocol FTP daemon, which is used to serve files over a network. Security Fixes: vsftpd: vsftpd: Denial of service via integer overflow in ls command parameter parsing CVE-2025-14242 For more details about the security issues, including the...