145247 matches found
PT-2026-42893
Name of the Vulnerable Software and Affected Versions Edimax EW-7438RPn versions prior to 1.31 Description An OS command injection flaw exists in the webs component. The issue occurs within the formWpsStart function located in the '/goform/formWpsStart' endpoint when processing the pinCode...
MAL-2026-4512 Malicious code in chai-as-repaired (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 949b90bd3c157955d029f9ea08bc32aea893e452c4ded78df98b80c1b831be76 Package name 'chai-as-repaired' is a 1-edit typosquat of the popular 'chai-as-promised' chai plugin 1M weekly downloads. The published code is...
CVE-2026-42827
Improper neutralization of special elements used in a command 'command injection' in M365 Copilot allows an unauthorized attacker to disclose information over a network...
CVE-2026-41090
Improper neutralization of special elements used in a command 'command injection' in Microsoft Copilot allows an unauthorized attacker to perform tampering over a network...
CVE-2026-23652
Improper neutralization of special elements used in a command 'command injection' in Microsoft Power Pages allows an unauthorized attacker to execute code over a network...
cve-researcher
cve-researcher AI-powered CVE research in your terminal —...
CVE-2026-41090
Improper neutralization of special elements used in a command 'command injection' in Microsoft Copilot allows an unauthorized attacker to perform tampering over a network...
EUVD-2026-31512
Improper neutralization of special elements used in a command 'command injection' in Microsoft Copilot allows an unauthorized attacker to perform tampering over a network...
CVE-2026-42827
Improper neutralization of special elements used in a command 'command injection' in M365 Copilot allows an unauthorized attacker to disclose information over a network...
EUVD-2026-31513
Improper neutralization of special elements used in a command 'command injection' in M365 Copilot allows an unauthorized attacker to disclose information over a network...
CVE-2026-23652
Improper neutralization of special elements used in a command 'command injection' in Microsoft Power Pages allows an unauthorized attacker to execute code over a network...
EUVD-2026-31508
Improper neutralization of special elements used in a command 'command injection' in Microsoft Power Pages allows an unauthorized attacker to execute code over a network...
[SECURITY] [DLA 4597-1] atril security update
Debian LTS Advisory DLA-4597-1 [email protected] https://www.debian.org/lts/security/ Andreas Henriksson May 22, 2026 https://wiki.debian.org/LTS Package : atril Version : 1.24.0-1+deb11u2 CVE ID : CVE-2026-46529 It was discovered that atril, a simple multi-page document viewer, is pron...
[SECURITY] [DSA 6292-1] haveged security update
------------------------------------------------------------------------- Debian Security Advisory DSA-6292-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 22, 2026 https://www.debian.org/security/faq -...
[SECURITY] [DLA 4596-1] evince security update
Debian LTS Advisory DLA-4596-1 [email protected] https://www.debian.org/lts/security/ Andreas Henriksson May 22, 2026 https://wiki.debian.org/LTS Package : evince Version : 3.38.2-1+deb11u1 CVE ID : CVE-2026-46529 It was discovered that evince, a simple multi-page document viewer, is...
Exploit for OS Command Injection in Beyondtrust Privileged_Remote_Access
CVE-2026-1731 — BeyondTrust Remote Support & PRA Pre-auth RCE...
Exploit for Command Injection in Github Enterprise_Server
CVE-2026-3854 — GitHub Enterprise Server RCE via Push Option I...
CVE-2026-6406 Docker Desktop Enhanced Container Isolation bypass via --use-api-socket CLI flag
The Docker CLI --use-api-socket flag bypasses Enhanced Container Isolation ECI restrictions in Docker Desktop. When ECI is enabled, Docker socket mounts from containers are denied unless explicitly allowed via the admin-settings configuration. However, the --use-api-socket flag adds the Docker...
CVE-2026-6406
The Docker CLI --use-api-socket flag bypasses Enhanced Container Isolation ECI restrictions in Docker Desktop. When ECI is enabled, Docker socket mounts from containers are denied unless explicitly allowed via the admin-settings configuration. However, the --use-api-socket flag adds the Docker...
CVE-2026-9255 Tool Execution Without Authorization via Piped Stdin in Kiro CLI
Missing input source validation in the tool authorization prompt in Kiro CLI before 1.28.0 allows a local attacker to execute arbitrary tools, including shell commands, without user approval by crafting content that is piped to kiro-cli via stdin. We recommend you to upgrade to kiro-cli version...