PT-2026-45896

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=515650237 Crash type: Security exception Crash state: com.puppycrawl.tools.checkstyle.grammar.java.JavaLanguageParser.statement java.base/jdk.internal.misc.Unsafe.weakCompareAndSetInt...

CVE-2026-28291

CVE-2026-28291 affects the Node.js package simple-git up to version 3.31.1, where an attacker can execute arbitrary commands by abusing Git option parsing. The flaw stems from an incomplete fix for CVE-2022-25860: Git’s flexible option parsing allows combinations such as -vu, -4u, -nu to bypass t...

GHSA-R275-FR43-PM7Q simple-git has blockUnsafeOperationsPlugin bypass via case-insensitive protocol.allow config key enables RCE

Summary The blockUnsafeOperationsPlugin in simple-git fails to block git protocol override arguments when the config key is passed in uppercase or mixed case. An attacker who controls arguments passed to git operations can enable the ext:: protocol by passing -c PROTOCOL.ALLOW=always, which...

simple-git has blockUnsafeOperationsPlugin bypass via case-insensitive protocol.allow config key enables RCE

Summary The blockUnsafeOperationsPlugin in simple-git fails to block git protocol override arguments when the config key is passed in uppercase or mixed case. An attacker who controls arguments passed to git operations can enable the ext:: protocol by passing -c PROTOCOL.ALLOW=always, which...

CVE-2026-28292

The CVE-2026-28292 entry concerns the Node.js package simple-git. Affected versions are 3.15.0 through 3.32.2 and the issue bypasses prior fixes from CVE-2022-25860 and CVE-2022-25912, enabling full remote code execution on the host. A fix is noted in version 3.23.0. No exploitation details or in...

OSV-2026-94 Security exception in com.puppycrawl.tools.checkstyle.grammar.java.JavaLanguageParser.statement

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=476574781 Crash type: Security exception Crash state: com.puppycrawl.tools.checkstyle.grammar.java.JavaLanguageParser.statement java.base/jdk.internal.misc.Unsafe.weakCompareAndSetInt...

EUVD-2021-30897

Malicious code in bioql PyPI...

BIT-MARIADB-MIN-2020-7221

mysqlinstalldb in MariaDB 10.4.7 through 10.4.11 allows privilege escalation from the mysql user account to root because chown and chmod are performed unsafely, as demonstrated by a symlink attack on a chmod 04755 of authpamtooldir/authpamtool. NOTE: this does not affect the Oracle MySQL product,...

PT-2023-35979 · Oracle · Java.Base

Name of the Vulnerable Software and Affected Versions: org.antlr.v4.runtime affected versions not specified Description: A security exception crash has been reported. The crash involves the fromRuleContext function in org.antlr.v4.runtime.atn.PredictionContext, along with weakCompareAndSetInt and...

CVE-2021-38586

CVE-2021-38586 affects cPanel prior to 98.0.1. The issue is in /scripts/cpan_config, performing unsafe operations on files (SEC-589). The NVD metrics show CVSSv2/2.0: Low (2.1) with local access; CVSSv3.1/3.1: Medium (4.4) with local access, high integrity impact. Exploitation details or remediat...

F5 BIG-IP 缓冲区错误漏洞

F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, load balancing and other functions. A buffer overflow vulnerability exists in BIG-IP, which originates when a network system or product performs an operation in...

Nagios Core < 4.2.4 - Root Privilege Escalation (CVE-2016-9566)

INTRODUCTION ------------------------- Nagios Core daemon in versions below 4.2.4 was found to perform unsafe operations when handling the log file. This could be exploited by malicious local attackers to escalate their privileges from 'nagios' system user, or from a user belonging to 'nagios'...