Malicious Package

Overview @cloudplatform-single-spa/edge-manager is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization...

Malicious Package

Overview @cloudplatform-single-spa/svp-vdi is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...

CVE-2026-25792

Greenshot

CVE-2026-22035 Greenshot Vulnerable to OS Command Injection via ExternalCommand Plugin

Greenshot is an open source Windows screenshot utility. Versions 1.3.310 and below arvulnerable to OS Command Injection through unsanitized filename processing. The FormatArguments method in ExternalCommandDestination.cs:269 uses string.Format to insert user-controlled filenames directly into she...

CVE-2026-22035 Greenshot Vulnerable to OS Command Injection via ExternalCommand Plugin

Greenshot is an open source Windows screenshot utility. Versions 1.3.310 and below arvulnerable to OS Command Injection through unsanitized filename processing. The FormatArguments method in ExternalCommandDestination.cs:269 uses string.Format to insert user-controlled filenames directly into she...

CVE-2025-66476

Vim is an open source, command line text editor. Prior to version 9.1.1947, an uncontrolled search path vulnerability on Windows allows Vim to execute malicious executables placed in the current working directory for the current edited file. On Windows, when using cmd.exe as a shell, Vim resolves...

PT-2025-48785

Name of the Vulnerable Software and Affected Versions Vim for Windows versions prior to 9.1.1947 Description Vim is a command line text editor. A flaw exists in Vim for Windows due to an uncontrolled search path issue. When using cmd.exe as a shell, Vim resolves external commands by searching the...

EUVD-2020-3974

Malware in sbrugna...

CVE-2019-14451

RepetierServer.exe in Repetier-Server 0.8 through 0.91 does not properly validate the XML data structure provided when uploading a new printer configuration. When this is combined with CVE-2019-14450, an attacker can upload an "external command" configuration as a printer configuration, and achie...

CVE-2024-30729

This CVE entry is rejected/not used and does not represent an active vulnerability entry.

CVE-2024-29444

This CVE entry is rejected/not used and does not represent an active vulnerability.

PT-2024-23575 · Ros2 · Ros2

Name of the Vulnerable Software and Affected Versions: ROS2 Galactic Geochelone versions 2 Description: A remote code execution issue exists due to an OS command injection vulnerability in the command processing or system call components of ROS2, including External Command Execution Modules, Syst...

CVE-2024-30665

CVE-2024-30665 has been withdrawn; the initial entry states “Rejected reason: DO NOT USE THIS CANDIDATE NUMBER” and notes no evidence of a vulnerability. Connected sources (NVD, CNNVD) repeat that this candidate was withdrawn/not applicable. The PT security entry about ROS Melodic Morenia and rel...

PT-2024-23552 · Unknown · Ros Melodic Morenia

Name of the Vulnerable Software and Affected Versions: ROS Robot Operating System Melodic Morenia versions 1 Description: An OS command injection issue has been discovered, primarily affecting command processing and system call components. This makes them susceptible to manipulation by malicious...

PT-2024-22901 · Ros2 · Ros2

Name of the Vulnerable Software and Affected Versions: ROS2 Robot Operating System 2 Humble Hawksbill versions 2 Description: A command injection issue has been found, allowing remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via External Command...

CVE-2022-48338

An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection vulnerability. The ruby-find-library-file function is an interactive function, and bound to C-c C-f. Inside the function, the external command gem is called throug...

SUSE CVE-2012-2240

scripts/dscverify.pl in devscripts before 2.12.3 allows remote attackers to execute arbitrary commands via unspecified vectors related to "arguments to external commands."...

[SECURITY] Fedora 36 Update: golang-github-tdewolff-minify-2.11.10-4.fc36

Minify is a minifier package written in Go. It provides HTML5, CSS3, JS, JSON, SVG and XML minifiers and an interface to implement any other minifier. Minification is the process of removing bytes from a file such as whitespace without changing its output and therefore shrinking its size and...

[SECURITY] Fedora 36 Update: golang-github-tdewolff-minify-2.11.10-3.fc36

Minify is a minifier package written in Go. It provides HTML5, CSS3, JS, JSON, SVG and XML minifiers and an interface to implement any other minifier. Minification is the process of removing bytes from a file such as whitespace without changing its output and therefore shrinking its size and...

Buffer overflow

Possible buffer overflow due to improper validation of array index while processing external DIAG command in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables...