CVE-2026-13744

Improper neutralization of attacker-controlled content in Snowflake CLI versions prior to 3.19 allowed unintended SQL execution. By supplying crafted repository content, project configuration, manifest data, or specification input, an attacker could cause Snowflake CLI to execute unintended SQL i...

Astra Linux – Vulnerability in Rails

A potential information disclosure/vulnerability in Action Pack = 2.0.0, where using the redirectto or polymorphicurl helper with untrusted user input may lead to unintended method executions...

CVE-2026-29608

OpenClaw 2026.3.1 contains an approval integrity vulnerability in system.run node-host execution where argv rewriting changes command semantics. Attackers can place malicious local scripts in the working directory to execute unintended code despite operator approval of different command text...

CVE-2026-27590

Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, Caddy's FastCGI path splitting logic computes the split index on a lowercased copy of the request path and then uses that byte index to slice the original path. This is unsafe for Unicode because...

CVE-2025-68457

Orejime is a consent manager that focuses on accessibility. On HTML elements handled by Orejime prior to version 2.3.2, one could run malicious code by embedding javascript: code within data attributes. When consenting to the related purpose, Orejime would turn data attributes into unprefixed one...

Linux Distros Unpatched Vulnerability : CVE-2021-22885

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A possible information disclosure / unintended method execution vulnerability in Action Pack = 2.0.0 when using the redirectto or polymorphicurlhelper with...

CVE-2019-18949

SnowHaze before 2.6.6 is sometimes too late to honor a per-site JavaScript blocking setting, which leads to unintended JavaScript execution via a chain of webpage redirections targeted to the user's browser configuration...

CVE-2023-42465

A flaw was found in the sudo package. This issue could allow a local authenticated attacker to cause a bit to flip, which enables fault injection and may authenticate as the root user. Mitigation In general to address this issue, it's crucial to implement robust logic that prevents unintended...

SUSE CVE-2021-22885

A possible information disclosure / unintended method execution vulnerability in Action Pack = 2.0.0 when using the redirectto or polymorphicurlhelper with untrusted user input...

The full intention of an order is not signed

Lines of code Vulnerability details Impact Orders might be replayed or executed where not intended. Proof of Concept The signed order specifies only the matching policy, but not the BlurExchange or ExecutionDelegate. This means that the user might have intended an order specifically for this...

GO-2022-0532 Empty Cmd.Path can trigger unintended binary in os/exec on Windows

On Windows, executing Cmd.Run, Cmd.Start, Cmd.Output, or Cmd.CombinedOutput when Cmd.Path is unset will unintentionally trigger execution of any binaries in the working directory named either "..com" or "..exe"...

CVE-2022-0014 Cortex XDR Agent: Unintended Program Execution When Using Live Terminal Session

An untrusted search path vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables a local attacker with file creation privilege in the Windows root directory such as C:\ to store a program that can then be unintentionally executed by another local user when that user utilizes ...

Security Bulletin: A security vulnerability in Ruby on Rails affects IBM Cloud Pak for Multicloud Management Infrastructure Management

Summary A security vulnerability in Ruby on Rails affects IBM Cloud Pak for Multicloud Management Infrastructure Management. Vulnerability Details CVEID: CVE-2021-22885 DESCRIPTION: Ruby on Rails could allow a remote attacker to obtain sensitive information, caused by improper input validation by...

Open Network Operating System (ONOS) Code Unexpected Execution Vulnerability

Open Network Operating System ONOS is a carrier-grade SDN network operating system for service providers and enterprise backbones. A code unintended execution vulnerability exists in Open Network Operating System ONOS 1.14. The vulnerability stems from a host event listener in the Ethernet VPN...

CVE-2019-18949

SnowHaze before 2.6.6 is sometimes too late to honor a per-site JavaScript blocking setting, which leads to unintended JavaScript execution via a chain of webpage redirections targeted to the user's browser configuration...

GHSA-VM59-329Q-P468 Cross-site Scripting in Apache UIMA

This vulnerability relates to the user's browser processing of DUCC webpage input data.The javascript comprising Apache UIMA DUCC = 2.2.2 which runs in the user's browser does not sufficiently filter user supplied inputs, which may result in unintended execution of user supplied javascript code...

Ruby: Command injection in Pathname

The command may be executed when the value passed to Pathname is the first character of "|". This is the same problem as https://bugs.ruby-lang.org/issues/14245, but here it is executed without warning. ruby $ ruby -v ruby 2.5.3p105 2018-10-18 revision 65156 x8664-darwin16 $ irb irbmain:001:0 ls ...

Ark: Unintended execution of scripts and executable files

Background Ark is a graphical file compression/decompression utility with support for multiple formats. Description A vulnerability was discovered in how Ark handles executable files while browsing a compressed archive. A user could unintentionally execute a malicious script which has the...

CVE-2006-2435

Unspecified vulnerability in IBM WebSphere Application Server 5.0.2 and earlier, and 5.1.1 and earlier, has unknown impact and attack vectors related to "Inserting certain script tags in urls that may allow unintended execution of scripts."...

Workaround for Unintended JSP Execution When Using Oracle Apache/JServ

Workaround for Unintended JSP Execution When Using Oracle Apache/JServ Description A potential security vulnerability has been discovered in Oracle JSP Releases 1.0.x through 1.0.2 when using Oracle Apache/JServ only. This vulnerability permits the execution of unintended or incorrect JSP files...