cmd/go: golang: Go (golang) and cmd/go: Arbitrary Code Execution via malicious SWIG file names

A flaw was found in the Go programming language golang and its command-line tool cmd/go. A remote attacker could exploit this during the build process by crafting malicious SWIG Simplified Wrapper and Interface Generator file names that contain "cgo" and specific payloads. This could lead to code...

CVE-2026-7220

The CVE-2026-7220 entry concerns jackwrichards FastlyMCP (fastly_cli Tool) up to commit 6f3d0b0e654fc51076badc7fa16c03c461f95620, affecting fastly-mcp.mjs. The vulnerability arises from manipulation of the command argument, enabling an OS command injection. It can be exploited remotely, and the e...

ALSA-2026:5941 Important: golang security update

The golang packages provide the Go programming language compiler. Security Fixes: cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive CVE-2025-61731 net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 For more details about the security issues, including...

CVE-2026-25105

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into parameters of the Modbus command tool in the debug route...

CVE-2026-25105 Copeland XWEB and XWEB Pro OS Command Injection

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into parameters of the Modbus command tool in the debug route...

PT-2026-22276

Name of the Vulnerable Software and Affected Versions XWEB Pro versions prior to 1.12.1 Description A flaw exists that allows a logged-in attacker to execute code remotely on a system. This is achieved by injecting malicious input into parameters of the Modbus command tool within a debug route. T...

CVE-2025-65807

An issue in sd command v1.0.0 and before allows attackers to escalate privileges to root via a crafted command...

GHSA-4C65-9GQF-4W8H Cybersecurity AI (CAI) vulnerable to Command Injection in run_ssh_command_with_credentials Agent tool

Summary A command injection vulnerability is present in the function tool runsshcommandwithcredentials available to AI agents. Details This is the source code of the function tool runsshcommandwithcredentials code: python @functiontool def runsshcommandwithcredentials host: str, username: str,...

MAL-2025-146149 Malicious code in phoebe-dotenv-parse-variables-command-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ece3d0a3c92e4d2ae8824dc2f384b219324b821124e6158568921eabf59b6ec8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-123772

Malicious code in phoebe-dotenv-parse-variables-command-tool npm...

EUVD-2023-2612

Malicious code in bioql PyPI...

Unexpected command execution in untrusted VCS repositories in cmd/go

...

cmd/go 安全漏洞

Google Go Cmd/go is a codebase that provides command support for the Go language from Google, Inc. in the United States. A security vulnerability exists in cmd/go that originates in cmd into go prior to 1.16.14 and 1.17. x prior to 1.17.7 may incorrectly interpret branch names as version markers...

Fedora Update for curl FEDORA-2013-2098

Check for the Version of curl OpenVAS Vulnerability Test Fedora Update for curl FEDORA-2013-2098 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of...

[SECURITY] [DSA-002-1] fsh symlink attack

Package : fsh Problem type : symlink attack Debian-specific: no Colin Phipps found an interesting symlink attack problem in fsh a tool to quickly run remote commands over rsh/ssh/lsh. When fshd starts it creates a directory in /tmp to hold its sockets. It tries to do that securely by checking of ...