Remote Code Execution (RCE)

@backstage/plugin-techdocs-node is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper sanitization of user-controlled mkdocs.yml configuration specifically MkDocs hooks when TechDocs is configured with runIn: local, which allows an attacker to execute arbitrary Python...

@backstage/plugin-techdocs-node vulnerable to arbitrary code execution via MkDocs hooks

Impact When TechDocs is configured with runIn: local, a malicious actor who can submit or modify a repository's mkdocs.yml file can execute arbitrary Python code on the TechDocs build server via MkDocs hooks configuration. Patches Upgrade to @backstage/plugin-techdocs-node version 1.13.11, 1.14.1...

CVE-2026-25153

In CVE-2026-25153, versions of @backstage/plugin-techdocs-node before 1.13.11 and before 1.14.1 are vulnerable when TechDocs runs with runIn: local. A malicious actor who can submit or modify a repository’s mkdocs.yml can cause arbitrary Python code execution on the TechDocs build server via MkDo...

Arbitrary Code Injection

Overview @backstage/plugin-techdocs-node is a Common node.js functionalities for TechDocs, to be shared between techdocs-backend plugin and techdocs-cli Affected versions of this package are vulnerable to Arbitrary Code Injection via the processing of MkDocs hooks, when TechDocs is configured wit...

PT-2026-5463

Name of the Vulnerable Software and Affected Versions Backstage versions prior to 1.13.11 and versions prior to 1.14.1 Description Backstage’s @backstage/plugin-techdocs-node component, used for TechDocs, is susceptible to remote code execution. When TechDocs is configured to run locally runIn:...

Malicious code in @b2bgeo/run-in-packages (npm)

--- -= Per source details. Do not edit below this line.=-...

SUSE CVE-2010-1749

Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service application crash via vectors related to the Cascading Style Sheets CSS run-...

SUSE CVE-2011-3068

Use-after-free vulnerability in the Cascading Style Sheets CSS implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to run-in boxes...

SUSE CVE-2012-2866

Google Chrome before 21.0.1180.89 does not properly perform a cast of an unspecified variable during handling of run-in elements, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document...

PT-2023-11812 · Unknown +1 · Trampgeek Jobe +1

Name of the Vulnerable Software and Affected Versions: trampgeek jobe versions 1.6.x and earlier Description: A critical issue affects the function run in sandbox of the file application/libraries/LanguageTask.php, leading to command injection. Recommendations: For trampgeek jobe versions 1.6.x a...

CVE-2022-37002

The SystemUI module has a privilege escalation vulnerability. Successful exploitation of this vulnerability can cause malicious applications to pop up windows or run in the background...

CVE-2022-37002

The SystemUI module has a privilege escalation vulnerability. Successful exploitation of this vulnerability can cause malicious applications to pop up windows or run in the background...

Microsoft Internet Explorer display:run-in Use-After-Free Remote Code Execution 0day Exploit

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how...

Apple Updates OSX Blacklist Following Flash Vulnerability

Apple acknowledged on Thursday that it has updated its OSX plugin blacklist to reflect a critical vulnerability in Adobe Flash made public earlier this week. Going forward in Safari, Apple will block any versions of the mechanism prior to 14.0.0.145 and 13.0.0.231, on older systems. An advisory o...

Design/Logic Flaw

Use-after-free vulnerability in the Cascading Style Sheets CSS implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to run-in boxes...

CVE-2011-3068

Use-after-free vulnerability in the Cascading Style Sheets CSS implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to run-in boxes...

CVE-2011-3068

Removed by vendor...

CVE-2011-3068

Use-after-free vulnerability in the Cascading Style Sheets CSS implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to run-in boxes...

Apple Safari Webkit Runin Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari's Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2010-1806

Use-after-free vulnerability in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2 allows remote attackers to execute arbitrary code or cause a denial of service application crash via run-in styling in an element, related to object pointers...