SUSE CVE-2024-52011

launch-editor allows users to open files with line numbers in editor from Node.js. Prior to version 2.9.0, due to the insufficient sanitization of the file argument in the launchEditor, an attacker can execute arbitrary commands on Windows by supplying a filename that contains special characters...

PT-2026-46090

Summary Due to the insufficient sanitization of the file argument in the launchEditor, an attacker can execute arbitrary commands on Windows by supplying a filename that contains special characters. Impact If the following conditions are met, an attacker can execute arbitrary commands on the...

CVE-2026-44654

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, a shared-agent editor can delete file records through DELETE /api/files that the owner has reused across multiple agents. The deletion removes the file globally — not just from the...

CVE-2026-44654 LibreChat: Shared-agent editor can globally delete owner's file records — breaks owner's other private agents

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, a shared-agent editor can delete file records through DELETE /api/files that the owner has reused across multiple agents. The deletion removes the file globally — not just from the...

CVE-2026-7299

Appsmith’s SQL query editor’s autocomplete functionality fails to sanitize database object names before rendering them in innerHTML, allowing an authenticated Developer to inject persistent XSS by a malicious table or column names triggering arbitrary code execution in the sessions of other...

CVE-2026-10175

A security flaw has been discovered in Aider-AI Aider 0.86.3. Affected by this vulnerability is the function editorcoder.run of the file auth.py of the component Architect Mode. Performing a manipulation results in code injection. Remote exploitation of the attack is possible. The exploit has bee...

CVE-2026-7299 CVE-2026-7299

Appsmith’s SQL query editor’s autocomplete functionality fails to sanitize database object names before rendering them in innerHTML, allowing an authenticated Developer to inject persistent XSS by a malicious table or column names triggering arbitrary code execution in the sessions of other...

CVE-2026-7299

Appsmith CVE-2026-7299 affects the SQL query editor autocomplete renderer, where unsanitized database object names rendered into innerHTML enable persistent XSS by a developer with access. This can execute arbitrary JavaScript in other workspace members’ sessions when interacting with the same da...

CVE-2026-7299 CVE-2026-7299

Appsmith’s SQL query editor’s autocomplete functionality fails to sanitize database object names before rendering them in innerHTML, allowing an authenticated Developer to inject persistent XSS by a malicious table or column names triggering arbitrary code execution in the sessions of other...

CVE-2026-7299

Appsmith’s SQL query editor’s autocomplete functionality fails to sanitize database object names before rendering them in innerHTML, allowing an authenticated Developer to inject persistent XSS by a malicious table or column names triggering arbitrary code execution in the sessions of other...

[SECURITY] Fedora 43 Update: vim-9.2.530-1.fc43

VIM VIsual editor iMproved is an updated and improved version of the vi editor. Vi was the first real screen-based editor for UNIX, and is still very popular. VIM improves on vi by adding new features: multiple windows, multi-level undo, block highlighting and more...

PT-2026-45788

Name of the Vulnerable Software and Affected Versions Appsmith versions prior to 2.1 Description The SQL query editor's autocomplete functionality fails to sanitize database object names before rendering them using innerHTML. This allows an authenticated Developer with access to a shared PostgreS...

CVE-2024-52011

A flaw was found in launch-editor, a tool that allows users to open files with line numbers in an editor from Node.js. Due to insufficient sanitization of the file argument in the launchEditor function, an attacker can execute arbitrary commands on Windows systems by supplying a filename that...

CVE-2024-52011

launch-editor allows users to open files with line numbers in editor from Node.js. Prior to version 2.9.0, due to the insufficient sanitization of the file argument in the launchEditor, an attacker can execute arbitrary commands on Windows by supplying a filename that contains special characters...

CVE-2024-52011 launch-editor vulnerable to command injection via the crafted request on Windows

launch-editor allows users to open files with line numbers in editor from Node.js. Prior to version 2.9.0, due to the insufficient sanitization of the file argument in the launchEditor, an attacker can execute arbitrary commands on Windows by supplying a filename that contains special characters...

CVE-2024-52011

The CVE affects the launch-editor component used with Node.js in vite prior to version 2.9.0, where insufficient sanitization of the file argument in launchEditor allowed an attacker to execute arbitrary commands on Windows by supplying a filename with special characters. The issue is resolved in...

CVE-2024-52011 launch-editor vulnerable to command injection via the crafted request on Windows

launch-editor allows users to open files with line numbers in editor from Node.js. Prior to version 2.9.0, due to the insufficient sanitization of the file argument in the launchEditor, an attacker can execute arbitrary commands on Windows by supplying a filename that contains special characters...

Advisory ROSA-SA-2026-3297

CVE-ID: CVE-2024-41817 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: The vulnerability in the AppImage version of ImageMagick relates to the use of an empty path during the installation of environment variables MAGICKCONFIGUREPATH and LDLIBRARYPATH. This allows attackers to execute arbitrary code by...

PT-2026-45495

Name of the Vulnerable Software and Affected Versions launch-editor versions prior to 2.9.0 vite versions prior to 5.4.9 Description Insufficient sanitization of the file argument in the launchEditor function allows an attacker to execute arbitrary commands on Windows systems by providing a...

MAL-2026-5142 Malicious code in @redhat-cloud-services/insights-client (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...