65 matches found
CVE-2026-23953
Incus is a system container and virtual machine manager. In versions 6.20.0 and below, a user with the ability to launch a container with a custom YAML configuration e.g a member of the ‘incus’ group can create an environment variable containing newlines, which can be used to add additional...
CVE-2026-23953
Incus CVE-2026-23953 affects versions 6.20.0 and earlier. A user able to launch a container with a crafted YAML can inject newlines via an environment variable, enabling additional lxc.conf items and potentially arbitrary command execution on the host. Exploitation requires modifying the payload ...
CVE-2026-23953 Incus container environment configuration newline injection
Incus is a system container and virtual machine manager. In versions 6.20.0 and below, a user with the ability to launch a container with a custom YAML configuration e.g a member of the ‘incus’ group can create an environment variable containing newlines, which can be used to add additional...
CVE-2026-23953 Incus container environment configuration newline injection
Incus is a system container and virtual machine manager. In versions 6.20.0 and below, a user with the ability to launch a container with a custom YAML configuration e.g a member of the ‘incus’ group can create an environment variable containing newlines, which can be used to add additional...
CVE-2026-23953 Incus container environment configuration newline injection
Incus is a system container and virtual machine manager. In versions 6.20.0 and below, a user with the ability to launch a container with a custom YAML configuration e.g a member of the ‘incus’ group can create an environment variable containing newlines, which can be used to add additional...
GHSA-7F67-CRQM-JGH7 Incus container image templating arbitrary host file read and write
Summary A user with the ability to launch a container with a custom image e.g a member of the ‘incus’ group can use directory traversal or symbolic links in the templating functionality to achieve host arbitrary file read, and host arbitrary file write, ultimately resulting in arbitrary command...
Linux Distros Unpatched Vulnerability : CVE-2026-23953
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incus is a system container and virtual machine manager. In versions 6.20.0 and below, a user with the ability to launch a container with a custom YAML...
EUVD-2025-25595
Malicious code in bioql PyPI...
SUSE CVE-2025-29366
In mupen64plus v2.6.0 there is an array overflow vulnerability in the writerdramregs and writerdramregs functions, which enables executing arbitrary commands on the host machine...
CVE-2025-29366
An array overflow vulnerability has been discovered in Mupen64Plus, where out-of-bounds writes can overwrite function pointers in the host machine’s memory. This flaw enables a maliciously crafted input to escape the virtualized environment and achieve arbitrary command execution on the host syst...
UBUNTU-CVE-2025-29366
In mupen64plus v2.6.0 there is an array overflow vulnerability in the writerdramregs and writerdramregs functions, which enables executing arbitrary commands on the host machine...
CVE-2021-20037
SonicWall Global VPN Client 4.10.5 installer 32-bit and 64-bit incorrect default file permission vulnerability leads to privilege escalation which potentially allows command execution in the host operating system. This vulnerability impacts GVC 4.10.5 installer and earlier...
Osmedeus Core Engine 安全漏洞
Osmedeus Core Engine is a workflow engine for offensive security by the individual developer Ai Ho. A security vulnerability exists in Osmedeus Core Engine version 4.6.4 and earlier, which stems from improper file content filtering and is vulnerable to cross-site scripting attacks, and may also...
PT-2023-13353 · Rws · Rws Worldserver
Name of the Vulnerable Software and Affected Versions: RWS WorldServer versions prior to 11.7.3 Description: An issue was discovered in RWS WorldServer where the /clientLogin endpoint deserializes Java objects without authentication, leading to command execution on the host. Recommendations: For...
CVE-2023-38743
Zoho ManageEngine ADManager Plus before Build 7200 allows admin users to execute commands on the host machine...
CVE-2023-28365
A backup file vulnerability found in UniFi applications Version 7.3.83 and earlier running on Linux operating systems allows application administrators to execute malicious commands on the host device being restored...
Elastic Kibana 代码注入漏洞
Elastic Kibana is an application from the Dutch company Elastic. A free and open user interface that enables you to visualize Elasticsearch data and lets you navigate through the Elastic Stack. A security vulnerability exists in Elastic Kibana versions 8.0.0 through 8.7.0. An attacker could explo...
CVE-2022-2253
A user with administrative privileges in Distributed Data Systems WebHMI 4.1.1.7662 may send OS commands to execute on the host server...
PT-2022-2711 · Cisco · Cisco Iox +2
Name of the Vulnerable Software and Affected Versions: Cisco IOx affected versions not specified Description: Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operati...
Ansible-Runner 操作系统命令注入漏洞
Ansible-Runner is an open source tool and Python library from Ansible, Inc. It is used to provide assistance when interacting directly with Ansible or as part of another system. Ansible-Runner suffers from an operating system command injection vulnerability that stems from incorrect input...