CVE-2026-45570

go-git is an extensible git implementation library written in pure Go. Prior to 5.19.1 and 6.0.0-alpha.4, go-git's SSH transport constructs the remote exec command by wrapping the repository path in single quotes without escaping single quotes embedded inside the path. A repository path containin...

CVE-2026-45570

go-git is an extensible git implementation library written in pure Go. Prior to 5.19.1 and 6.0.0-alpha.4, go-git's SSH transport constructs the remote exec command by wrapping the repository path in single quotes without escaping single quotes embedded inside the path. A repository path containin...

PT-2026-41958

Name of the Vulnerable Software and Affected Versions go-git versions prior to v5 Description The SSH transport in go-git constructs the remote exec command by wrapping the repository path in single quotes but fails to escape single quotes embedded within that path. This allows a repository path...

CVE-2025-41359 Multiple vulnerabilities in Small HTTP server by Smallsrv

Vulnerability related to an unquoted service path in Small HTTP Server 3.06.36, specifically affecting the executable located at 'C:\Program Files x86\shttpsmg\http.exe service'. This misconfiguration allows a local attacker to place a malicious executable with the same name in a higher priority...

CVE-2025-41359 Multiple vulnerabilities in Small HTTP server by Smallsrv

Vulnerability related to an unquoted service path in Small HTTP Server 3.06.36, specifically affecting the executable located at 'C:\Program Files x86\shttpsmg\http.exe service'. This misconfiguration allows a local attacker to place a malicious executable with the same name in a higher priority...

CVE-2025-41368 Multiple vulnerabilities in Small HTTP server by Smallsrv

Problem in the Small HTTP Server v3.06.36 service. An authenticated path traversal vulnerability in '/' allows remote users to bypass the intended restrictions of SecurityManager and display any file if they have the appropriate permissions outside the document root configured on the server...

PT-2026-5807

Name of the Vulnerable Software and Affected Versions ProShow Producer version 9.0.3797 Description The software contains an unquoted service path vulnerability within the ScsiAccess service. This allows local attackers to potentially execute arbitrary code. Exploitation involves leveraging the...

PT-2026-5804

Name of the Vulnerable Software and Affected Versions NETGATE Data Backup version 3.0.620 Description The software contains an unquoted service path vulnerability in its NGDatBckpSrv Windows service configuration. This allows attackers to inject and execute malicious code with LocalSystem...

EPSON EasyMP Network Projection 代码问题漏洞

EPSON EasyMP Network Projection is a network projection management software developed by the Japanese company EPSON. Version 2.81 of EPSON EasyMP Network Projection contains a code vulnerability. This vulnerability stems from a path in the EMPNSWLSV service that lacks quotation marks, which may...

Gearboxcomputers WifiHotSpot code-related vulnerabilities

Gearboxcomputers WifiHotSpot is a virtual router software developed by Gearboxcomputers. Version 1.0.0.0 of WifiHotSpot contains a code vulnerability. This vulnerability stems from the service path in WifiHotSpotService.exe that lacks quotation marks, which may lead to privilege escalation...

CVE-2025-59888

Improper quotation in search paths in the Eaton UPS Companion software installer could lead to arbitrary code execution of an attacker with the access to the file system. This security issue has been fixed in the latest version of EUC which is available on the Eaton download center...

python39:3.9 security update

An update is available for module.modwsgi, module.python-psutil, python-packaging, module.Cython, module.python3x-setuptools, module.python-iniconfig, module.python-wcwidth, module.python-ply, module.python39, python-psycopg2, python-psutil, python-chardet, module.python-pluggy, python-lxml,...

RockyLinux 8 : python39:3.9 (RLSA-2025:23530)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:23530 advisory. python: Invalid value for OpenSSL API may cause Buffer over-read when NPN is used CVE-2024-5642 python: Virtual environment venv activation scripts don'...

Important: python39:3.9 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

EUVD-2014-0511

Malware in sbrugna...

OMRON Uninterruptible Power Supply management application 安全漏洞

OMRON Uninterruptible Power Supply management application is a software for monitoring and configuring uninterruptible power supply devices from OMRON Japan. A security vulnerability exists in the OMRON Uninterruptible Power Supply management application that originates from a Windows service...

CLSA-2025-1748638245 python3: Fix of CVE-2024-9287

CVE-2024-9287: fix path names quoting to prevent command injection in virtual environment activation scripts...

CVE-2020-11632

The Zscaler Client Connector prior to 2.1.2.150 did not quote the search path for services, which allows a local adversary to execute code with system privileges...

Medium: python3

Issue Overview: A vulnerability has been found in the CPython venv module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts ie "source venv/bin/activate". This means...

USN-7348-2 python3.5, python3.8 regression

USN-7348-1 fixed vulnerabilities in Python. The update introduced a regression. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that the Python ipaddress module contained incorrect information about which IP address ranges were...