24 matches found
WordPress plugin NEX-Forms – Ultimate Forms Plugin for WordPress 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
EUVD-2026-11570
melange affected by potential host command execution via license-check YAML mode patch pipeline...
SUSE CVE-2026-25143
melange allows users to build apk packages using declarative pipelines. From version 0.10.0 to before 0.40.3, an attacker who can influence inputs to the patch pipeline could execute arbitrary shell commands on the build host. The patch pipeline in pkg/build/pipelines/patch.yaml embeds...
GO-2026-4412 melange affected by potential host command execution via license-check YAML mode patch pipeline in chainguard.dev/melange
melange affected by potential host command execution via license-check YAML mode patch pipeline in chainguard.dev/melange...
CVE-2026-25143 melange affected by potential host command execution via license-check YAML mode patch pipeline
melange allows users to build apk packages using declarative pipelines. From version 0.10.0 to before 0.40.3, an attacker who can influence inputs to the patch pipeline could execute arbitrary shell commands on the build host. The patch pipeline in pkg/build/pipelines/patch.yaml embeds...
CVE-2026-25143
CVE-2026-25143 affects the melange build system. The built-in patch pipeline (pkg/build/pipelines/patch.yaml) accepts patch-related inputs and embeds them into shell scripts without proper quoting or validation, enabling shell metacharacters to escape the intended context. An attacker who can inf...
EUVD-2026-5371
melange allows users to build apk packages using declarative pipelines. From version 0.10.0 to before 0.40.3, an attacker who can influence inputs to the patch pipeline could execute arbitrary shell commands on the build host. The patch pipeline in pkg/build/pipelines/patch.yaml embeds...
CVE-2026-25143 melange affected by potential host command execution via license-check YAML mode patch pipeline
melange allows users to build apk packages using declarative pipelines. From version 0.10.0 to before 0.40.3, an attacker who can influence inputs to the patch pipeline could execute arbitrary shell commands on the build host. The patch pipeline in pkg/build/pipelines/patch.yaml embeds...
GHSA-RF4G-89H5-CRCR melange affected by potential host command execution via license-check YAML mode patch pipeline
An attacker who can influence inputs to the patch pipeline could execute arbitrary shell commands on the build host. The patch pipeline in pkg/build/pipelines/patch.yaml embeds input-derived values series paths, patch filenames, and numeric parameters into shell scripts without proper quoting or...
melange affected by potential host command execution via license-check YAML mode patch pipeline
An attacker who can influence inputs to the patch pipeline could execute arbitrary shell commands on the build host. The patch pipeline in pkg/build/pipelines/patch.yaml embeds input-derived values series paths, patch filenames, and numeric parameters into shell scripts without proper quoting or...
PT-2026-6475
An attacker who can influence inputs to the patch pipeline could execute arbitrary shell commands on the build host. The patch pipeline in pkg/build/pipelines/patch.yaml embeds input-derived values series paths, patch filenames, and numeric parameters into shell scripts without proper quoting or...
melange affected by potential host command execution via license-check YAML mode patch pipeline
An attacker who can influence inputs to the patch pipeline could execute arbitrary shell commands on the build host. The patch pipeline in pkg/build/pipelines/patch.yaml embeds input-derived values series paths, patch filenames, and numeric parameters into shell scripts without proper quoting or...
EUVD-2021-2837
Malicious code in bioql PyPI...
CVE-2022-1609
The School Management WordPress plugin before 9.9.7 contains an obfuscated backdoor injected in it's license checking code that registers a REST API handler, allowing an unauthenticated attacker to execute arbitrary PHP code on the site...
WordPress Plugin Groundhogg 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
Google Android Information Disclosure Vulnerability (CNVD-2022-81244)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability that originates in ContentService, which allows checking the presence of an established account on the device due to a missing license check. An attacker...
Google Android 安全漏洞
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability that originates in ContentService, which allows checking the presence of an established account on the device due to a missing license check. An attacker...
MStore API < 3.4.5 - Unauthenticated PHP File Upload
The api/flutterwoo/configfile REST endpoint of the plugin, does not have proper authorisation in place only checking if the plugin has a license, nor enough validation against the config file sent in the request. As a result, unauthenticated users could use such endpoint to upload a PHP file,...
The vulnerability in the Junos operating system’s license-check mechanism allows a perpetrator to execute arbitrary commands with root privileges.
The vulnerability of the Junos operating system’s license-check mechanism is related to the failure to implement measures to neutralize special elements used in the operating system’s commands. Exploiting this vulnerability allows an attacker to execute arbitrary commands with root privileges...
CVE-2021-0218
A command injection vulnerability in the license-check daemon of Juniper Networks Junos OS that may allow a locally authenticated attacker with low privileges to execute commands with root privilege. license-check is a daemon used to manage licenses in Junos OS. To update licenses, a user execute...