8008 matches found
ROS-20260524-73-0045
A vulnerability in the Jenkins Automation Server built-in command line interface CLI is related to the dependency of critical actions on reverse DNS resolution. Exploitation of the vulnerability could allow a remote attacker to realize a CSWSH Cross-Site WebSocket Hijacking attack...
MAL-2026-4630 Malicious code in openprompt-lang (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 24ccd29557423c05fb49b14b0a9a2e1cfbe5a2b69a1276bc76d287edc46f4ec2 On every npm install, openprompt-lang's postinstall hook scripts/postinstall.js:83 executes npm install -g @opencode/cli 2/dev/null || curl -fsSL...
CVE-2018-25356
SIPp 3.6 and earlier contains a local buffer overflow vulnerability in command-line argument handling that allows local attackers to crash the application or execute arbitrary code. Attackers can trigger the vulnerability by supplying oversized input to the -3pcc, -i, or -logfile parameters,...
CVE-2018-25356 SIPp 3.6 Local Buffer Overflow via Command-line Arguments
SIPp 3.6 and earlier contains a local buffer overflow vulnerability in command-line argument handling that allows local attackers to crash the application or execute arbitrary code. Attackers can trigger the vulnerability by supplying oversized input to the -3pcc, -i, or -logfile parameters,...
CVE-2018-25356
SIPp 3.6 and earlier contains a local buffer overflow vulnerability in command-line argument handling that allows local attackers to crash the application or execute arbitrary code. Attackers can trigger the vulnerability by supplying oversized input to the -3pcc, -i, or -logfile parameters,...
EUVD-2018-21877
SIPp 3.6 and earlier contains a local buffer overflow vulnerability in command-line argument handling that allows local attackers to crash the application or execute arbitrary code. Attackers can trigger the vulnerability by supplying oversized input to the -3pcc, -i, or -logfile parameters,...
CVE-2018-25356 SIPp 3.6 Local Buffer Overflow via Command-line Arguments
SIPp 3.6 and earlier contains a local buffer overflow vulnerability in command-line argument handling that allows local attackers to crash the application or execute arbitrary code. Attackers can trigger the vulnerability by supplying oversized input to the -3pcc, -i, or -logfile parameters,...
CVE-2018-25356
The CVE applies to SIPp 3.6 and earlier, where a local buffer overflow exists in command-line argument handling. The underlying issue is a strcpy overflow in sipp.cpp caused by oversized input to -3pcc, -i, or -log_file parameters. This can allow a local attacker to crash SIPp or potentially exec...
npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks
GitHub has rolled out new controls for npm to improve the security of the software supply chain, giving maintainers the ability to explicitly approve a release prior to the packages becoming publicly available for installation. Called staged publishing, the feature is now generally available on...
wpsecscan
WPSecScan !testshttps://github.com/bryanflowers/wpsecscan...
Remote Code Execution (RCE)
9router is vulnerable to Remote Code Execution RCE. The vulnerability is due to missing authentication checks on /api/cli-tools/ and /api/mcp/ endpoints, which allows an attacker to chain unauthenticated API calls and execute arbitrary OS commands remotely...
SIPp 安全漏洞
SIPp is an open-source SIP protocol testing tool and traffic generator developed by SIPp. Versions of SIPp 3.6 and earlier contained security vulnerabilities. These vulnerabilities stemmed from local buffer overflows in the handling of command-line parameters, which could allow local attackers to...
cve-researcher
cve-researcher AI-powered CVE research in your terminal —...
CVE-2026-6406
The Docker CLI --use-api-socket flag bypasses Enhanced Container Isolation ECI restrictions in Docker Desktop. When ECI is enabled, Docker socket mounts from containers are denied unless explicitly allowed via the admin-settings configuration. However, the --use-api-socket flag adds the Docker...
EUVD-2026-31471
Missing input source validation in the tool authorization prompt in Kiro CLI before 1.28.0 allows a local attacker to execute arbitrary tools, including shell commands, without user approval by crafting content that is piped to kiro-cli via stdin. We recommend you to upgrade to kiro-cli version...
CVE-2026-9255 Tool Execution Without Authorization via Piped Stdin in Kiro CLI
Missing input source validation in the tool authorization prompt in Kiro CLI before 1.28.0 allows a local attacker to execute arbitrary tools, including shell commands, without user approval by crafting content that is piped to kiro-cli via stdin. We recommend you to upgrade to kiro-cli version...
USN-8295-1: Evince vulnerability
It was discovered that Evince did not properly sanitize command-line arguments in PDF /GoToR actions. If a user opened a specially crafted PDF file, an attacker could possibly use this issue to execute arbitrary code...
USN-8295-1 evince vulnerability
It was discovered that Evince did not properly sanitize command-line arguments in PDF /GoToR actions. If a user opened a specially crafted PDF file, an attacker could possibly use this issue to execute arbitrary code...
Malicious code in codebuff-cli (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bdf777f03e4dc44a9956401136a42f099638025ef7d2197dec630525ad26727d The package name codebuff-cli impersonates the legitimate codebuff npm package; the README is copy-pasted from the official CodebuffAI project it eve...
MAL-2026-4497 Malicious code in bingocode (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 78f3d873e7c4d16629263bb242a2636f18747d5dd096b614fb3cf43a56d2dc8e The package declares bin.claude pointing at bin/claude-win.cjs and bin/claude on Linux/macOS. After npm i -g bingocode, the claude command on PATH is...