Lucene search
K

17 matches found

NVD
NVD
added 2026/06/18 4:16 a.m.15 views

CVE-2026-12407

The E2Pdf – Export Pdf Tool for WordPress plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.32.26. This is due to the screenaction function lacking a dedicated capability check and nonce verification — when invoked via the ?action=screen routing path...

8.8CVSS0.00387EPSS
Exploits0References10
OSV
OSV
added 2026/05/18 9:44 a.m.8 views

OPENSUSE-SU-2026:20777-1 Security update for python-GitPython

This update for python-GitPython fixes the following issues - CVE-2026-42215: command injection via Git options bypass bsc1264604. - CVE-2026-42284: unsafe option check validates multioptions before shlex.split transforms it bsc1264605. - CVE-2026-44243: path traversal in GitPython reference APIs...

9.8CVSS5.9AI score0.00719EPSS
Exploits4References8
OSV
OSV
added 2026/05/18 9:43 a.m.7 views

SUSE-SU-2026:21813-1 Security update for python-GitPython

This update for python-GitPython fixes the following issues - CVE-2026-42215: command injection via Git options bypass bsc1264604. - CVE-2026-42284: unsafe option check validates multioptions before shlex.split transforms it bsc1264605. - CVE-2026-44243: path traversal in GitPython reference APIs...

9.8CVSS7.4AI score0.00719EPSS
Exploits4References9
CVE
CVE
added 2026/05/13 2:41 p.m.36 views

CVE-2026-44290

CVE-2026-44290 affects protobufjs, where certain schema option paths could traverse inherited properties during option processing, potentially corrupting process-wide built-in functionality. This vulnerability exists in versions prior to 7.5.6 and 8.0.2 and can enable a crafted protobuf schema or...

7.5CVSS5.8AI score0.00374EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/13 2:41 p.m.8 views

CVE-2026-44290 protobufjs: Process-wide denial of service through unsafe option paths

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs allowed certain schema option paths to traverse through inherited object properties while applying options. A crafted protobuf schema or JSON descriptor could cause option handling to write...

7.5CVSS5.8AI score0.00374EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/13 2:41 p.m.57 views

CVE-2026-44290 protobufjs: Process-wide denial of service through unsafe option paths

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs allowed certain schema option paths to traverse through inherited object properties while applying options. A crafted protobuf schema or JSON descriptor could cause option handling to write...

7.5CVSS0.00374EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/12 3:1 p.m.20 views

protobuf.js: Process-wide denial of service through unsafe option paths

Summary protobufjs allowed certain schema option paths to traverse through inherited object properties while applying options. A crafted protobuf schema or JSON descriptor could cause option handling to write to properties on global JavaScript constructors, corrupting process-wide built-in...

7.5CVSS6.2AI score0.00374EPSS
Exploits0References5Affected Software1
Patchstack
Patchstack
added 2026/05/12 3:1 p.m.9 views

NPM: protobuf.js: Process-wide denial of service through unsafe option paths

NPM: protobuf.js: Process-wide denial of service through unsafe option paths vulnerability discovered by ? in WordPress Npm protobufjs versions = 7.5.5...

7.5CVSS5.8AI score0.00374EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/05/12 3:1 p.m.12 views

GHSA-JVWF-75H9-CWGG protobuf.js: Process-wide denial of service through unsafe option paths

Summary protobufjs allowed certain schema option paths to traverse through inherited object properties while applying options. A crafted protobuf schema or JSON descriptor could cause option handling to write to properties on global JavaScript constructors, corrupting process-wide built-in...

7.5CVSS6.2AI score0.00374EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/07 6:19 p.m.12 views

CVE-2026-42284 GitPython: Unsafe option check validates multi_options before shlex.split transforms it

GitPython is a python library used to interact with Git repositories. Prior to version 3.1.47, clone validates multioptions as the original list, then executes shlex.split" ".joinmultioptions. A string like "--branch main --config core.hooksPath=/x" passes validation starts with --branch, but aft...

8.1CVSS5.7AI score0.00571EPSS
Exploits1References2
CVE
CVE
added 2026/05/07 6:19 p.m.20 views

CVE-2026-42284

GitPython (Python Git library) is affected by CVE-2026-42284 due to unsafe handling of multi_options in _clone() before 3.1.47. The code validates multi_options as the original list, then performs shlex.split(" ".join(multi_options)), which can allow a crafted string like "--branch main --config ...

9.8CVSS5.7AI score0.00571EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/13 5:15 p.m.4 views

CVE-2026-28291 simple-git has Command Execution via Option-Parsing Bypass

simple-git enables running native Git commands from JavaScript. Versions up to and including 3.31.1 allow execution of arbitrary commands through Git option manipulation, bypassing safety checks meant to block dangerous options like -u and --upload-pack. The flaw stems from an incomplete fix for...

8.1CVSS7.4AI score0.00652EPSS
Exploits1References5
NVD
NVD
added 2026/01/21 9:16 p.m.8 views

CVE-2026-22793

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe option parsing vulnerability in the ECharts Markdown plugin allows any user able to submit ECharts code blocks to execute arbitrary JavaScript code in the...

9.6CVSS0.00607EPSS
Exploits1References2
OSV
OSV
added 2026/01/21 9:6 p.m.7 views

CVE-2026-22793 5ire vulnerable to Remote Code Execution (RCE) via ECharts

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe option parsing vulnerability in the ECharts Markdown plugin allows any user able to submit ECharts code blocks to execute arbitrary JavaScript code in the...

9.6CVSS6.2AI score0.00607EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/01/21 9:6 p.m.3 views

CVE-2026-22793

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe option parsing vulnerability in the ECharts Markdown plugin allows any user able to submit ECharts code blocks to execute arbitrary JavaScript code in the...

9.6CVSS6AI score0.00607EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/21 12:0 a.m.10 views

PT-2026-3864

Name of the Vulnerable Software and Affected Versions 5ire versions prior to 0.15.3 Description 5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. A flaw in the ECharts Markdown plugin allows any user capable of submitting ECharts code blocks to...

9.6CVSS6AI score0.00607EPSS
Exploits1References10
OSV
OSV
added 2023/09/28 11:6 a.m.5 views

OESA-2023-1693 ctags security update

Ctags generates an index or tag file of language objects found in source files that allows these items to be quickly and easily located by a text editor or other utility. A tag signifies a language object for which an index entry is available or, alternatively, the index entry created for that...

7.8CVSS7.1AI score0.00577EPSS
Exploits1References2
Rows per page
Query Builder