3515 matches found
PT-2026-3694
Name of the Vulnerable Software and Affected Versions Oracle Agile Product Lifecycle Management for Process version 6.2.4 Description An easily exploitable issue exists in the Product Quality Management component of Oracle Agile Product Lifecycle Management for Process. A low-privileged attacker...
PT-2026-3690
Name of the Vulnerable Software and Affected Versions Oracle Agile PLM version 9.3.6 Description An easily exploitable issue exists in the Oracle Agile PLM product within Oracle Supply Chain, specifically in the User and User Group component. An unauthenticated attacker with network access via HT...
HCL AION 安全漏洞
HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from a security vulnerability that can be exploited by attackers to weaken the overall security of the application and increase the risk of common web attacks...
HCL AION 安全漏洞
HCL AION is an AI lifecycle management platform from HCL India. HCL AION has a security vulnerability that can be exploited by an attacker to use easy-to-guess passwords, leading to unauthorized access...
CVE-2026-23520
Arcane provides modern docker management. Prior to 1.13.0, Arcane has a command injection in the updater service. Arcane’s updater service supported lifecycle labels com.getarcaneapp.arcane.lifecycle.pre-update and com.getarcaneapp.arcane.lifecycle.post-update that allowed defining a command to r...
CVE-2026-23520
Arcane provides modern docker management. Prior to 1.13.0, Arcane has a command injection in the updater service. Arcane’s updater service supported lifecycle labels com.getarcaneapp.arcane.lifecycle.pre-update and com.getarcaneapp.arcane.lifecycle.post-update that allowed defining a command to r...
Arcane Has a Command Injection in Arcane Updater Lifecycle Labels That Enables RCE
Summary Arcane’s updater service supported lifecycle labels com.getarcaneapp.arcane.lifecycle.pre-update and com.getarcaneapp.arcane.lifecycle.post-update that allowed defining a command to run before or after a container update. The label value is passed directly to /bin/sh -c without sanitizati...
GHSA-GJQQ-6R35-W3R8 Arcane Has a Command Injection in Arcane Updater Lifecycle Labels That Enables RCE
Summary Arcane’s updater service supported lifecycle labels com.getarcaneapp.arcane.lifecycle.pre-update and com.getarcaneapp.arcane.lifecycle.post-update that allowed defining a command to run before or after a container update. The label value is passed directly to /bin/sh -c without sanitizati...
Command Injection
Overview Affected versions of this package are vulnerable to Command Injection via the updater service which supported lifecycle labels. An attacker can execute arbitrary commands by supplying a crafted value to the lifecycle label, which is then passed unsanitized to the shell for execution when...
Command Injection
Overview Affected versions of this package are vulnerable to Command Injection via the updater service which supported lifecycle labels. An attacker can execute arbitrary commands by supplying a crafted value to the lifecycle label, which is then passed unsanitized to the shell for execution when...
EUVD-2026-2738
Arcane provides modern docker management. Prior to 1.13.0, Arcane has a command injection in the updater service. Arcane’s updater service supported lifecycle labels com.getarcaneapp.arcane.lifecycle.pre-update and com.getarcaneapp.arcane.lifecycle.post-update that allowed defining a command to r...
CVE-2026-23520 Arcane has a Command Injection in Arcane Updater Lifecycle Labels Enables RCE
Arcane provides modern docker management. Prior to 1.13.0, Arcane has a command injection in the updater service. Arcane’s updater service supported lifecycle labels com.getarcaneapp.arcane.lifecycle.pre-update and com.getarcaneapp.arcane.lifecycle.post-update that allowed defining a command to r...
CVE-2026-23520
Arcane provides modern docker management. Prior to 1.13.0, Arcane has a command injection in the updater service. Arcane’s updater service supported lifecycle labels com.getarcaneapp.arcane.lifecycle.pre-update and com.getarcaneapp.arcane.lifecycle.post-update that allowed defining a command to r...
CVE-2026-23520
Arcane CVE-2026-23520 affects the updater service prior to version 1.13.0. The updater supports lifecycle labels com.getarcaneapp.arcane.lifecycle.pre-update and com.getarcaneapp.arcane.lifecycle.post-update, whose values are passed directly to /bin/sh -c without sanitization. Any authenticated u...
CVE-2026-23520 Arcane has a Command Injection in Arcane Updater Lifecycle Labels Enables RCE
Arcane provides modern docker management. Prior to 1.13.0, Arcane has a command injection in the updater service. Arcane’s updater service supported lifecycle labels com.getarcaneapp.arcane.lifecycle.pre-update and com.getarcaneapp.arcane.lifecycle.post-update that allowed defining a command to r...
PT-2026-3097
Name of the Vulnerable Software and Affected Versions Arcane versions prior to 1.13.0 Description Arcane’s updater service allows defining commands to run before or after container updates using lifecycle labels com.getarcaneapp.arcane.lifecycle.pre-update and...
[SECURITY] Fedora 43 Update: complyctl-0.1.2-1.fc43
complyctl leverages OSCAL to perform compliance assessment activities, using plugins for each stage of the life-cycle...
Astra Linux – Vulnerability in Chromium
The object lifecycle issue in Media in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: High...
ROS-20260113-7344
A vulnerability in the Linux operating system kernel is related to improper control of a resource during its lifecycle. Exploitation of the vulnerability could allow an attacker to cause a denial of service...
CVE-2023-25689
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1 , and 4.1.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system. IBM X-Force ID: 24761...