CVE-2026-32260 Command Injection via incomplete shell metacharacter blocklist in node:child_process (bypass of CVE-2026-27190 fix)

Deno is a JavaScript, TypeScript, and WebAssembly runtime. From 2.7.0 to 2.7.1, A command injection vulnerability exists in Deno's node:childprocess polyfill shell: true mode that bypasses the fix for CVE-2026-27190. The two-stage argument sanitization in transformDenoShellCommand...

MiracleLinux 7 : postgresql-9.2.24-9.0.5.el7.AXS7 (AXSA:2025-11539:05)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-11539:05 advisory. CVE-2025-1094: fix potential SQL injections allowed by an improper encoding validation in data quoting functions CVEs: CVE-2025-1094 Improper neutralization...

EUVD-2001-0812

Malware in sbrugna...

EUVD-2014-2564

Malware in sbrugna...

Amazon Linux 2 : postgresql (ALAS-2025-2866)

The version of postgresql installed on the remote host is prior to 9.2.24-8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2866 advisory. Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral, PQescapeIdentifier, PQescapeString, an...

Amazon Linux 2 : libpq (ALASPOSTGRESQL13-2025-010)

The version of libpq installed on the remote host is prior to 13.20-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2POSTGRESQL13-2025-010 advisory. Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral, PQescapeIdentifier, PQescapeStrin...

PostgreSQL 安全漏洞

PostgreSQL is a free object-relational database management system from the PostgreSQL organization. The system supports most of the SQL standards and provides many other features such as foreign keys, triggers, views, etc. A security vulnerability exists in PostgreSQL. A security vulnerability...

virtualenv: potential command injection via virtual environment activation scripts

A flaw was found in the virtualenv Python package. Due to the improper handling of quotes in magic template strings, the virtual environment activation script is vulnerable to OS command injection,leading to the loss of confidentiality,integrity and availability of the system...

SQL Injection

zendframework/zendframework is vulnerable to SQL injection. The vulnerability is due to a flaw in the quoteValue and quoteValueList methods of the Zend\Db component, which did not account for all possible escapable characters, leading to improper quoting of values for SQL strings...

CVE-2023-28438 Pimcore vulnerable to improper quoting of filters in Custom Reports

Pimcore is an open source data and experience management platform. Prior to version 10.5.19, since a user with 'report' permission can already write arbitrary SQL queries and given the fact that this endpoint is using the GET method no CSRF protection, an attacker can inject an arbitrary query by...

SUSE-SU-2018:3942-1 Security update for postgresql10

This update for postgresql10 fixes the following issues: Security issue fixed: - CVE-2018-16850: Fixed improper quoting of transition table names when pgdump emits CREATE TRIGGER could have caused privilege escalation bsc1114837. Non-security issues fixed: - Update to release 10.6:...

CVE-2005-0638

xloadimage before 4.1-r2, and xli before 1.17, allows attackers to execute arbitrary commands via shell metacharacters in filenames for compressed images, which are not properly quoted when calling the gunzip command...

Mandrake Linux Security Advisory : kde (MDKSA-2003:004-1)

Multiple instances of improperly quoted shell command execution exist in KDE 2.x up to and including KDE 3.0.5. KDE fails to properly quote parameters of instructions passed to the shell for execution. These parameters may contain data such as filenames, URLs, email address, and so forth; this da...

CVE-2002-2245

ftpd in NetBSD 1.5 through 1.5.3 and 1.6 does not properly quote a digit in response to a STAT command for a filename that contains a carriage return followed by a digit, which can cause firewalls and other intermediary devices to lose proper track of the FTP session...