CVE-2026-47069

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in benoitc hackney allows HTTP Response Splitting. The hackneycookie:setcookie/3 function in src/hackneycookie.erl validates the Name and Value arguments against CRLF and control characters, but concatenates the domain and...

CVE-2026-47069

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in benoitc hackney allows HTTP Response Splitting. The hackneycookie:setcookie/3 function in src/hackneycookie.erl validates the Name and Value arguments against CRLF and control characters, but concatenates the domain and...

Vim < 9.2.0435 OS Command Injection (GHSA-hwg5-3cxw-wvvg)

The version of Vim installed on the remote host is prior to 9.2.0435. It is, therefore, affected by a vulnerability as referenced in the GHSA-hwg5-3cxw-wvvg advisory. - Vim's :find command-line completion feature is affected by an OS command injection vulnerability. When the path option contains...

SUSE CVE-2026-44656

Vim is an open source, command line text editor. Prior to version 9.2.0435, an OS command injection vulnerability exists in Vim's :find command-line completion. When the path option contains backtick-enclosed shell commands, those commands are executed during file name completion. Because the pat...

DEBIAN-CVE-2026-44656

Vim is an open source, command line text editor. Prior to version 9.2.0435, an OS command injection vulnerability exists in Vim's :find command-line completion. When the path option contains backtick-enclosed shell commands, those commands are executed during file name completion. Because the pat...

UBUNTU-CVE-2026-44656

Vim is an open source, command line text editor. Prior to version 9.2.0435, an OS command injection vulnerability exists in Vim's :find command-line completion. When the path option contains backtick-enclosed shell commands, those commands are executed during file name completion. Because the pat...

CVE-2026-44656

Summary: Vim before 9.2.0435 is affected by an OS command injection in the :find path-completion. If the path option contains backtick-enclosed shell commands, those commands execute during file-name completion. The issue arises because the path option lacks the P_SECURE flag and can be set from ...

CVE-2026-44656 Vim: OS Command Injection via 'path' completion

Vim is an open source, command line text editor. Prior to version 9.2.0435, an OS command injection vulnerability exists in Vim's :find command-line completion. When the path option contains backtick-enclosed shell commands, those commands are executed during file name completion. Because the pat...

CVE-2026-44656

Vim is an open source, command line text editor. Prior to version 9.2.0435, an OS command injection vulnerability exists in Vim's :find command-line completion. When the path option contains backtick-enclosed shell commands, those commands are executed during file name completion. Because the pat...

Handlebars.js has JavaScript Injection in CLI Precompiler via Unescaped Names and Options

Summary The Handlebars CLI precompiler bin/handlebars / lib/precompiler.js concatenates user-controlled strings — template file names and several CLI options — directly into the JavaScript it emits, without any escaping or sanitization. An attacker who can influence template filenames or CLI...

CVE-2024-5652

In Docker Desktop on Windows before v4.31.0 allows a user in the docker-users group to cause a Windows Denial-of-Service through the exec-path Docker daemon config option in Windows containers mode...

CVE-2021-23352

This affects the package madge before 4.0.1. It is possible to specify a custom Graphviz path via the graphVizPath option parameter which when the .image, .svg or .dot functions are called, is executed by the childprocess.exec function...

Microsoft Windows LNK File Code Execution Exploit

This Metasploit module exploits a vulnerability in the handling of Windows Shortcut files .LNK that contain a dynamic icon, loaded from a malicious DLL. This vulnerability is a variant of MS15-020 CVE-2015-0096. The created LNK file is similar except an additional SpecialFolderDataBlock is...

CVE-2015-4152

Directory traversal vulnerability in the file output plugin in Elasticsearch Logstash before 1.4.3 allows remote attackers to write to arbitrary files via vectors related to dynamic field references in the path option...

PT-2008-6799 · Google · Google Chrome

Name of the Vulnerable Software and Affected Versions: Google Chrome version 1.0.154.36 Description: The issue allows remote attackers to execute arbitrary commands via the --renderer-path option in a "chromehtml: URI" API endpoint. A third party disputes this issue, stating that Chrome will ask...

Inktomi Traffic Server traffic_manager local overflow.

Advisory ID Internal CORE-220620 Bugtraq ID: 5098 CVE Name: CVE-2002-1013 Title: Inktomi Traffic Server trafficmanager local overflow. Class: Boundary error condition buffer overflow Remotely Exploitable: NO Locally Exploitable: Yes Vendors contacted: Inktomi Corporation INKT . Inital email sent:...