Lucene search
K

2599 matches found

NVD
NVD
added 2026/04/26 10:17 p.m.11 views

CVE-2026-7058

A vulnerability has been found in 666ghj MiroFish up to 0.1.2. The impacted element is the function SimulationIPCClient.sendcommand of the file backend/app/services/simulationipc.py of the component Inter-Process Communication. Such manipulation leads to command injection. It is possible to launc...

7.5CVSS0.01338EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/26 7:45 p.m.37 views

CVE-2026-7058 666ghj MiroFish Inter-Process Communication simulation_ipc.py SimulationIPCClient.send_command command injection

A vulnerability has been found in 666ghj MiroFish up to 0.1.2. The impacted element is the function SimulationIPCClient.sendcommand of the file backend/app/services/simulationipc.py of the component Inter-Process Communication. Such manipulation leads to command injection. It is possible to launc...

7.5CVSS0.01338EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/26 7:45 p.m.5 views

CVE-2026-7058 666ghj MiroFish Inter-Process Communication simulation_ipc.py SimulationIPCClient.send_command command injection

A vulnerability has been found in 666ghj MiroFish up to 0.1.2. The impacted element is the function SimulationIPCClient.sendcommand of the file backend/app/services/simulationipc.py of the component Inter-Process Communication. Such manipulation leads to command injection. It is possible to launc...

7.5CVSS7AI score0.01338EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/26 7:45 p.m.6 views

CVE-2026-7058

A vulnerability has been found in 666ghj MiroFish up to 0.1.2. The impacted element is the function SimulationIPCClient.sendcommand of the file backend/app/services/simulationipc.py of the component Inter-Process Communication. Such manipulation leads to command injection. It is possible to launc...

7.5CVSS5.2AI score0.01338EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/04/26 7:45 p.m.8 views

EUVD-2026-25728

A vulnerability has been found in 666ghj MiroFish up to 0.1.2. The impacted element is the function SimulationIPCClient.sendcommand of the file backend/app/services/simulationipc.py of the component Inter-Process Communication. Such manipulation leads to command injection. It is possible to launc...

7.5CVSS5.2AI score0.01338EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/04/25 7:22 a.m.5 views

CVE-2026-28525

SWUpdate contains an integer underflow vulnerability in the multipart upload parser in mongoosemultipart.c that allows unauthenticated attackers to cause a denial of service by sending a crafted HTTP POST request to /upload with a malformed multipart boundary and controlled TCP stream timing...

8.2CVSS5.9AI score0.00316EPSS
Exploits0References1
NVD
NVD
added 2026/04/24 8:16 p.m.10 views

CVE-2026-41477

Deskflow is a keyboard and mouse sharing app. In 1.20.0, 1.26.0.134, and earlier, Deskflow daemon runs as SYSTEM and exposes an IPC named pipe with WorldAccessOption enabled. The daemon processes privileged commands without authentication, allowing any local unprivileged user to execute arbitrary...

7.8CVSS0.00218EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/24 7:50 p.m.5 views

CVE-2026-41477

Deskflow is a keyboard and mouse sharing app. In 1.20.0, 1.26.0.134, and earlier, Deskflow daemon runs as SYSTEM and exposes an IPC named pipe with WorldAccessOption enabled. The daemon processes privileged commands without authentication, allowing any local unprivileged user to execute arbitrary...

7.8CVSS5.7AI score0.00218EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/04/24 7:50 p.m.39 views

CVE-2026-41477 Deskflow: Local privilege escalation via unauthenticated IPC

Deskflow is a keyboard and mouse sharing app. In 1.20.0, 1.26.0.134, and earlier, Deskflow daemon runs as SYSTEM and exposes an IPC named pipe with WorldAccessOption enabled. The daemon processes privileged commands without authentication, allowing any local unprivileged user to execute arbitrary...

7.8CVSS0.00218EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/23 9:31 p.m.6 views

EUVD-2026-25307

SWUpdate contains an integer underflow vulnerability in the multipart upload parser in mongoosemultipart.c that allows unauthenticated attackers to cause a denial of service by sending a crafted HTTP POST request to /upload with a malformed multipart boundary and controlled TCP stream timing...

8.2CVSS6AI score0.00316EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/23 8:59 p.m.37 views

CVE-2026-28525 SWUpdate Integer Underflow in Multipart Upload Parser

SWUpdate contains an integer underflow vulnerability in the multipart upload parser in mongoosemultipart.c that allows unauthenticated attackers to cause a denial of service by sending a crafted HTTP POST request to /upload with a malformed multipart boundary and controlled TCP stream timing...

8.2CVSS0.00316EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/04/14 2:49 p.m.115 views

catbyte-toolkit

cb - Binary Analysis Toolkit for macOS/iOS Security Research...

5.9AI score
Exploits0
SUSE CVE
SUSE CVE
added 2026/04/13 11:25 p.m.8 views

SUSE CVE-2026-40227

In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has a null element...

6.2CVSS5.8AI score0.00202EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/12 12:0 a.m.6 views

Chatbox 操作系统命令注入漏洞

Chatbox is a chat software developed by Shafqat Hasan. Versions of Chatbox 1.20.0 and earlier contained a vulnerability related to operating system command injection. This vulnerability stemmed from incorrect handling of the parameters args and env in the file src/main/mcp/ipc-stdio-transport.ts,...

7.5CVSS7.1AI score0.01368EPSS
Exploits0References6
OSV
OSV
added 2026/04/10 4:16 p.m.4 views

DEBIAN-CVE-2026-40227

In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has a null element...

5.5CVSS5.2AI score0.00202EPSS
Exploits0References1
NVD
NVD
added 2026/04/10 4:16 p.m.6 views

CVE-2026-40227

In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has a null element...

6.2CVSS0.00202EPSS
Exploits0References1
CVE
CVE
added 2026/04/10 3:19 p.m.15 views

CVE-2026-40227

CVE-2026-40227 affects systemd 260 prior to 261. A local unprivileged user can trigger an assertion via an IPC API call when passing an array or map that contains a null element. The vulnerability leads to a crash (assertion failure) rather than a remote compromise, with impact on availability as...

6.2CVSS5.8AI score0.00202EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/10 3:19 p.m.2 views

CVE-2026-40227

In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has a null element...

6.2CVSS5.8AI score0.00202EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/10 3:19 p.m.7 views

CVE-2026-40227

In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has a null element...

6.2CVSS5.8AI score0.00202EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/10 3:19 p.m.30 views

CVE-2026-40227

In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has a null element...

6.2CVSS0.00202EPSS
Exploits0References1
Rows per page
Query Builder