12 matches found
CVE-2026-27701 LiveCodes vulnerable to JavaScript Injection via untrusted PR title in i18n-update-pull workflow
LiveCode is an open-source, client-side code playground. Prior to commit e151c64c2bd80d2d53ac1333f1df9429fe6a1a11, LiveCode's i18n-update-pull GitHub Actions workflow is vulnerable to JavaScript injection. The title of the Pull Request associated with the triggering issue comment is interpolated...
CVE-2026-27701
LiveCode is an open-source, client-side code playground. Prior to commit e151c64c2bd80d2d53ac1333f1df9429fe6a1a11, LiveCode's i18n-update-pull GitHub Actions workflow is vulnerable to JavaScript injection. The title of the Pull Request associated with the triggering issue comment is interpolated...
CVE-2026-27701 LiveCodes vulnerable to JavaScript Injection via untrusted PR title in i18n-update-pull workflow
LiveCode is an open-source, client-side code playground. Prior to commit e151c64c2bd80d2d53ac1333f1df9429fe6a1a11, LiveCode's i18n-update-pull GitHub Actions workflow is vulnerable to JavaScript injection. The title of the Pull Request associated with the triggering issue comment is interpolated...
LiveCode 代码注入漏洞
LiveCode is a multi-platform programming tool developed by the LiveCode team. It can run on iOS, Android, OS X, Windows 95 through Windows 10, Raspberry Pi, and various Unix variants including Linux, Solaris, and BSD. LiveCode has a code injection vulnerability. This vulnerability stems from the...
PT-2026-21922
Name of the Vulnerable Software and Affected Versions LiveCode versions prior to commit e151c64c2bd80d2d53ac1333f1df9429fe6a1a11 Description LiveCode is an open-source, client-side code playground. The i18n-update-pull GitHub Actions workflow is susceptible to JavaScript injection prior to commit...
EUVD-2020-19424
Malware in sbrugna...
CVE-2020-26894
LiveCode v9.6.1 on Windows allows local, low-privileged users to gain privileges by creating a malicious "cmd.exe" in the folder of the vulnerable LiveCode application. If the application is using LiveCode's "shell" function, it will attempt to search for "cmd.exe" in the folder of the current...
CVE-2020-26894
LiveCode v9.6.1 on Windows allows local, low-privileged users to gain privileges by creating a malicious "cmd.exe" in the folder of the vulnerable LiveCode application. If the application is using LiveCode's "shell" function, it will attempt to search for "cmd.exe" in the folder of the current...
CVE-2020-26894
LiveCode v9.6.1 on Windows allows local, low-privileged users to gain privileges by creating a malicious "cmd.exe" in the folder of the vulnerable LiveCode application. If the application is using LiveCode's "shell" function, it will attempt to search for "cmd.exe" in the folder of the current...
Code injection
LiveCode v9.6.1 on Windows allows local, low-privileged users to gain privileges by creating a malicious "cmd.exe" in the folder of the vulnerable LiveCode application. If the application is using LiveCode's "shell" function, it will attempt to search for "cmd.exe" in the folder of the current...
CVE-2020-26894
LiveCode v9.6.1 on Windows allows local, low-privileged users to gain privileges by creating a malicious "cmd.exe" in the folder of the vulnerable LiveCode application. If the application is using LiveCode's "shell" function, it will attempt to search for "cmd.exe" in the folder of the current...
CVE-2020-26894
Affected software: LiveCode v9.6.1 on Windows. Vulnerability: local privilege escalation via a malicious cmd.exe placed in the vulnerable app’s folder; when using LiveCode's shell(), the app may search that folder and execute cmd.exe. Root cause: insecure handling of an external executable in the...