Lucene search
K

4 matches found

Cvelist
Cvelist
added 2026/06/11 6:33 p.m.29 views

CVE-2026-48547 KanaDojo < 0.1.18 Command Injection via patchNotesData.json in release.yml

KanaDojo contains a command injection vulnerability that allows an attacker with pull request access to execute arbitrary shell commands by inserting shell metacharacters into the version or changes fields of patchNotesData.json, which are interpolated unsanitized into a childprocess.execSync cal...

8.5CVSS0.0091EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/12 2:18 p.m.31 views

CVE-2026-32687 SQL injection via channel name in Postgrex.Notifications.listen/3 and unlisten/3

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in elixir-ecto postgrex 'Elixir.Postgrex.Notifications' module allows SQL Injection. The channel argument passed to 'Elixir.Postgrex.Notifications':listen/3 and...

7.5CVSS0.00198EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/04/20 11:25 p.m.8 views

SUSE CVE-2026-40527

radare2 prior to commit bc5a890 contains a command injection vulnerability in the afsv/afsvj command path where crafted ELF binaries can embed malicious r2 command sequences as DWARF DWTAGformalparameter names. Attackers can craft a binary with shell commands in DWARF parameter names that execute...

8.5CVSS6.2AI score0.00915EPSS
Exploits1References3
OSV
OSV
added 2026/03/27 7:43 p.m.3 views

GHSA-C4R5-FXQW-VH93 Ruby LSP has arbitrary code execution through branch setting

Summary The rubyLsp.branch VS Code workspace setting was interpolated without sanitization into a generated Gemfile, allowing arbitrary Ruby code execution when a user opens a project containing a malicious .vscode/settings.json. Other editors that support workspace setting that get automatically...

7.1CVSS6.3AI score0.00479EPSS
Exploits0References5
Rows per page
Query Builder