CVE-2026-9279 Shell command injection in Logseq

Logseq exposes an IPC handler that allows the renderer process to execute shell commands. While an allowlist restricts the command name e.g. git, pandoc, grep, the argument string is concatenated with the command and passed to childprocess.spawn with the shell: true option, allowing shell...

CVE-2026-9279 Shell command injection in Logseq

Logseq exposes an IPC handler that allows the renderer process to execute shell commands. While an allowlist restricts the command name e.g. git, pandoc, grep, the argument string is concatenated with the command and passed to childprocess.spawn with the shell: true option, allowing shell...

CVE-2026-9279

Logseq contains an IPC handler that lets the renderer execute shell commands. Although an allowlist restricts the command name (e.g., git, pandoc, grep), the argument string is concatenated with the command and passed to child_process.spawn with shell: true, allowing shell metacharacters to bypas...

Google Pixel security vulnerabilities

The Google Pixel is a smartphone produced by Google Inc. The Google Pixel has a security vulnerability, which stems from improper input validation in the cpm/google/lib/tracepoint/cpmfwtpipc.c file, specifically in the cpmfwtpmsghandler function. This vulnerability may lead to an increase in loca...

CVE-2024-32930

In pluginipchandler of slcplugin.c, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure of 4 bytes of stack memory with no additional execution privileges needed. User interaction is not needed for exploitation...

Google Pixel Security Breach

Google Pixel is a smartphone from Google, Inc USA. A security vulnerability exists in Google Pixel, which stems from the presence of uninitialized data in the pluginipchandler module of slcplugin.c, which may allow for information disclosure...