31091 matches found
MAL-2026-5447 Malicious code in localization-lib (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bf143361939feffe7099c14acc7cf41a401681481e932e15d6054dde49e88f94 [email protected] is an empty shell package: index.js is module.exports = and package.json has no description or author. Its dependencies...
CVE-2026-42906
Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally...
CVE-2026-42907
Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally...
CVE-2026-42907 Windows Shell Information Disclosure Vulnerability
...
EUVD-2026-35596
Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally...
CVE-2026-42907 Windows Shell Information Disclosure Vulnerability
...
CVE-2026-42907
Technical details (affected software, component, root cause, impact and remediation) are not publicly available in the provided documents. Monitor for updates.
CVE-2026-42906
CVE-2026-42906 is a Windows Shell information-disclosure vulnerability. The Windows Shell component exposes sensitive information to an unauthorized actor via a local attack with low privileges required and no user interaction. The impact is confidentiality loss (C:H) while integrity/availability...
CVE-2026-42906 Windows Shell Information Disclosure Vulnerability
...
EUVD-2026-35595
Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally...
CVE-2026-42906 Windows Shell Information Disclosure Vulnerability
...
EUVD-2026-31440
shell-quote quote does not escape newlines in object .op values...
-tompan-reacttemplate (>=1.0.1 <=1.1.0), 0726react (=0.1.1) +28795 more potentially affected by CVE-2026-9277 via shell-quote (>=1.3.3 <=1.8.3)
shell-quote NPM version =1.3.3, =1.0.1, =1.1.0 - 0726react =0.1.1 - 0x0.icu.anima =0.1.0 - 0xcorde-pac =1.0.0 - 0xgank-tea-advice-pull =1.0.0 - 0xgank-tea-balance-pencil =1.0.0 - 0xgank-tea-brick-bell =1.0.0 - 0xgank-tea-cake-victory =1.0.0 - 0xgank-tea-central-compound =1.0.0 -...
shell-quote quote() does not escape newlines in object .op values
Summary shell-quote's quote function did not validate object-token inputs against the operator model used by parse. The .op field was backslash-escaped character by character using /./g, which in JavaScript does not match line terminators \n, \r, U+2028, U+2029. A line terminator in .op therefore...
GHSA-W7JW-789Q-3M8P shell-quote quote() does not escape newlines in object .op values
Summary shell-quote's quote function did not validate object-token inputs against the operator model used by parse. The .op field was backslash-escaped character by character using /./g, which in JavaScript does not match line terminators \n, \r, U+2028, U+2029. A line terminator in .op therefore...
CVE-2026-9279
Logseq exposes an IPC handler that allows the renderer process to execute shell commands. While an allowlist restricts the command name e.g. git, pandoc, grep, the argument string is concatenated with the command and passed to childprocess.spawn with the shell: true option, allowing shell...
Windows Shell Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally...
Windows Shell Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally...
CVE-2026-9279 Shell command injection in Logseq
Logseq exposes an IPC handler that allows the renderer process to execute shell commands. While an allowlist restricts the command name e.g. git, pandoc, grep, the argument string is concatenated with the command and passed to childprocess.spawn with the shell: true option, allowing shell...
CVE-2026-9279
Logseq contains an IPC handler that lets the renderer execute shell commands. Although an allowlist restricts the command name (e.g., git, pandoc, grep), the argument string is concatenated with the command and passed to child_process.spawn with shell: true, allowing shell metacharacters to bypas...