39 matches found
PT-2026-50878
Name of the Vulnerable Software and Affected Versions SIMA GmbH Bondix versions prior to 1.25.7.6 Description OS command injection exists in the environment and tunnel configuration functionality on Linux. An authenticated attacker with configuration write access can execute arbitrary...
HCL DFXAnalytics 安全漏洞
HCL DFXAnalytics is a software delivery and operations analytics platform developed by the Indian company HCL. HCL DFXAnalytics has a security vulnerability, which stems from improper error handling. As a result, the application exposes detailed stack traces during responses, allowing attackers t...
CVE-2026-29649
NEMU contains an implementation flaw in its RISC-V Hypervisor CSR handling where henvcfg7:4 CBIE/CBCFE/CBZE-related fields is incorrectly masked/updated based on menvcfg7:4, so a machine-mode write to menvcfg can implicitly modify the hypervisor's environment configuration. This can lead to...
CVE-2026-29649
NEMU contains an implementation flaw in its RISC-V Hypervisor CSR handling where henvcfg7:4 CBIE/CBCFE/CBZE-related fields is incorrectly masked/updated based on menvcfg7:4, so a machine-mode write to menvcfg can implicitly modify the hypervisor's environment configuration. This can lead to...
SUSE CVE-2026-28279
osctrl is an osquery management solution. Prior to version 0.5.0, an OS command injection vulnerability exists in the osctrl-admin environment configuration. An authenticated administrator can inject arbitrary shell commands via the hostname parameter when creating or editing environments. These...
GO-2026-4579 osctrl is Vulnerable to OS Command Injection via Environment Configuration in github.com/jmpsec/osctrl
osctrl is Vulnerable to OS Command Injection via Environment Configuration in github.com/jmpsec/osctrl...
osctrl is Vulnerable to OS Command Injection via Environment Configuration
Summary An OS command injection vulnerability exists in the osctrl-admin environment configuration. An authenticated administrator can inject arbitrary shell commands via the hostname parameter when creating or editing environments. These commands are embedded into enrollment one-liner scripts...
GHSA-RCHW-322G-F7RM osctrl is Vulnerable to OS Command Injection via Environment Configuration
Summary An OS command injection vulnerability exists in the osctrl-admin environment configuration. An authenticated administrator can inject arbitrary shell commands via the hostname parameter when creating or editing environments. These commands are embedded into enrollment one-liner scripts...
CVE-2026-28279
osctrl is an osquery management solution. Prior to version 0.5.0, an OS command injection vulnerability exists in the osctrl-admin environment configuration. An authenticated administrator can inject arbitrary shell commands via the hostname parameter when creating or editing environments. These...
CVE-2026-28279 `osctrl-admin` Vulnerable to OS Command Injection via Environment Configuration
osctrl is an osquery management solution. Prior to version 0.5.0, an OS command injection vulnerability exists in the osctrl-admin environment configuration. An authenticated administrator can inject arbitrary shell commands via the hostname parameter when creating or editing environments. These...
CVE-2026-28279 `osctrl-admin` Vulnerable to OS Command Injection via Environment Configuration
osctrl is an osquery management solution. Prior to version 0.5.0, an OS command injection vulnerability exists in the osctrl-admin environment configuration. An authenticated administrator can inject arbitrary shell commands via the hostname parameter when creating or editing environments. These...
PT-2026-22225
Name of the Vulnerable Software and Affected Versions osctrl versions prior to 0.5.0 Description osctrl is a management solution for osquery. A command injection issue exists in the osctrl-admin environment configuration before version 0.5.0. An authenticated administrator can inject arbitrary...
SUSE-SU-2026:0630-1 Security update 5.1.2 for Multi-Linux Manager Client Tools
This update fixes the following issues: dracut-saltboot: - Update to version 1.1.0 Retry DHCP requests up to 3 times bsc1253004 golang-github-QubitProducts-exporterexporter: - Non-customer-facing optimization around source building golang-github-boynux-squidexporter: - Update to version 1.13.0...
Security update 5.1.2 for Multi-Linux Manager Client Tools
This update fixes the following issues: golang-github-QubitProducts-exporterexporter: Non-customer-facing optimization around source building golang-github-boynux-squidexporter: Update to version 1.13.0 jscPED-14971 Add support for squid-internal-mgr path for metrics. Update to version 1.12.0 Add...
CVE-2026-23953
Incus CVE-2026-23953 affects versions 6.20.0 and earlier. A user able to launch a container with a crafted YAML can inject newlines via an environment variable, enabling additional lxc.conf items and potentially arbitrary command execution on the host. Exploitation requires modifying the payload ...
CVE-2026-21852 Claude Code Leaks Data via Malicious Environment Configuration Before Trust Confirmation
Claude Code is an agentic coding tool. Prior to version 2.0.65, vulnerability in Claude Code's project-load flow allowed malicious repositories to exfiltrate data including Anthropic API keys before users confirmed trust. An attacker-controlled repository could include a settings file that sets...
CVE-2024-39934
Robotmk before 2.0.1 allows a local user to escalate privileges e.g., to SYSTEM if automated Python environment setup is enabled, because the "shared holotree usage" feature allows any user to edit any Python environment...
PT-2025-47890
A sensitive information disclosure vulnerability exists in the error handling component of ATISoluciones CIGES Application version 2.15.6 and earlier. When certain unexpected conditions trigger unhandled exceptions, the application returns detailed error messages and stack traces to the client...
EUVD-2022-2593
Malicious code in bioql PyPI...
CVE-2023-24959
IBM InfoSphere Information Systems 11.7 could expose information about the host system and environment configuration. IBM X-Force ID: 246332...