SUSE CVE-2026-34041

act is a project which allows for local running of github actions. Prior to version 0.2.86, act unconditionally processes the deprecated ::set-env:: and ::add-path:: workflow commands, which was disabled due to environment injection risks. When a workflow step echoes untrusted data to stdout, an...

CVE-2026-34041

act is a project which allows for local running of github actions. Prior to version 0.2.86, act unconditionally processes the deprecated ::set-env:: and ::add-path:: workflow commands, which was disabled due to environment injection risks. When a workflow step echoes untrusted data to stdout, an...

CVE-2026-34041 act: Unrestricted set-env and add-path command processing enables environment injection

act is a project which allows for local running of github actions. Prior to version 0.2.86, act unconditionally processes the deprecated ::set-env:: and ::add-path:: workflow commands, which was disabled due to environment injection risks. When a workflow step echoes untrusted data to stdout, an...

CVE-2026-34041

act: Unrestricted set-env and add-path command processing enables environment injection in github.com/nektos/act. Prior to version 0.2.86, act unconditionally processes deprecated ::set-env:: and ::add-path:: commands, allowing an attacker to inject environment variables or modify PATH for subseq...

CVE-2026-34041 act: Unrestricted set-env and add-path command processing enables environment injection

act is a project which allows for local running of github actions. Prior to version 0.2.86, act unconditionally processes the deprecated ::set-env:: and ::add-path:: workflow commands, which was disabled due to environment injection risks. When a workflow step echoes untrusted data to stdout, an...

CVE-2026-34041 act: Unrestricted set-env and add-path command processing enables environment injection

act is a project which allows for local running of github actions. Prior to version 0.2.86, act unconditionally processes the deprecated ::set-env:: and ::add-path:: workflow commands, which was disabled due to environment injection risks. When a workflow step echoes untrusted data to stdout, an...

CVE-2026-34041

act is a project which allows for local running of github actions. Prior to version 0.2.86, act unconditionally processes the deprecated ::set-env:: and ::add-path:: workflow commands, which was disabled due to environment injection risks. When a workflow step echoes untrusted data to stdout, an...

Act 注入漏洞

Act is a locally run tool developed by Nektos and open source. Versions of Act prior to 0.2.86 had an injection vulnerability. This vulnerability stemmed from unconditionally processing the::set-env:: and::add-path:: workflow commands, which could lead to setting arbitrary environment variables o...

GHSA-XMGR-9PQC-H5VW act: Unrestricted set-env and add-path command processing enables environment injection

Summary act unconditionally processes the deprecated ::set-env:: and ::add-path:: workflow commands, which GitHub Actions disabled in October 2020 CVE-2020-15228, GHSA-mfwh-5m23-j46w due to environment injection risks. When a workflow step echoes untrusted data to stdout, an attacker can inject...

Security Bulletin:IBM TRIRIGA Application Platform discloses possible path command execution(CVE-2021-41878)

Summary Tririga discloses possible path command execution Vulnerability Details IBM X-Force ID: 89068 DESCRIPTION: Multiple Android Superuser packages contain an unspecified vulnerability related to a search path which could allow a local attacker to execute arbitrary commands on the system with...

Marlink Sky File 路径遍历漏洞

Marlink Sky File is a product of Marlink, Inc. that is used to quickly transfer files to mobile devices. A path traversal vulnerability exists in Marlink Sky File. An attacker can access sensitive data and files via the null path command...

CVE-2020-15228

In the @actions/core npm module before version 1.2.6,addPath and exportVariable functions communicate with the Actions Runner over stdout by generating a string in a specific format. Workflows that log untrusted data to stdout may invoke these commands, resulting in the path or environment...

PhotoWIFI Lite 1.0 iOS - Multiple Vulnerabilities

Document Title: =============== PhotoWIFI Lite v1.0 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1239 Release Date: ============= 2014-03-27 Vulnerability Laboratory ID VL-ID: ==================================== 123...

WinRAR <= 3.60 beta 6 (SFX Path) Stack Overflow Exploit PoC

Exploit for unknown platform in category dos / poc =========================================================== WinRAR license text Delete=...

WinRAR 3.60 Beta 6 - SFX Path Stack Overflow

""" WinRAR - Stack Overflows in SelF - eXtracting Archives ====================================================== Tested Versions..: WinRAR 3.60 beta 4 Author.............: posidron An SFX SelF-eXtracting archive is an archive, merged with an executable module, which is used to extract files from...