CVE-2026-28291 simple-git has Command Execution via Option-Parsing Bypass

simple-git enables running native Git commands from JavaScript. Versions up to and including 3.31.1 allow execution of arbitrary commands through Git option manipulation, bypassing safety checks meant to block dangerous options like -u and --upload-pack. The flaw stems from an incomplete fix for...

CVE-2026-28291 simple-git has Command Execution via Option-Parsing Bypass

simple-git enables running native Git commands from JavaScript. Versions up to and including 3.31.1 allow execution of arbitrary commands through Git option manipulation, bypassing safety checks meant to block dangerous options like -u and --upload-pack. The flaw stems from an incomplete fix for...

Linux Distros Unpatched Vulnerability : CVE-2026-28291

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - simple-git enables running native Git commands from JavaScript. Versions up to and including 3.31.1 allow execution of arbitrary commands through Git option...

PT-2026-32486

Name of the Vulnerable Software and Affected Versions simple-git versions prior to 3.32.0 Description The library allows the execution of arbitrary commands through the manipulation of Git options. This occurs because the unsafe operations plugin uses a regular-expression-based blocklist to preve...

EUVD-2024-35442

Malicious code in bioql PyPI...

CVE-2024-26148

Querybook is a user interface for querying big data. Prior to version 3.31.1, there is a vulnerability in Querybook's rich text editor that enables users to input arbitrary URLs without undergoing necessary validation. This particular security flaw allows the use of javascript: protocol which can...

WordPress Leyka Plugin <= 3.31.1 is vulnerable to Broken Access Control

Software Leyka Type Plugin Vulnerable versions = 3.31.1 Fixed in 3.31.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-35683 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 0e07bf4fab5e Credits Mika Required privilege Unauthenticat...

CVE-2024-26148

Querybook is a user interface for querying big data. Prior to version 3.31.1, there is a vulnerability in Querybook's rich text editor that enables users to input arbitrary URLs without undergoing necessary validation. This particular security flaw allows the use of javascript: protocol which can...

CVE-2024-26148 Querybook's Stored Cross-Site Scripting vulnerability allows Privilege Elevation

Querybook is a user interface for querying big data. Prior to version 3.31.1, there is a vulnerability in Querybook's rich text editor that enables users to input arbitrary URLs without undergoing necessary validation. This particular security flaw allows the use of javascript: protocol which can...

CVE-2024-26148 Querybook's Stored Cross-Site Scripting vulnerability allows Privilege Elevation

Querybook is a user interface for querying big data. Prior to version 3.31.1, there is a vulnerability in Querybook's rich text editor that enables users to input arbitrary URLs without undergoing necessary validation. This particular security flaw allows the use of javascript: protocol which can...

Querybook Cross-Site Scripting Vulnerability

Querybook is an open source big data query UI for Pinterest. A cross-site scripting vulnerability exists in Querybook versions prior to 3.31.1, which stems from allowing users to enter arbitrary URLs without the required validation...

PT-2024-4535 · Querybook · Querybook

Name of the Vulnerable Software and Affected Versions: Querybook versions prior to 3.31.1 Description: The issue is related to the Rich Text Editor component in Querybook, which fails to properly validate user input, allowing arbitrary URLs to be entered without necessary validation. This securit...

SQLite has an unspecified vulnerability (CNVD-2022-62228)

SQLite is a lightweight database, a relational database management system that adheres to ACID. a security vulnerability exists in SQLite version 3.31.1, which stems from an out-of-bounds access issue with ALTER TABLE for views with nested FROM clauses. No detailed vulnerability details are...

SQLite 代码问题漏洞

SQLite is a lightweight database that is an ACID-compliant relational database management system. a security vulnerability exists in SQlite version 3.31.1, which stems from a potential null pointer dereference discovered in INTERSEC query processing. No details of the vulnerability are currently...

DEBIAN-CVE-2020-11656

In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement...

SQLite Resource Management Error Vulnerability

SQLite is the United States D. Richard Hipp software developers of a set of C-based open source embedded relational database management system. The system is characterized by independence, isolation, cross-platform and so on. A resource management error vulnerability exists in the ALTER TABLE...

SQLite Input Validation Error Vulnerability (CNVD-2020-22991)

SQLite is the United States D. Richard Hipp software developers of a set of C-based open source embedded relational database management system. The system is characterized by independence, isolation, cross-platform and so on. A security vulnerability exists in SQLite 3.31.1 and earlier versions,...

SQLite Null Pointer Dereference and Segmentation Error Vulnerability

SQLite is a self-contained, serverless, zero-configuration, transactional SQL database engine. A null pointer dereference and segmentation error vulnerability exists in isAuxiliaryVtabOperator in SQLite 3.31.1. No detailed vulnerability details are provided at this time...

PT-2020-3308 · Sqlite +6 · Sqlite +6

Name of the Vulnerable Software and Affected Versions: SQLite version 3.31.1 Description: The issue is related to the isAuxiliaryVtabOperator component in the SQLite database management system, which is associated with pointer dereference errors. This can allow a remote attacker to cause a denial...