Google Android security vulnerabilities

Google Android is an open-source operating system based on Linux, developed by Google Inc. There are security vulnerabilities in Google Android, which stem from logical errors in multiple locations. These vulnerabilities may bypass user interaction when pairing LE devices. This can lead to an...

Radare2 MCP Server 操作系统命令注入漏洞

Radare2 MCP Server is an open-source binary analysis tool based on Radare2 developed by the radare.org community. Versions of Radare2 MCP Server prior to version 1.6.0 contained a vulnerability related to operating system command injection. This vulnerability arises from operating system command...

CVE-2026-30812 Stored Cross-Site Scripting in Event Comments via Filter Bypass

Improper Neutralization of Input During Web Page Generation vulnerability allows Stored Cross-Site Scripting via event comments. This issue affects Pandora FMS: from 777 through 800...

CVE-2026-30312

DSAI-Cline's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on string-based parsing to validate commands; while it intercepts dangerous operators such as ;, &&, ||, |, and...

CVE-2026-31996

OpenClaw versions prior to 2026.2.19 tools.exec.safeBins contains an input validation bypass vulnerability that allows attackers to execute unintended filesystem operations through sort output flags or recursive grep flags. Attackers with command execution access can leverage sort -o flag for...

CVE-2026-3234

A flaw was found in modproxycluster. This vulnerability, a Carriage Return Line Feed CRLF injection in the decodeenc function, allows a remote attacker to bypass input validation. By injecting CRLF sequences into the cluster configuration, an attacker can corrupt the response body of INFO endpoin...

DEBIAN-CVE-2026-25966

ImageMagick is free and open-source software used for editing and manipulating digital images. The shipped "secure" security policy includes a rule intended to prevent reading/writing from standard streams. However, ImageMagick also supports fd: pseudo-filenames e.g., fd:0, fd:1. Prior to version...

Incomplete List of Disallowed Inputs

Overview Magick.NET-Q8-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

Incomplete List of Disallowed Inputs

Overview Magick.NET-Q16-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

set-in Affected by Prototype Pollution

Summary A prototype pollution vulnerability exists in the the npm package set-in =2.0.1. Despite a previous fix that attempted to mitigate prototype pollution by checking whether user input contained a forbidden key, it is still possible to pollute Object.prototype via a crafted input using...

PT-2026-6481

Summary A Prototype Pollution vulnerability exists in the the npm package locutus 2.0.12. Despite a previous fix that attempted to mitigate Prototype Pollution by checking whether user input contained a forbidden key, it is still possible to pollute Object.prototype via a crafted input using...

EUVD-2020-0620

Malware in sbrugna...

EUVD-2013-5011

Malware in sbrugna...

CVE-2020-14413

NeDi 1.9C is vulnerable to XSS because of an incorrect implementation of sanitize in inc/libmisc.php. This function attempts to escape the SCRIPT tag from user-controllable values, but can be easily bypassed, as demonstrated by an onerror attribute of an IMG element as a Devices-Config.php?sta=...

CVE-2013-5171

CoreGraphics in Apple Mac OS X before 10.9 allows local users to bypass secure input mode and log an arbitrary application's keystrokes via a hotkey event registration...

GHSA-P92X-R36W-9395 Type confusion in mpath

This affects the package mpath before 0.8.4. A type confusion vulnerability can lead to a bypass of CVE-2018-16490. In particular, the condition ignoreProperties.indexOfpartsi !== -1 returns -1 if partsi is 'proto'. This is because the method that has been called if the input is an array is...

Gitlab CE/EE Input Validation Error Vulnerability

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A security vulnerability exists in Gitlab CE/EE version...

GitLab Resource Management Error Vulnerability (CNVD-2020-03053)

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A resource management error vulnerability exists in GitLa...

Design/Logic Flaw

Certain input when passed into remarkable before 1.4.1 will bypass the bad protocol check that disallows the javascript: scheme allowing for javascript: url's to be injected into the rendered content...

CVE-2014-10065

Certain input when passed into remarkable before 1.4.1 will bypass the bad protocol check that disallows the javascript: scheme allowing for javascript: url's to be injected into the rendered content...