Lucene search
K

590 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/12 7:41 p.m.5 views

CVE-2026-32260

Deno is a JavaScript, TypeScript, and WebAssembly runtime. From 2.7.0 to 2.7.1, A command injection vulnerability exists in Deno's node:childprocess polyfill shell: true mode that bypasses the fix for CVE-2026-27190. The two-stage argument sanitization in transformDenoShellCommand...

9.8CVSS6AI score0.02213EPSS
Exploits2References2Affected Software1
OSV
OSV
added 2026/03/12 7:41 p.m.3 views

CVE-2026-32260 Command Injection via incomplete shell metacharacter blocklist in node:child_process (bypass of CVE-2026-27190 fix)

Deno is a JavaScript, TypeScript, and WebAssembly runtime. From 2.7.0 to 2.7.1, A command injection vulnerability exists in Deno's node:childprocess polyfill shell: true mode that bypasses the fix for CVE-2026-27190. The two-stage argument sanitization in transformDenoShellCommand...

8.1CVSS6.1AI score0.01483EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2026/03/12 1:40 p.m.4 views

cpython: email header injection due to unquoted newlines

A flaw was found in the email module in the Python standard library. When serializing an email message, the BytesGenerator class fails to properly quote newline characters for email headers. This issue is exploitable when the LiteralHeader class is used as it does not respect email folding rules,...

6CVSS7.3AI score0.0056EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2026/03/12 12:38 p.m.8 views

cpython: email header injection due to unquoted newlines

A flaw was found in the email module in the Python standard library. When serializing an email message, the BytesGenerator class fails to properly quote newline characters for email headers. This issue is exploitable when the LiteralHeader class is used as it does not respect email folding rules,...

6CVSS7.3AI score0.0056EPSS
Exploits0References9
OSV
OSV
added 2026/03/12 10:20 a.m.2 views

SUSE-SU-2026:0884-1 Security update for python36

This update for python36 fixes the following issues: - CVE-2026-1299: header injection when an email is serialized due to improper newline quoting in BytesGenerator bsc1257181...

6CVSS5.8AI score0.0056EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.6 views

PT-2026-25071

Summary A command injection vulnerability exists in Deno's node:child process polyfill shell: true mode that bypasses the fix for CVE-2026-27190 GHSA-hmh4-3xvx-q5hr. An attacker who controls arguments passed to spawnSync or spawn with shell: true can execute arbitrary OS commands, bypassing Deno'...

9.8CVSS6.1AI score0.02213EPSS
Exploits2References8
SUSE Linux
SUSE Linux
added 2026/03/11 5:7 p.m.5 views

Security update for python

This update for python fixes the following issue: CVE-2026-1299: header injection when an email is serialized due to improper newline quoting in BytesGenerator bsc1257181. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypp...

8.3CVSS5.8AI score0.0056EPSS
Exploits0References4
OSV
OSV
added 2026/03/03 9:37 p.m.3 views

GHSA-MQR9-VQHQ-3JXW OpenClaw Windows Scheduled Task script generation allowed local command injection via unsafe cmd argument handling

Summary OpenClaw Windows Scheduled Task script generation allowed unsafe argument handling in generated gateway.cmd files. In vulnerable versions, cmd metacharacter-only values could be emitted without safe quoting/escaping, which could lead to unintended command execution when the scheduled task...

8.5CVSS6.1AI score0.00571EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/03 12:0 a.m.4 views

PT-2026-26234

Summary OpenClaw Windows Scheduled Task script generation allowed unsafe argument handling in generated gateway.cmd files. In vulnerable versions, cmd metacharacter-only values could be emitted without safe quoting/escaping, which could lead to unintended command execution when the scheduled task...

8.5CVSS6AI score0.00571EPSS
Exploits0References11
OSV
OSV
added 2026/02/21 7:24 a.m.7 views

CVE-2026-27469 Isso: Stored XSS via comment website field

Isso is a lightweight commenting server written in Python and JavaScript. In commits before 0afbfe0691ee237963e8fb0b2ee01c9e55ca2144, there is a stored Cross-Site Scripting XSS vulnerability affecting the website and author comment fields. The website field was HTML-escaped using quote=False, whi...

