2599 matches found
CVE-2026-7058
A vulnerability has been found in 666ghj MiroFish up to 0.1.2. The impacted element is the function SimulationIPCClient.sendcommand of the file backend/app/services/simulationipc.py of the component Inter-Process Communication. Such manipulation leads to command injection. It is possible to launc...
CVE-2026-7058 666ghj MiroFish Inter-Process Communication simulation_ipc.py SimulationIPCClient.send_command command injection
A vulnerability has been found in 666ghj MiroFish up to 0.1.2. The impacted element is the function SimulationIPCClient.sendcommand of the file backend/app/services/simulationipc.py of the component Inter-Process Communication. Such manipulation leads to command injection. It is possible to launc...
CVE-2026-7058 666ghj MiroFish Inter-Process Communication simulation_ipc.py SimulationIPCClient.send_command command injection
A vulnerability has been found in 666ghj MiroFish up to 0.1.2. The impacted element is the function SimulationIPCClient.sendcommand of the file backend/app/services/simulationipc.py of the component Inter-Process Communication. Such manipulation leads to command injection. It is possible to launc...
CVE-2026-7058
A vulnerability has been found in 666ghj MiroFish up to 0.1.2. The impacted element is the function SimulationIPCClient.sendcommand of the file backend/app/services/simulationipc.py of the component Inter-Process Communication. Such manipulation leads to command injection. It is possible to launc...
EUVD-2026-25728
A vulnerability has been found in 666ghj MiroFish up to 0.1.2. The impacted element is the function SimulationIPCClient.sendcommand of the file backend/app/services/simulationipc.py of the component Inter-Process Communication. Such manipulation leads to command injection. It is possible to launc...
CVE-2026-28525
SWUpdate contains an integer underflow vulnerability in the multipart upload parser in mongoosemultipart.c that allows unauthenticated attackers to cause a denial of service by sending a crafted HTTP POST request to /upload with a malformed multipart boundary and controlled TCP stream timing...
CVE-2026-41477
Deskflow is a keyboard and mouse sharing app. In 1.20.0, 1.26.0.134, and earlier, Deskflow daemon runs as SYSTEM and exposes an IPC named pipe with WorldAccessOption enabled. The daemon processes privileged commands without authentication, allowing any local unprivileged user to execute arbitrary...
CVE-2026-41477
Deskflow is a keyboard and mouse sharing app. In 1.20.0, 1.26.0.134, and earlier, Deskflow daemon runs as SYSTEM and exposes an IPC named pipe with WorldAccessOption enabled. The daemon processes privileged commands without authentication, allowing any local unprivileged user to execute arbitrary...
CVE-2026-41477 Deskflow: Local privilege escalation via unauthenticated IPC
Deskflow is a keyboard and mouse sharing app. In 1.20.0, 1.26.0.134, and earlier, Deskflow daemon runs as SYSTEM and exposes an IPC named pipe with WorldAccessOption enabled. The daemon processes privileged commands without authentication, allowing any local unprivileged user to execute arbitrary...
EUVD-2026-25307
SWUpdate contains an integer underflow vulnerability in the multipart upload parser in mongoosemultipart.c that allows unauthenticated attackers to cause a denial of service by sending a crafted HTTP POST request to /upload with a malformed multipart boundary and controlled TCP stream timing...
CVE-2026-28525 SWUpdate Integer Underflow in Multipart Upload Parser
SWUpdate contains an integer underflow vulnerability in the multipart upload parser in mongoosemultipart.c that allows unauthenticated attackers to cause a denial of service by sending a crafted HTTP POST request to /upload with a malformed multipart boundary and controlled TCP stream timing...
catbyte-toolkit
cb - Binary Analysis Toolkit for macOS/iOS Security Research...
SUSE CVE-2026-40227
In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has a null element...
Chatbox 操作系统命令注入漏洞
Chatbox is a chat software developed by Shafqat Hasan. Versions of Chatbox 1.20.0 and earlier contained a vulnerability related to operating system command injection. This vulnerability stemmed from incorrect handling of the parameters args and env in the file src/main/mcp/ipc-stdio-transport.ts,...
DEBIAN-CVE-2026-40227
In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has a null element...
CVE-2026-40227
In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has a null element...
CVE-2026-40227
CVE-2026-40227 affects systemd 260 prior to 261. A local unprivileged user can trigger an assertion via an IPC API call when passing an array or map that contains a null element. The vulnerability leads to a crash (assertion failure) rather than a remote compromise, with impact on availability as...
CVE-2026-40227
In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has a null element...
CVE-2026-40227
In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has a null element...
CVE-2026-40227
In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has a null element...