Lucene search
K

10 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/01 12:0 a.m.16 views

openSUSE 16 Security Update : python-pytest-html (openSUSE-SU-2026:20839-1)

The remote openSUSE 16 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2026:20839-1 advisory. Changes in python-pytest-html: - CVE-2026-9277: shell-quote: improper escaping of newlines bsc1266254 Update the vendored shell-quote to 1.8.4 nodemodul...

9.2CVSS5.8AI score0.00848EPSS
Exploits1References3
OSV
OSV
added 2026/05/28 12:20 p.m.10 views

OPENSUSE-SU-2026:20839-1 Security update for python-pytest-html

This update for python-pytest-html fixes the following issues: Changes in python-pytest-html: - CVE-2026-9277: shell-quote: improper escaping of newlines bsc1266254 Update the vendored shell-quote to 1.8.4 nodemodules...

9.2CVSS5.8AI score0.00848EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.12 views

Debian dsa-6300 : node-shell-quote - security update

The remote Debian 12 / 13 host has a package installed that is affected by a vulnerability as referenced in the dsa-6300 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6300-1 [email protected] https://www.debian.org/security/...

9.2CVSS5.8AI score0.00848EPSS
Exploits1References5
OPENSUSE Linux
OPENSUSE Linux
added 2026/05/27 12:0 a.m.13 views

python311-pytest-html-4.2.0-2.1 on GA media (moderate)

python311-pytest-html-4.2.0-2.1 on GA media Announcement ID: openSUSE-SU-2026:10861-1 Rating: moderate Cross-References: CVE-2026-9277 CVSS scores: CVE-2026-9277 SUSE : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2026-9277 SUSE : 9.2...

9.2CVSS5.8AI score0.00848EPSS
Exploits1
Debian
Debian
added 2026/05/26 9:9 p.m.20 views

[SECURITY] [DSA 6300-1] node-shell-quote security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6300-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 26, 2026 https://www.debian.org/security/faq -...

9.2CVSS5.7AI score0.00848EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/05/22 3:45 p.m.8 views

-tompan-reacttemplate (>=1.0.1 <=1.1.0), 0726react (=0.1.1) +28725 more potentially affected by CVE-2026-9277 via shell-quote (>=1.3.3 <=1.8.3)

shell-quote NPM version =1.3.3, =1.0.1, =1.1.0 - 0726react =0.1.1 - 0x0.icu.anima =0.1.0 - 0xcorde-pac =1.0.0 - 0xgank-tea-advice-pull =1.0.0 - 0xgank-tea-balance-pencil =1.0.0 - 0xgank-tea-brick-bell =1.0.0 - 0xgank-tea-cake-victory =1.0.0 - 0xgank-tea-central-compound =1.0.0 -...

9.2CVSS5.7AI score0.00848EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/05/22 3:45 p.m.6 views

org.webjars.npm:github-com-wavesoft-local-echo (=0.2.0), org.webjars.npm:launch-editor (=2.2.1) +2 more potentially affected by CVE-2026-9277 via org.webjars.npm:shell-quote (=1.8.3)

org.webjars.npm:shell-quote MAVEN version =1.8.3 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:shell-quote and may be impacted: - org.webjars.npm:github-com-wavesoft-local-echo =0.2.0 - org.webjars.npm:launch-editor =2.2.1 -...

9.2CVSS5.4AI score0.00848EPSS
Exploits1
OSV
OSV
added 2026/05/22 2:16 p.m.8 views

DEBIAN-CVE-2026-9277

shell-quote's quote function did not validate object-token inputs against the operator model used by parse. The .op field was backslash-escaped character by character using /./g, which in JavaScript does not match line terminators \n, \r, U+2028, U+2029. A line terminator in .op therefore passed...

9.2CVSS5.9AI score0.00848EPSS
Exploits1References1
OSV
OSV
added 2026/05/22 2:16 p.m.6 views

UBUNTU-CVE-2026-9277

shell-quote's quote function did not validate object-token inputs against the operator model used by parse. The .op field was backslash-escaped character by character using /./g, which in JavaScript does not match line terminators \n, \r, U+2028, U+2029. A line terminator in .op therefore passed...

9.2CVSS5.9AI score0.00848EPSS
Exploits1References9
Vulnrichment
Vulnrichment
added 2026/05/22 1:22 p.m.8 views

CVE-2026-9277 shell-quote `quote()` does not validate object-token shapes, allowing command injection via line terminators in `.op`

shell-quote's quote function did not validate object-token inputs against the operator model used by parse. The .op field was backslash-escaped character by character using /./g, which in JavaScript does not match line terminators \n, \r, U+2028, U+2029. A line terminator in .op therefore passed...

9.2CVSS5.9AI score0.00848EPSS
Exploits1References4
Rows per page
Query Builder