Lucene search
K

1136 matches found

Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.11 views

PT-2026-54640

Name of the Vulnerable Software and Affected Versions Request a Quote versions prior to 2.5.6 Description The Request a Quote plugin for WordPress allows unauthenticated attackers to perform code injection. The issue occurs because the emd delete file function derives a PHP function name from the...

7.5CVSS6.1AI score0.00333EPSS
Exploits0References12
CVE
CVE
added 2026/06/30 2:36 p.m.15 views

CVE-2026-27955

Summary: CVE-2026-27955 affects Coolify prior to 4.0.0-beta.464, where the executeInDocker() helper wraps commands in bash -c '{$command}' without escaping single quotes. User-controlled fields docker_compose_custom_build_command and docker_compose_custom_start_command are interpolated directly, ...

6.6CVSS5.9AI score0.00222EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/30 11:20 a.m.6 views

EUVD-2026-40295

DBIx::QuickORM versions before 0.000026 for Perl allow SQL injection via unquoted SQL identifiers. The default SQL builder, a SQL::Abstract subclass, sets bindtype in its constructor but never quotechar, so SQL::Abstract emits identifiers verbatim. Caller-supplied identifiers orderby, where-claus...

9.8CVSS5.8AI score0.0035EPSS
Exploits0References2
OSV
OSV
added 2026/06/30 7:49 a.m.2 views

OPENSUSE-SU-2026:21176-1 Security update for python-pytest-html

This update for python-pytest-html fixes the following issues: Changes in python-pytest-html: - Revendor updating shell-quote and js-yaml deps: - CVE-2026-13311: shell-quote: inefficient input parsing can lead to a denial of service bsc1269361 - CVE-2026-53550: js-yaml: quadratic complexity when...

8.7CVSS5.7AI score0.0036EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-13311

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - shell-quote prior to 1.8.5 finalizes parsed tokens in parse using Array.prototype.concat as a reduce accumulator, which reallocates and copies the entire growin...

8.7CVSS6.5AI score0.0036EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/06/27 2:5 a.m.6 views

SUSE CVE-2026-13311

shell-quote prior to 1.8.5 finalizes parsed tokens in parse using Array.prototype.concat as a reduce accumulator, which reallocates and copies the entire growing array on every iteration. As a result parse runs in On^2 time relative to the number of input tokens. An attacker who can supply an...

7.5CVSS6.3AI score0.0036EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/25 11:23 p.m.15 views

CVE-2026-13311

A flaw was found in the shell-quote component. An attacker who can supply a specially crafted string to the parse function can exploit an inefficiency in how the component processes input. This can cause the single-threaded Node.js event loop to be blocked for an extended period, leading to a...

8.7CVSS6.2AI score0.0036EPSS
Exploits0References5
NVD
NVD
added 2026/06/25 4:16 p.m.10 views

CVE-2026-57456

Vim is an open source, command line text editor. Prior to 9.2.0699, Vim's Python omni-completion runtime/autoload/python3complete.vim and the legacy pythoncomplete.vim executes reconstructed function and class definitions from the current buffer with exec as part of populating the completion...

8.4CVSS0.00144EPSS
Exploits0References3
NVD
NVD
added 2026/06/25 5:16 a.m.9 views

CVE-2026-13311

shell-quote prior to 1.8.5 finalizes parsed tokens in parse using Array.prototype.concat as a reduce accumulator, which reallocates and copies the entire growing array on every iteration. As a result parse runs in On^2 time relative to the number of input tokens. An attacker who can supply an...

8.7CVSS0.0036EPSS
Exploits0References2
OSV
OSV
added 2026/06/25 5:16 a.m.3 views

DEBIAN-CVE-2026-13311

shell-quote prior to 1.8.5 finalizes parsed tokens in parse using Array.prototype.concat as a reduce accumulator, which reallocates and copies the entire growing array on every iteration. As a result parse runs in On^2 time relative to the number of input tokens. An attacker who can supply an...

