CVE-2026-22188

The deploy-stub component in Panda3D versions up to and including 1.10.16 contains a denial of service vulnerability due to unbounded stack allocation. The deploy-stub executable allocates argvcopy and argvcopy2 using alloca based directly on the attacker-controlled argc value without validation...

CVE-2024-41129

The ops library is a Python framework for developing and testing Kubernetes and machine charms. The issue here is that ops passes the secret content as one of the args via CLI. This issue may affect any of the charms that are using: Juju =3.0, Juju secrets and not correctly capturing and processi...

CVE-2024-39314

toy-blog is a headless content management system implementation. Starting in version 0.4.3 and prior to version 0.5.0, the administrative password was leaked through the command line parameter. The problem was patched in version 0.5.0. As a workaround, pass --read-bearer-token-from-stdin to the...

CVE-2023-40685

Management Central as part of IBM i 7.2, 7.3, 7.4, and 7.5 Navigator contains a local privilege escalation vulnerability. A malicious actor with command line access to the operating system can exploit this vulnerability to elevate privileges to gain root access to the operating system. IBM X-Forc...

CVE-2023-40375

Integrated application server for IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain root access to the host operating system. IBM X-Force ID: 263580...

CVE-2021-33886

An improper sanitization of input vulnerability in B. Braun SpaceCom2 prior to 012U000062 allows a remote unauthenticated attacker to gain user-level command-line access by passing a raw external string straight through to printf statements. The attacker is required to be on the same network as t...

CVE-2022-37923

Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete...

CVE-2022-37921

Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete...

CVE-2020-7284

Exposure of Sensitive Information in McAfee Network Security Management NSM prior to 10.1.7.7 allows local users to gain unauthorised access to the root account via execution of carefully crafted commands from the restricted command line interface CLI...

CVE-2024-41134

A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateway's Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability will result in the ability to execute arbitrary commands as...

CVE-2024-39780

A YAML deserialization vulnerability was found in the Robot Operating System ROS 'dynparam', a command-line tool for getting, setting, and deleting parameters of a dynamically configurable node, affecting ROS distributions Noetic and earlier. The issue is caused by the use of the yaml.load functi...

CVE-2026-22034 Snuffleupagus vulnerable to RCE on instances with upload validation enabled but without the VLD package

Snuffleupagus is a module that raises the cost of attacks against website by killing bug classes and providing a virtual patching system. On deployments of Snuffleupagus prior to version 0.13.0 with the non-default upload validation feature enabled and configured to use one of the upstream...

CVE-2026-22034 Snuffleupagus vulnerable to RCE on instances with upload validation enabled but without the VLD package

Snuffleupagus is a module that raises the cost of attacks against website by killing bug classes and providing a virtual patching system. On deployments of Snuffleupagus prior to version 0.13.0 with the non-default upload validation feature enabled and configured to use one of the upstream...

Amazon Linux 2023 : php8.1, php8.1-bcmath, php8.1-cli (ALAS2023-2025-1355)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1355 advisory. NOTE: https://github.com/php/php-src/security/advisories/GHSA-3237-qqm7-mfv7NOTE: https://github.com/php/php-src/commit/c5f28c7cf0a052f48e47877c7aa5c5bcc54f1cfcDEBIANBUG: 1123574 CVE-2025-1417...

CVE-2026-22188

Panda3D versions up to and including 1.10.16 deploy-stub contains a denial of service vulnerability due to unbounded stack allocation. The deploy-stub executable allocates argvcopy and argvcopy2 using alloca based directly on the attacker-controlled argc value without validation. Supplying a larg...

ALPINE-CVE-2026-22184

zlib versions up to and including 1.3.1.2 include a global buffer overflow in the untgz utility located under contrib/untgz. The vulnerability is limited to the standalone demonstration utility and does not affect the core zlib compression library. The flaw occurs when a user executes the untgz...

Use of Uninitialized Variable

Overview Panda3D is a Panda3D is a framework for 3D rendering and game development for Python and C++ programs. Affected versions of this package are vulnerable to Use of Uninitialized Variable via the deploy-stub process. An attacker can cause the application to crash or exhibit undefined behavi...

Use of Externally-Controlled Format String

Overview Panda3D is a Panda3D is a framework for 3D rendering and game development for Python and C++ programs. Affected versions of this package are vulnerable to Use of Externally-Controlled Format String via the egg-mkfont component. An attacker can access sensitive stack-resident memory and...

CVE-2026-22190 Panda3D <= 1.10.16 egg-mkfont Format String Information Disclosure

The egg-mkfont utility in Panda3D versions up to and including 1.10.16 contains an uncontrolled format string vulnerability. The -gp glyph pattern command-line option is used directly as the format string for sprintf with only a single argument supplied. If an attacker provides additional format...

CVE-1999-0817

Lynx WWW client allows a remote attacker to specify command-line parameters which Lynx uses when calling external programs to handle certain protocols, e.g. telnet...