PT-2026-39742

CVE-2026-20352 iOS 26.3-Research A Public Open-Source research framework with .py and .sh files created for analyzing iOS 26.3 security mechanisms. This project is designed to be advanced through the collective in... https://t.co/5O6AR6f6H7...

[SECURITY] Fedora 44 Update: gum-0.17.0-3.fc44

A tool for glamorous shell scripts. Leverage the power of Bubbles and Lip Glo ss in your scripts and aliases without writing any Go code!...

[SECURITY] Fedora 42 Update: gum-0.16.1-2.fc42

A tool for glamorous shell scripts. Leverage the power of Bubbles and Lip Glo ss in your scripts and aliases without writing any Go code!...

uutils coreutils has an Incorrect Short Circuit Evaluation Issue

A logic error in the expr utility of uutils coreutils causes the program to evaluate parenthesized subexpressions during the parsing phase rather than at the execution phase. This implementation flaw prevents the utility from performing proper short-circuiting for logical OR | and AND & operation...

CVE-2026-35378

A logic error in the expr utility of uutils coreutils causes the program to evaluate parenthesized subexpressions during the parsing phase rather than at the execution phase. This implementation flaw prevents the utility from performing proper short-circuiting for logical OR | and AND & operation...

CVE-2026-35197

dye is a portable and respectful color library for shell scripts. Prior to 1.1.1, certain dye template expressions would result in execution of arbitrary code. This issue was discovered and fixed by dye's author, and is not known to be exploited. This vulnerability is fixed in 1.1.1...

EUVD-2026-19471

dye is a portable and respectful color library for shell scripts. Prior to 1.1.1, certain dye template expressions would result in execution of arbitrary code. This issue was discovered and fixed by dye's author, and is not known to be exploited. This vulnerability is fixed in 1.1.1...

CVE-2026-35197

dye is a portable and respectful color library for shell scripts. Prior to 1.1.1, certain dye template expressions would result in execution of arbitrary code. This issue was discovered and fixed by dye's author, and is not known to be exploited. This vulnerability is fixed in 1.1.1...

dye 代码注入漏洞

Dye is a portable library developed by Mattie’s personal developer, designed for adding colors and styles to shell script outputs. Versions of dye prior to 1.1.1 contained a code injection vulnerability; this vulnerability stemmed from certain template expressions that could allow arbitrary code ...

PT-2026-30721

dye is a portable and respectful color library for shell scripts. Prior to 1.1.1, certain dye template expressions would result in execution of arbitrary code. This issue was discovered and fixed by dye's author, and is not known to be exploited. This vulnerability is fixed in 1.1.1...

CVE-2026-25603 Path Traversal vulnerability in Linksys MR9600, Linksys MX4200

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Linksys MR9600, Linksys MX4200 allows that contents of a USB drive partition can be mounted in an arbitrary location of the file system. This may result in the execution of shell scripts in the context o...

melange 操作系统命令注入漏洞

Melange is a software developed by Chainguard for building APKs from source code. Versions of Melange from 0.10.0 to 0.40.3 had an operating system command injection vulnerability. This vulnerability stemmed from the patch pipeline incorrectly referencing or verifying input-derived values when...

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the working-directory field when user-supplied input is embedded into shell scripts without proper quote escaping. An attacker can execute arbitrary shell commands by providing crafted build input values that are...

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the working-directory field when user-supplied input is embedded into shell scripts without proper quote escaping. An attacker can execute arbitrary shell commands by providing crafted build input values that are...

melange pipeline working-directory could allow command injection

An attacker who can provide build input values, but not modify pipeline definitions, could execute arbitrary shell commands if the pipeline uses $vars. or $inputs. substitutions in working-directory. The field is embedded into shell scripts without proper quote escaping. Fix: Fixed with e51ca30c,...

melange pipeline working-directory could allow command injection

An attacker who can provide build input values, but not modify pipeline definitions, could execute arbitrary shell commands if the pipeline uses $vars. or $inputs. substitutions in working-directory. The field is embedded into shell scripts without proper quote escaping...

EUVD-2025-206519

An issue in Shirt Pocket's SuperDuper! 3.11 and earlier allow a local attacker to modify the default task template to install an arbitrary package that can run shell scripts with root privileges and Full Disk Access, thus bypassing macOS privacy controls...

EUVD-2023-60242

ProjectSend r1605 contains a remote code execution vulnerability that allows attackers to upload malicious files by manipulating file extensions. Attackers can upload shell scripts with disguised extensions through the upload.process.php endpoint to execute arbitrary commands on the server...

CVE-2023-53980

ProjectSend r1605 contains a remote code execution vulnerability that allows attackers to upload malicious files by manipulating file extensions. Attackers can upload shell scripts with disguised extensions through the upload.process.php endpoint to execute arbitrary commands on the server...

CVE-2023-53980

ProjectSend r1605 contains a remote code execution vulnerability that allows attackers to upload malicious files by manipulating file extensions. Attackers can upload shell scripts with disguised extensions through the upload.process.php endpoint to execute arbitrary commands on the server...