105 matches found
CVE-2026-10661
A vulnerability has been found in ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b. Impacted is the function Open of the file src/blendermcp/server.py. The manipulation of the argument inputimageurl leads to injection. Remote exploitation of the attack is possible. The exploit...
CVE-2026-10661
A vulnerability has been found in ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b. Impacted is the function Open of the file src/blendermcp/server.py. The manipulation of the argument inputimageurl leads to injection. Remote exploitation of the attack is possible. The exploit...
CVE-2026-10661 ahujasid blender-mcp server.py open injection
A vulnerability has been found in ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b. Impacted is the function Open of the file src/blendermcp/server.py. The manipulation of the argument inputimageurl leads to injection. Remote exploitation of the attack is possible. The exploit...
PT-2026-45866
Name of the Vulnerable Software and Affected Versions ahujasid blender-mcp versions prior to 5b37be25242e73dc4cf1328974d30458b9e5d67e Description An injection issue exists in the Open function within the src/blender mcp/server.py file. This occurs when the input image url argument is manipulated,...
MGASA-2026-0138 Updated awstats packages fix security vulnerability
AWStats is vulnerable to Command Injection via the open function. CVE-2025-63261...
CVE-2026-43378
A flaw was found in the Linux kernel. Specifically, within the Server Message Block SMB server component, a use-after-free vulnerability exists in the smb2open function. This issue arises when an opinfo pointer is accessed after its memory has been deallocated, creating a window for potential...
CVE-2026-31583
The CVE-2026-31583 issue affects the Linux kernel em28xx media driver. A race in em28xx_v4l2_open() occurs because dev->v4l2 is read without holding dev->lock, racing with em28xx_v4l2_init()/em28xx_v4l2_fini() that free the structure and set dev->v4l2 to NULL under lock. This leads to us...
python: Python: Command-line option injection in webbrowser.open() via crafted URLs
A flaw was found in Python. The webbrowser.open API, used to launch web browsers, does not properly sanitize input. This allows a remote attacker to craft a malicious URL containing leading dashes. When such a URL is opened, certain web browsers may interpret these dashes as command-line options,...
python: Python: Command-line option injection in webbrowser.open() via crafted URLs
A flaw was found in Python. The webbrowser.open API, used to launch web browsers, does not properly sanitize input. This allows a remote attacker to craft a malicious URL containing leading dashes. When such a URL is opened, certain web browsers may interpret these dashes as command-line options,...
CVE-2026-34792
Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logsclamav.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open call, which allows command injection due to an incomplete...
can: mcp251x: fix deadlock in error path of mcp251x_open
...
EUVD-2025-208911
AWStats 8.0 is vulnerable to Command Injection via the open function...
DEBIAN-CVE-2025-63261
AWStats 8.0 is vulnerable to Command Injection via the open function...
CVE-2025-63261
AWStats 8.0 is vulnerable to Command Injection via the open function...
UBUNTU-CVE-2025-63261
AWStats 8.0 is vulnerable to Command Injection via the open function...
CVE-2025-63261
AWStats 8.0 is vulnerable to Command Injection via the open function...
CVE-2025-63261
AWStats 8.0 is vulnerable to Command Injection via the open function...
CVE-2025-63261
AWStats 8.0 is vulnerable to Command Injection via the open function...
CVE-2025-63261
AWStats 8.0 is vulnerable to Command Injection via the open function...
CVE-2025-63261
AWStats 8.0 is vulnerable to Command Injection via the open function...