2 matches found
CVE-2026-58459 gpsd gpsprof Command Injection via gnuplot plot title subtype field
gpsd through release-3.27.5, fixed at commit 4c06658, contains a command injection vulnerability in gpsprof that allows attackers who control the GPS device subtype value to execute arbitrary shell commands by embedding backtick payloads in the gnuplot plot title without proper escaping. The...
CVE-2026-29974
The CVE-2026-29974 entry affects kosma minmea version 0.3.0, specifically the minmea_scan function. The vulnerability arises because the format specifier copies NMEA field data into a caller-provided buffer without a size parameter, enabling a stack buffer overflow when processing untrusted input...