17 matches found
EUVD-2026-34218
Incoming VPN network profile settings fail to process special characters safely, enabling command injection via malicious config files...
Arbitrary File Upload
Overview weblate is an A web-based continuous localization system with tight version control integration Affected versions of this package are vulnerable to Arbitrary File Upload in the backup restoration, due to insufficient filtering of configuration files. An attacker with access to create...
CVE-2025-61260
A vulnerability was identified in OpenAI Codex CLI v0.23.0 and before that enables code execution through malicious MCP Model Context Protocol configuration files. The attack is triggered when a user runs the codex command inside a malicious or compromised repository. Codex automatically loads...
CVE-2025-61260
A vulnerability was identified in OpenAI Codex CLI v0.23.0 and before that enables code execution through malicious MCP Model Context Protocol configuration files. The attack is triggered when a user runs the codex command inside a malicious or compromised repository. Codex automatically loads...
OpenAI Codex CLI 安全漏洞
OpenAI Codex CLI is a lightweight coding agent software developed by OpenAI and run in the terminal. OpenAI Codex CLI versions prior to v0.23.0 have security vulnerabilities; these vulnerabilities stem from automatically loading malicious MCP configuration files, which may allow arbitrary code to...
Intake 代码注入漏洞
Intake is an open-source Python toolkit for data loading and processing. Versions of Intake prior to 2.0.9 had a code injection vulnerability. This vulnerability stemmed from the automatic expansion of shell syntax during directory parsing, which could lead to the execution of host system command...
Uncontrolled Search Path Element
Overview Affected versions of this package are vulnerable to Uncontrolled Search Path Element due to the insecure default configuration that loads configuration files from the C:\etc directory on Windows systems. An attacker can compromise confidentiality, integrity, and availability by placing...
Security Bulletin: Arbitrary Code Execution via JaninoEventEvaluator in Logback-Core through Malicious Configuration Files or Environment Variables
Summary ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core upto including version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 in Java applications allows attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before...
CVE-2024-20430
CVE-2024-20430 affects Cisco Meraki Systems Manager (SM) Agent for Windows. The issue stems from incorrect handling of directory search paths at runtime, enabling an authenticated, local attacker to read and place malicious configuration files and DLLs that are executed when SM launches at startu...
SUSE CVE-2024-41817
ImageMagick is a free and open-source software suite, used for editing and manipulating digital images. The AppImage version ImageMagick might use an empty path when setting MAGICKCONFIGUREPATH and LDLIBRARYPATH environment variables while executing, which might lead to arbitrary code execution b...
CVE-2023-4487
GE CIMPLICITY 2023 is by a process control vulnerability, which could allow a local attacker to insert malicious configuration files in the expected web server execution path to escalate privileges and gain full control of the HMI software...
Path traversal
GE CIMPLICITY 2023 is by a process control vulnerability, which could allow a local attacker to insert malicious configuration files in the expected web server execution path to escalate privileges and gain full control of the HMI software...
CVE-2023-4487 GE Digital CIMPLICITY Process Control
GE CIMPLICITY 2023 is by a process control vulnerability, which could allow a local attacker to insert malicious configuration files in the expected web server execution path to escalate privileges and gain full control of the HMI software...
CVE-2023-0598
GE Digital Proficy iFIX 2022, GE Digital Proficy iFIX v6.1, and GE Digital Proficy iFIX v6.5 are vulnerable to code injection, which may allow an attacker to insert malicious configuration files in the expected web server execution path and gain full control of the HMI software...
CVE-2023-0598
GE Digital Proficy iFIX 2022, GE Digital Proficy iFIX v6.1, and GE Digital Proficy iFIX v6.5 are vulnerable to code injection, which may allow an attacker to insert malicious configuration files in the expected web server execution path and gain full control of the HMI software...
Directory Traversal
spring-cloud-config-client is vulnerable to directory traversal. The attack is possible because it fails to validate the names and labels in environment and resource controller, allowing an attacker to provide malicious configuration files by exploiting the vulnerability...
Taylor UUCP 1.0.6 - Argument Handling Privilege Escalation
Taylor UUCP 1.0.6 - Argument Handling Privilege Escalation source: https://www.securityfocus.com/bid/3312/info Taylor UUCP is an implementation of the UUCP package written originally by Ian Lance Taylor. A problem has been discovered in Taylor UUCP that makes it possible for local users to gain...