72 matches found
CVE-2026-9101
Prototype pollution in csv parsing logic during import can lead to untrusted file paths but not arguments entering shell.openExternal after specific user behavior leading to "1-click" command execution...
CVE-2026-9101 Prototype pollution in csv parsing
Prototype pollution in csv parsing logic during import can lead to untrusted file paths but not arguments entering shell.openExternal after specific user behavior leading to "1-click" command execution...
CVE-2026-9101
Prototype pollution in csv parsing logic during import can lead to untrusted file paths but not arguments entering shell.openExternal after specific user behavior leading to "1-click" command execution...
EUVD-2026-31127
Prototype pollution in csv parsing logic during import can lead to untrusted file paths but not arguments entering shell.openExternal after specific user behavior leading to "1-click" command execution...
CVE-2026-9101 Prototype pollution in csv parsing
Prototype pollution in csv parsing logic during import can lead to untrusted file paths but not arguments entering shell.openExternal after specific user behavior leading to "1-click" command execution...
📄 pdf-image 2.0.0 Command Injection
pdf-image through version 2.0.0 allows OS command injection via the pdfFilePath argument. The package builds shell command strings with util.format and executes them with childprocess.exec. If an application passes an attacker-controlled file path into PDFImage, shell metacharacters in that path...
Unspecified Vulnerability in HCL AION (CNVD-2026-15148)
HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from a security vulnerability that stems from untrusted file parsing operations not being performed in an isolated sandboxed environment, which can be exploited by an attacker to cause unexpected behavior when...
EUVD-2025-208735
HCL AION is affected by a vulnerability where untrusted file parsing operations are not executed within a properly isolated sandbox environment. This may expose the application to potential security risks, including unintended behaviour or integrity impact when processing specially crafted files...
CVE-2025-52643
HCL AION is affected by a vulnerability where untrusted file parsing operations are not executed within a properly isolated sandbox environment. This may expose the application to potential security risks, including unintended behaviour or integrity impact when processing specially crafted files...
PT-2026-25748
HCL AION is affected by a vulnerability where untrusted file parsing operations are not executed within a properly isolated sandbox environment. This may expose the application to potential security risks, including unintended behaviour or integrity impact when processing specially crafted files...
HCL AION 安全漏洞
HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from a security vulnerability that stems from untrusted file parsing operations not being performed in an isolated sandboxed environment, which can be exploited by an attacker to cause unexpected behavior when...
CVE-2025-12495
A flaw was found in OpenEXR, a library for handling High Dynamic Range HDR image files. This heap-based buffer overflow vulnerability allows a remote attacker to execute arbitrary code on a user's system. This occurs when a user is tricked into opening a specially crafted EXR file, exploiting a...
EUVD-2018-1808
Malware in sbrugna...
EUVD-2024-33550
Malicious code in bioql PyPI...
CVE-2025-57776
There is an out of bounds write vulnerability due to improper bounds checking resulting in an invalid address when parsing a DSB file with Digilent DASYLab. This vulnerability may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially...
CVE-2022-3374
The Ocean Extra WordPress plugin before 2.0.5 unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import intentionally or not a malicious Customizer Styling file and a suitable gadget chain is present on the blog...
Ollama 0.5.11 Code Execution
Ollama version 0.5.11 suffers from a code execution vulnerability. ============================================================================================================================================= | Title : Ollama 0.5.11 Code Injection Vulnerability | | Author : indoushka | | Tested o...
CVE-2024-45774
A flaw was found in grub2. A specially crafted JPEG file can cause the JPEG parser of grub2 to incorrectly check the bounds of its internal buffers, resulting in an out-of-bounds write. The possibility of overwriting sensitive information to bypass secure boot protections is not discarded...
CVE-2022-3008
The tinygltf library uses the C library function wordexp to perform file path expansion on untrusted paths that are provided from the input file. This function allows for command injection by using backticks. An attacker could craft an untrusted path input that would result in a path expansion. W...
GO-2025-3400 Matrix Media Repo (MMR) allows untrusted file formats can be thumbnailed, invoking potentially further untrusted decoders in github.com/t2bot/matrix-media-repo
Matrix Media Repo MMR allows untrusted file formats can be thumbnailed, invoking potentially further untrusted decoders in github.com/t2bot/matrix-media-repo...