6.1CVSS5.8AI score0.00216EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/02/04 12:0 a.m.5 views

PT-2026-5807

Name of the Vulnerable Software and Affected Versions ProShow Producer version 9.0.3797 Description The software contains an unquoted service path vulnerability within the ScsiAccess service. This allows local attackers to potentially execute arbitrary code. Exploitation involves leveraging the...

8.5CVSS6AI score0.0015EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/02/04 12:0 a.m.6 views

PT-2026-5804

Name of the Vulnerable Software and Affected Versions NETGATE Data Backup version 3.0.620 Description The software contains an unquoted service path vulnerability in its NGDatBckpSrv Windows service configuration. This allows attackers to inject and execute malicious code with LocalSystem...

8.5CVSS5.6AI score0.00329EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/02/04 12:0 a.m.7 views

PT-2026-5805

Name of the Vulnerable Software and Affected Versions TexasSoft CyberPlanet version 6.4.131 Description TexasSoft CyberPlanet 6.4.131 contains a security issue due to an unquoted service path in the CCSrvProxy service. This allows local attackers to execute arbitrary code. The unquoted path is...

8.5CVSS5.8AI score0.0015EPSS
Exploits0References6
OSV
OSV
added 2026/02/03 11:48 p.m.4 views

GHSA-VQQR-RMPC-HHG2 melange pipeline working-directory could allow command injection

An attacker who can provide build input values, but not modify pipeline definitions, could execute arbitrary shell commands if the pipeline uses $vars. or $inputs. substitutions in working-directory. The field is embedded into shell scripts without proper quote escaping. Fix: Fixed with e51ca30c,...

7.9CVSS5.8AI score0.00176EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.7 views

PT-2026-6488

An attacker who can provide build input values, but not modify pipeline definitions, could execute arbitrary shell commands if the pipeline uses $vars. or $inputs. substitutions in working-directory. The field is embedded into shell scripts without proper quote escaping. Fix: Fixed with e51ca30c,...

7.9CVSS5.8AI score0.00176EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/02/01 12:0 a.m.8 views

EPSON EasyMP Network Projection 代码问题漏洞

EPSON EasyMP Network Projection is a network projection management software developed by the Japanese company EPSON. Version 2.81 of EPSON EasyMP Network Projection contains a code vulnerability. This vulnerability stems from a path in the EMPNSWLSV service that lacks quotation marks, which may...

8.5CVSS6.1AI score0.0015EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/28 3:16 a.m.10 views

CVE-2026-22696

dcap-qvl implements the quote verification logic for DCAP Data Center Attestation Primitives. A vulnerability present in versions prior to 0.3.9 involves a critical gap in the cryptographic verification process within the dcap-qvl. The library fetches QE Identity collateral including qeidentity,...

9.3CVSS5.9AI score0.00208EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/26 9:28 p.m.3 views

CVE-2026-22696

dcap-qvl implements the quote verification logic for DCAP Data Center Attestation Primitives. A vulnerability present in versions prior to 0.3.9 involves a critical gap in the cryptographic verification process within the dcap-qvl. The library fetches QE Identity collateral including qeidentity,...

9.3CVSS5.9AI score0.00208EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/01/26 6:55 p.m.8 views

dcap-qvl has Missing Verification for QE Identity

Impact This vulnerability involves a critical gap in the cryptographic verification process within the dcap-qvl. The library fetches QE Identity collateral including qeidentity, qeidentitysignature, and qeidentityissuerchain from the PCCS. However, it skips to verify the QE Identity signature...

9.3CVSS5.9AI score0.00208EPSS
Exploits0References3Affected Software4
OSV
OSV
added 2026/01/22 12:23 p.m.15 views

CLSA-2026-1769084608 mariadb: Fix of 5 CVEs

Updated to the 10.5.29 tarball - CVE-2025-30722: fix mariadb-dump wrong quoting character by using ' not " and using quoteforequal - CVE-2025-30693: fix incorrect undo logging for indexes on virtual columns by properly encoding/decoding large index IDs in InnoDB undo log records - CVE-2025-21490:...

6.8CVSS6.6AI score0.01236EPSS
Exploits0References1
Rows per page
Query Builder