145598 matches found
CVE-2026-42827
Improper neutralization of special elements used in a command 'command injection' in M365 Copilot allows an unauthorized attacker to disclose information over a network...
CVE-2026-41090
Improper neutralization of special elements used in a command 'command injection' in Microsoft Copilot allows an unauthorized attacker to perform tampering over a network...
CVE-2026-23652
Improper neutralization of special elements used in a command 'command injection' in Microsoft Power Pages allows an unauthorized attacker to execute code over a network...
cve-researcher
cve-researcher AI-powered CVE research in your terminal —...
CVE-2026-41090
Improper neutralization of special elements used in a command 'command injection' in Microsoft Copilot allows an unauthorized attacker to perform tampering over a network...
EUVD-2026-31512
Improper neutralization of special elements used in a command 'command injection' in Microsoft Copilot allows an unauthorized attacker to perform tampering over a network...
CVE-2026-42827
Improper neutralization of special elements used in a command 'command injection' in M365 Copilot allows an unauthorized attacker to disclose information over a network...
EUVD-2026-31513
Improper neutralization of special elements used in a command 'command injection' in M365 Copilot allows an unauthorized attacker to disclose information over a network...
CVE-2026-23652
Improper neutralization of special elements used in a command 'command injection' in Microsoft Power Pages allows an unauthorized attacker to execute code over a network...
EUVD-2026-31508
Improper neutralization of special elements used in a command 'command injection' in Microsoft Power Pages allows an unauthorized attacker to execute code over a network...
[SECURITY] [DLA 4597-1] atril security update
Debian LTS Advisory DLA-4597-1 [email protected] https://www.debian.org/lts/security/ Andreas Henriksson May 22, 2026 https://wiki.debian.org/LTS Package : atril Version : 1.24.0-1+deb11u2 CVE ID : CVE-2026-46529 It was discovered that atril, a simple multi-page document viewer, is pron...
[SECURITY] [DSA 6292-1] haveged security update
------------------------------------------------------------------------- Debian Security Advisory DSA-6292-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 22, 2026 https://www.debian.org/security/faq -...
[SECURITY] [DLA 4596-1] evince security update
Debian LTS Advisory DLA-4596-1 [email protected] https://www.debian.org/lts/security/ Andreas Henriksson May 22, 2026 https://wiki.debian.org/LTS Package : evince Version : 3.38.2-1+deb11u1 CVE ID : CVE-2026-46529 It was discovered that evince, a simple multi-page document viewer, is...
Exploit for OS Command Injection in Beyondtrust Privileged_Remote_Access
CVE-2026-1731 — BeyondTrust Remote Support & PRA Pre-auth RCE...
Exploit for Command Injection in Github Enterprise_Server
CVE-2026-3854 — GitHub Enterprise Server RCE via Push Option I...
CVE-2026-6406 Docker Desktop Enhanced Container Isolation bypass via --use-api-socket CLI flag
The Docker CLI --use-api-socket flag bypasses Enhanced Container Isolation ECI restrictions in Docker Desktop. When ECI is enabled, Docker socket mounts from containers are denied unless explicitly allowed via the admin-settings configuration. However, the --use-api-socket flag adds the Docker...
CVE-2026-6406
The Docker CLI --use-api-socket flag bypasses Enhanced Container Isolation ECI restrictions in Docker Desktop. When ECI is enabled, Docker socket mounts from containers are denied unless explicitly allowed via the admin-settings configuration. However, the --use-api-socket flag adds the Docker...
CVE-2026-9255 Tool Execution Without Authorization via Piped Stdin in Kiro CLI
Missing input source validation in the tool authorization prompt in Kiro CLI before 1.28.0 allows a local attacker to execute arbitrary tools, including shell commands, without user approval by crafting content that is piped to kiro-cli via stdin. We recommend you to upgrade to kiro-cli version...
EUVD-2026-31471
Missing input source validation in the tool authorization prompt in Kiro CLI before 1.28.0 allows a local attacker to execute arbitrary tools, including shell commands, without user approval by crafting content that is piped to kiro-cli via stdin. We recommend you to upgrade to kiro-cli version...
Arbitrary Command Injection
Overview org.webjars.npm:shell-quote is a package used to quote and parse shell commands. Affected versions of this package are vulnerable to Arbitrary Command Injection via the quote function when object-token inputs containing line terminators \n, \r, U+2028, U+2029 in the .op field are not...