IINA 参数注入漏洞

IINA is an open-source modern macOS video player developed by IINA. Versions of IINA prior to 1.4.3 had a parameter injection vulnerability. This vulnerability stemmed from the lack of validation for the mpvoptions/input-commands parameter via the custom URL scheme iina://open. This allowed remot...

PT-2026-42532

IINA before 1.4.3 contains a user-assisted command execution vulnerability that allows remote attackers to execute arbitrary commands by supplying malicious mpv -prefixed query parameters through the iina://open custom URL scheme handler. Attackers can deliver a crafted URL via a browser that...

PT-2026-42646

Impact On POSIX, escapeshellarg‘/usr/bin/wkhtmltopdf’ returns the literal string ‘/usr/bin/wkhtmltopdf’ with the single-quote characters included. is executable then looks for a file whose actual name contains those quote characters, which essentially never exists. The safe branch is dead code an...

Trend Micro Apex One 路径遍历漏洞

Trend Micro Apex One is a terminal protection software developed by Trend Micro, a US-based company. Trend Micro Apex One has a path traversal vulnerability, which originates from the management console. This vulnerability could allow remote attackers to upload malicious code and execute commands...

PT-2026-42412

Name of the Vulnerable Software and Affected Versions Netatalk versions 3.1.4 through 4.4.2 Description A logic error involving bitwise OR operations allows a remote authenticated attacker to perform shell injection, enabling the execution of arbitrary OS commands. Recommendations Update to versi...

F5 Networks BIG-IP : BIG-IP and BIG-IQ privilege escalation vulnerability (K000160971)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.2 / 17.5.1.6 / 21.0.0.2. It is, therefore, affected by a vulnerability as referenced in the K000160971 advisory. A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker...

GO-2026-4964 Rclone: Unauthenticated options/set allows runtime auth bypass, leading to sensitive operations and command execution in github.com/rclone/rclone

Rclone: Unauthenticated options/set allows runtime auth bypass, leading to sensitive operations and command execution in github.com/rclone/rclone. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this ...

Malicious code in @aledan007/tester (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ab03e3eef2f59f358cdaacedf2d9facb12077110c5402ad36aad6e3581e66439 The bundled server file dist/server/index.js contains a hardcoded reference to the attacker-controlled domain https://evil.attacker-example.com...

CVE-2026-46483

A flaw was found in Vim. When decompressing .tgz archives, the Vimuntar function builds shell commands using shellescape without the special flag. This allows a specially crafted archive filename to trigger Vim cmdline-special expansion and execute arbitrary commands in the context of the current...

CVE-2026-9101 Prototype pollution in csv parsing

Prototype pollution in csv parsing logic during import can lead to untrusted file paths but not arguments entering shell.openExternal after specific user behavior leading to "1-click" command execution...

Prototype pollution in csv parsing

Prototype pollution in csv parsing logic during import can lead to untrusted file paths but not arguments entering shell.openExternal after specific user behavior leading to "1-click" command execution...

CVE-2026-20206

A vulnerability in the BrowserBot component of Cisco ThousandEyes Enterprise Agent could have allowed an authenticated, remote attacker to execute arbitrary commands on Agents on behalf of the BrowserBot synthetics orchestration process. Cisco has addressed this vulnerability in the Cisco...

EUVD-2026-31136

A vulnerability in the BrowserBot component of Cisco ThousandEyes Enterprise Agent could have allowed an authenticated, remote attacker to execute arbitrary commands on Agents on behalf of the BrowserBot synthetics orchestration process. Cisco has addressed this vulnerability in the Cisco...

CVE-2026-20206

The CVE relates to Cisco ThousandEyes Enterprise Agent’s BrowserBot component. A vulnerability caused by insufficient input validation of user-supplied command arguments could let an authenticated, remote attacker execute arbitrary commands inside the BrowserBot container as the node user, by exp...

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements used in an Expression Language Statement 'Expression Language Injection' in the server-side template rendering mechanism used by the gadget handler. An attacker can execute arbitrary commands,...

Malicious code in stripe-internal-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b6add7fd3034c5b0d00e39e2cbfeb7c664085ef412612b53ebe9fd81767449be package.json declares a postinstall hook that auto-fires on npm install and performs reconnaissance + exfiltration against the installer. The inline...

Malicious code in lynx-keeper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dc28f02ae68bf5a1a57af8662180d7a8a040e6f32ad87abde9acdae508070189 On require, dist/index.js executes a hex-obfuscated harvester that reads /.aws/credentials, /.aws/config, /.ssh/idrsa, /.ssh/ided25519, /.ssh/config,...

How an image could compromise your Mac: understanding an ExifTool vulnerability (CVE-2026-3102)

Introduction ExifTool is a widely adopted utility for reading and writing metadata in image, PDF, audio, and video files. It is available both as a standalone command-line application and as a library that can be embedded in other software. In this article, we break down CVE-2026-3102, an ExifToo...

SUSE-SU-2026:2019-1 Security update for cockpit

This update for cockpit fixes the following issues - CVE-2026-0775: npm: loading of modules from an unsecured location can be used for local privilege escalation and arbitrary code execution in the context of a target user bsc1256521. - CVE-2026-4802: remote command execution via unsanitized...

Security update for cockpit

This update for cockpit fixes the following issues CVE-2026-0775: npm: loading of modules from an unsecured location can be used for local privilege escalation and arbitrary code execution in the context of a target user bsc1256521. CVE-2026-4802: remote command execution via unsanitized...