Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

CVE
CVEadded yesterday5 views

CVE-2026-49402

Deno is affected by CVE-2026-49402 on Windows when using node:child_process with shell: true. The escapeShellArg() helper failed to properly quote arguments containing cmd.exe metacharacters (e.g., &, |, , ^, !, (, )), and did not neutralize % inside double-quoted strings. This allowed an attacke...

8.1CVSS6.1AI score0.00094EPSS
Exploits0References1
Cvelist
Cvelistadded yesterday11 views

CVE-2026-49402 Deno: Command Injection via spawnSync & spawn on Windows

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.7.10, Deno's node:childprocess implementation provided an escapeShellArg helper used when callers passed shell: true to spawn / spawnSync / exec and friends. On Windows, the helper failed to quote arguments that contained cmd.e...

8.1CVSS0.00094EPSS
Exploits0References1
Github Security Blog
Github Security Blogadded 2026/06/16 7:7 p.m.13 views

Deno: Command Injection via spawnSync & spawn on Windows

Summary Deno's node:childprocess implementation provided an escapeShellArg helper used when callers passed shell: true to spawn / spawnSync / exec and friends. On Windows, the helper failed to quote arguments that contained cmd.exe metacharacters such as &, |, , ^, !, , , and did not neutralize %...

9.8CVSS5.8AI score0.02213EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologiesadded 2026/06/16 12:0 a.m.7 views

PT-2026-50146

Name of the Vulnerable Software and Affected Versions Deno versions prior to 2.7.10 Description In the node:child process implementation on Windows, the escapeShellArg helper function fails to properly quote arguments containing cmd.exe metacharacters such as &, |, , ^, !, , and and does not...

8.1CVSS6.2AI score0.00094EPSS
Exploits0References4
NVD
NVDadded 2021/07/22 7:15 p.m.16 views

CVE-2021-3540

By abusing the 'install rpm info detail' command, an attacker can escape the restricted clish shell on affected versions of Ivanti MobileIron Core. This issue was fixed in version 11.1.0.0...

9CVSS0.03307EPSS
Exploits1References1
Packet Storm
Packet Stormadded 2019/07/31 12:0 a.m.207 views

D-Link 6600-AP XSS / DoS / Information Disclosure

Security Advisory - 22/07/2019 Multiple vulnerabilities found in the D-Link 6600-AP device running the latest firmware version 4.2.0.14. D-Link 6600-AP is not produced anymore but the support is still provided by D-Link as per described on the D-Link website. Not that this product is built for...

5.8AI score0.01954EPSS
Exploits8
Packet Storm
Packet Stormadded 2004/06/07 12:0 a.m.31 views

phpEscape.txt

SEC-CONSULT Security Advisory - PHP: Hypertext Preprocessor Vendor: PHP http://www.php.net Product: PHP 4.3.6 and below verified in 4.3.5 which was current when the bug was discovered Vendor status: vendor contacted 04-04-2004 Patch status: Problem fixed in 4.3.7 =========== DESCRIPTION =========...

Exploits0
Rows per page
Query Builder