CVE-2026-44712

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, a crafted UUID such as $id/tmp/rce in the config causes root RCE when pamusb-conf --reset-pads is run. A USB device with a crafted filesystem UUID some controllers allow this can inject the payload a...

CVE-2025-52365

A command injection vulnerability in the szc script of the ccurtsinger/stabilizer repository allows remote attackers to execute arbitrary system commands via unsanitized user input passed to os.system. The vulnerability arises from improper input handling where command-line arguments are directly...

Caldera 注入漏洞

Caldera is a suite of software from the French company Caldera that provides color management, imaging and processing solutions for printer devices. An arbitrary code execution vulnerability exists in Caldera version 2.8.1. The vulnerability stems from the Human plugin passing an unfiltered name...

CVE-2018-18603

360 Total Security 3.5.0.1033 allows a Sandbox Escape via an "import os" statement, followed by os.system"CMD" or os.system"PowerShell", within a .py file. NOTE: the vendor's position is that this cannot be categorized as a vulnerability, although it is a security-related issue...