72 matches found
JLSEC-2026-285
A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH...
CVE-2026-30924
qui is a web interface for managing qBittorrent instances. Versions 1.14.1 and below use a permissive CORS policy that reflects arbitrary origins while also returning Access-Control-Allow-Credentials: true, effectively allowing any external webpage to make authenticated requests on behalf of a...
CVE-2026-22169
OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in the safeBins configuration that allows attackers to invoke external helpers through the compress-program option. When sort is explicitly added to tools.exec.safeBins, remote attackers can bypass intended safe-bin...
CVE-2026-32010 OpenClaw < 2026.2.22 - Allowlist Bypass via sort --compress-program Parameter
OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in the safe-bin configuration when sort is manually added to tools.exec.safeBins. Attackers can invoke sort with the --compress-program flag to execute arbitrary external programs without operator approval in allowlist...
CVE-2026-32010 OpenClaw < 2026.2.22 - Allowlist Bypass via sort --compress-program Parameter
OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in the safe-bin configuration when sort is manually added to tools.exec.safeBins. Attackers can invoke sort with the --compress-program flag to execute arbitrary external programs without operator approval in allowlist...
CVE-2026-30924
qui is a web interface for managing qBittorrent instances. Versions 1.14.1 and below use a permissive CORS policy that reflects arbitrary origins while also returning Access-Control-Allow-Credentials: true, effectively allowing any external webpage to make authenticated requests on behalf of a...
UBUNTU-CVE-2026-30924
qui is a web interface for managing qBittorrent instances. Versions 1.14.1 and below use a permissive CORS policy that reflects arbitrary origins while also returning Access-Control-Allow-Credentials: true, effectively allowing any external webpage to make authenticated requests on behalf of a...
CVE-2026-30924
qui is a web interface for managing qBittorrent instances. Versions 1.14.1 and below use a permissive CORS policy that reflects arbitrary origins while also returning Access-Control-Allow-Credentials: true, effectively allowing any external webpage to make authenticated requests on behalf of a...
CVE-2026-30924 qui CORS Misconfiguration: Arbitrary Origins Trusted
qui is a web interface for managing qBittorrent instances. Versions 1.14.1 and below use a permissive CORS policy that reflects arbitrary origins while also returning Access-Control-Allow-Credentials: true, effectively allowing any external webpage to make authenticated requests on behalf of a...
CVE-2026-30924 qui CORS Misconfiguration: Arbitrary Origins Trusted
qui is a web interface for managing qBittorrent instances. Versions 1.14.1 and below use a permissive CORS policy that reflects arbitrary origins while also returning Access-Control-Allow-Credentials: true, effectively allowing any external webpage to make authenticated requests on behalf of a...
CVE-1999-0817
Lynx WWW client allows a remote attacker to specify command-line parameters which Lynx uses when calling external programs to handle certain protocols, e.g. telnet...
EUVD-1999-0798
Malware in sbrugna...
EUVD-2020-15480
Malware in sbrugna...
EUVD-2008-2061
Malware in sbrugna...
EUVD-2022-15621
Malicious code in bioql PyPI...
Lynx WWW client allows a remote attacker to specify command-line parameters which Lynx uses when calling external programs to handle certain protocols, e.g. telnet.
...
Rocky Linux 8 : libXpm (RLSA-2023:0379)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:0379 advisory. - A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called repeatedly and can le...
EulerOS Virtualization 3.0.6.6 : libXpm (EulerOS-SA-2023-2430)
According to the versions of the libXpm packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called...
[SECURITY] [DLA 3459-1] libxpm security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3459-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès June 20, 2023 https://wiki.debian.org/LTS -...
EulerOS Virtualization 3.0.6.0 : libXpm (EulerOS-SA-2023-2253)
According to the versions of the libXpm packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called...