7971 matches found
CVE-2026-31156
A path injection vulnerability exists in OpenPLC v3 2c82b0e79c53f8c1f1458eee15fec173400d6e1a as the binary program compiled from gluegenerator.cpp does not perform any validation on the file path parameters passed via the command line. The user-controlled input parameters are directly passed to t...
Systeminformation vulnerable to Linux command injection in networkInterfaces() via unsanitized NetworkManager connection profile name
Summary On Linux, systeminformation is vulnerable to command injection in networkInterfaces when an active NetworkManager connection profile name contains shell metacharacters. This is not caused by a caller passing attacker-controlled arguments into networkInterfaces. The vulnerable value is...
CVE-2026-44295 protobufjs-cli: Code injection in pbjs static output from crafted schema names
protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.2.1 and 2.0.2, pbjs static code generation could emit unsafe JavaScript identifiers derived from schema-controlled names. When generating static JavaScript from a crafted schema or JSON descriptor, certain namespace, enum,...
CVE-2026-42290 protobufjs-cli: OS Command Injection
protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.2.1 and 2.0.2, pbts invoked JSDoc by building a shell command string from input file paths and executing it through childprocess.exec. File paths containing shell metacharacters could therefore be interpreted by the shell inste...
CVE-2026-42290
protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.2.1 and 2.0.2, pbts invoked JSDoc by building a shell command string from input file paths and executing it through childprocess.exec. File paths containing shell metacharacters could therefore be interpreted by the shell inste...
jq: Stack overflow via unbounded recursion in jv_contains
...
cmd/go: golang: Go (golang) and cmd/go: Arbitrary Code Execution via malicious SWIG file names
A flaw was found in the Go programming language golang and its command-line tool cmd/go. A remote attacker could exploit this during the build process by crafting malicious SWIG Simplified Wrapper and Interface Generator file names that contain "cgo" and specific payloads. This could lead to code...
PT-2026-40634
Name of the Vulnerable Software and Affected Versions OpenPLC v3 2c82b0e79c53f8c1f1458eee15fec173400d6e1a Description A path injection issue exists in the binary program compiled from glue generator.cpp. The software fails to validate file path parameters passed via the command line, specifically...
CVE-2026-31156
A path injection vulnerability exists in OpenPLC v3 2c82b0e79c53f8c1f1458eee15fec173400d6e1a as the binary program compiled from gluegenerator.cpp does not perform any validation on the file path parameters passed via the command line. The user-controlled input parameters are directly passed to t...
OpenPLC 安全漏洞
OpenPLC is an open-source, programmable logic controller developed by Thiago Alves. It provides low-cost industrial solutions for automation and research purposes. OpenPLC has a security vulnerability, which stems from the binary program compiled from gluegenerator.cpp not verifying the file path...
GitHub Copilot CLI 安全漏洞
GitHub Copilot CLI is a terminal AI programming assistant open sourced by GitHub. Versions of GitHub Copilot CLI prior to version 1.0.43 contained a security vulnerability. This vulnerability stemmed from malicious bare git repositories nested within project directories. When the agent performed...
vercel 信息泄露漏洞
Vercel is an open-source cloud platform for application development and deployment. Versions of Vercel from 50.16.0 to 52.0.0 have a vulnerability related to information leakage. This vulnerability arises when commands that cannot be executed autonomously are run in non-interactive mode. If...
CVE-2026-31156
CVE-2026-31156 describes a path-injection flaw in OpenPLC v3 arising from glue_generator.cpp not validating file path arguments passed on the command line. User-supplied paths are handed directly to file APIs (fopen/ifstream/ofstream), enabling an attacker to read arbitrary readable files. Public...
CVE-2026-31156
A path injection vulnerability exists in OpenPLC v3 2c82b0e79c53f8c1f1458eee15fec173400d6e1a as the binary program compiled from gluegenerator.cpp does not perform any validation on the file path parameters passed via the command line. The user-controlled input parameters are directly passed to t...
CVE-2026-31156
A path injection vulnerability exists in OpenPLC v3 2c82b0e79c53f8c1f1458eee15fec173400d6e1a as the binary program compiled from gluegenerator.cpp does not perform any validation on the file path parameters passed via the command line. The user-controlled input parameters are directly passed to t...
Palo Alto Networks PAN-OS 10.2.x / 11.1.x / 11.2.x / 12.1.x Vulnerability
The version of Palo Alto Networks PAN-OS running on the remote host is a vulnerable version of 10.2.x, 11.1.x, 11.2.x, or 12.1.x. It is, therefore, affected by a vulnerability. Multiple command injection vulnerabilities in Palo Alto Networks PAN-OS software enable an authenticated administrator t...
cmd/go: golang: Go (golang) and cmd/go: Arbitrary Code Execution via malicious SWIG file names
A flaw was found in the Go programming language golang and its command-line tool cmd/go. A remote attacker could exploit this during the build process by crafting malicious SWIG Simplified Wrapper and Interface Generator file names that contain "cgo" and specific payloads. This could lead to code...
cmd/go: golang: Go (golang) and cmd/go: Arbitrary Code Execution via malicious SWIG file names
A flaw was found in the Go programming language golang and its command-line tool cmd/go. A remote attacker could exploit this during the build process by crafting malicious SWIG Simplified Wrapper and Interface Generator file names that contain "cgo" and specific payloads. This could lead to code...
cmd/go: golang: Go (golang) and cmd/go: Arbitrary Code Execution via malicious SWIG file names
A flaw was found in the Go programming language golang and its command-line tool cmd/go. A remote attacker could exploit this during the build process by crafting malicious SWIG Simplified Wrapper and Interface Generator file names that contain "cgo" and specific payloads. This could lead to code...
EUVD-2026-29807
Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative privileges could exploit these vulnerabilities by sending...