8.7CVSS6.3AI score0.0036EPSS
Exploits0References1
OSV
OSV
added 2026/06/25 5:16 a.m.6 views

UBUNTU-CVE-2026-13311

shell-quote prior to 1.8.5 finalizes parsed tokens in parse using Array.prototype.concat as a reduce accumulator, which reallocates and copies the entire growing array on every iteration. As a result parse runs in On^2 time relative to the number of input tokens. An attacker who can supply an...

8.7CVSS6.3AI score0.0036EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/25 4:48 a.m.40 views

CVE-2026-13311 shell-quote parse() is quadratic in token count, enabling denial of service

shell-quote prior to 1.8.5 finalizes parsed tokens in parse using Array.prototype.concat as a reduce accumulator, which reallocates and copies the entire growing array on every iteration. As a result parse runs in On^2 time relative to the number of input tokens. An attacker who can supply an...

8.7CVSS0.0036EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/06/25 4:48 a.m.5 views

CVE-2026-13311

shell-quote prior to 1.8.5 finalizes parsed tokens in parse using Array.prototype.concat as a reduce accumulator, which reallocates and copies the entire growing array on every iteration. As a result parse runs in On^2 time relative to the number of input tokens. An attacker who can supply an...

8.7CVSS6.3AI score0.0036EPSS
Exploits0
EUVD
EUVD
added 2026/06/25 4:48 a.m.5 views

EUVD-2026-39180

shell-quote prior to 1.8.5 finalizes parsed tokens in parse using Array.prototype.concat as a reduce accumulator, which reallocates and copies the entire growing array on every iteration. As a result parse runs in On^2 time relative to the number of input tokens. An attacker who can supply an...

8.7CVSS6.3AI score0.0036EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/25 4:48 a.m.7 views

CVE-2026-13311

shell-quote prior to 1.8.5 finalizes parsed tokens in parse using Array.prototype.concat as a reduce accumulator, which reallocates and copies the entire growing array on every iteration. As a result parse runs in On^2 time relative to the number of input tokens. An attacker who can supply an...

8.7CVSS6.3AI score0.0036EPSS
Exploits0References3
CVE
CVE
added 2026/06/25 4:48 a.m.45 views

CVE-2026-13311

The CVE affects the shell-quote library prior to version 1.8.5. The parse() function accumulates tokens by using Array.prototype.concat as a reduce accumulator, causing O(n^2) time relative to token count and enabling a potential denial of service by blocking the Node.js event loop with small, at...

8.7CVSS6.3AI score0.0036EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.19 views

PT-2026-52200

Name of the Vulnerable Software and Affected Versions shell-quote versions prior to 1.8.5 Description The parse function finalizes parsed tokens using Array.prototype.concat as a reduce accumulator, causing the entire growing array to be reallocated and copied during every iteration. This results...

8.7CVSS6.2AI score0.0036EPSS
Exploits0References14
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.6 views

Oracle Linux 8 : evince (ELSA-2026-28998)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-28998 advisory. - Fix CVE-2026-46529: quote string arguments passed to evspawn Tenable has extracted the preceding description block directly from the Oracle Linux security...

8.4CVSS6AI score0.00529EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/24 1:39 a.m.10 views

keylime: Keylime: Security bypass due to hardcoded TPM quote nonce

A flaw was found in Keylime. An attacker with root access on an enrolled monitored machine, where the Keylime agent runs, can exploit a vulnerability in the Keylime verifier. The verifier uses a hardcoded challenge nonce for Trusted Platform Module TPM quote attestation instead of a...

6.3CVSS5.8AI score0.00121EPSS
Exploits0References4
OSV
OSV
added 2026/06/23 1:50 p.m.4 views

SUSE-SU-2026:22266-1 Security update for sg3_utils

This update for sg3utils fixes the following issues: - sginq: --export output conformance for SCSI name string and ATA fields bsc1267823 - rescan-scsi-bus.sh: quote $idserial in findmultipath call bsc1268201...

5.8AI score
Exploits0References3
Rows per page
Query Builder