Lucene search
+L

21 matches found

osv
osv
added 2026/06/26 4:47 p.m.3 views

CVE-2026-54557 mise HTTP backend uses raw version path for install symlink destination

mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.6.1, the mise HTTP backend builds its install symlink destination from the raw resolved version string for non-latest versions. Normal tool install paths use the sanitized version pathname, but the HTTP backend's symlin...

5.5CVSS6AI score0.00175EPSS
Exploits0References3
snyk
snyk
added 2026/05/20 3:31 p.m.10 views

Command Injection

Overview setup-php is a Setup PHP for use with GitHub Actions Affected versions of this package are vulnerable to Command Injection via the process that resolves PHP version from repository-controlled files such as .php-version, composer.lock, or composer.json and incorporates the value into the...

6.3CVSS6.2AI score0.01576EPSS
Exploits0References2
github
github
added 2026/05/20 3:31 p.m.12 views

Setup PHP: Command Injection in Repository-Derived PHP Version Resolution

Summary A command injection vulnerability was identified in shivammathur/setup-php when the action resolves the PHP version from repository-controlled files and uses that value while generating the platform setup script. In affected versions, setup-php may read the PHP version from: - .php-versio...

6.2AI score0.01576EPSS
Exploits0References3Affected Software1
cnnvd
cnnvd
added 2026/03/27 12:0 a.m.13 views

UltraVNC 安全漏洞

UltraVNC is an open-source remote terminal control software developed by UltraVNC Inc. for the Windows platform. Versions of UltraVNC 1.6.4.0 and earlier contain security vulnerabilities, which stem from uncontrolled search paths in the library version.dll...

7.3CVSS7.1AI score0.00229EPSS
Exploits1References5
attackerkb
attackerkb
added 2026/03/20 8:29 p.m.8 views

CVE-2026-33156

ScreenToGif is a screen recording tool. In versions from 2.42.1 and prior, ScreenToGif is vulnerable to DLL sideloading via version.dll . When the portable executable is run from a user-writable directory, it loads version.dll from the application directory instead of the Windows System32...

7.8CVSS6.4AI score0.00224EPSS
Exploits1References2Affected Software1
redhatcve
redhatcve
added 2026/01/09 10:40 a.m.11 views

CVE-2022-35861

pyenv 1.2.24 through 2.3.2 allows local users to gain privileges via a .python-version file in the current working directory. An attacker can craft a Python version string in .python-version to execute shims under their control. Shims are executables that pass a command along to a specific versio...

7.8CVSS7.2AI score0.00288EPSS
Exploits0References1
euvd
euvd
added 2025/10/03 8:7 p.m.8 views

EUVD-2022-38734

Malicious code in bioql PyPI...

7.8CVSS7.5AI score0.00288EPSS
Exploits0References2
suse
suse
added 2024/10/24 7:54 a.m.4 views

Security update for go1.21-openssl

This update for go1.21-openssl fixes the following issues: CVE-2024-24791: Fixed denial of service due to improper 100-continue handling bsc1227314 CVE-2024-24789: Fixed mishandling of corrupt central directory record in archive/zip bsc1225973 CVE-2024-24790: Fixed unexpected behavior from Is...

7.5CVSS7.9AI score0.91969EPSS
Exploits2References48
osv
osv
added 2024/10/24 7:54 a.m.20 views

SUSE-SU-2024:3755-1 Security update for go1.21-openssl

This update for go1.21-openssl fixes the following issues: - CVE-2024-24791: Fixed denial of service due to improper 100-continue handling bsc1227314 - CVE-2024-24789: Fixed mishandling of corrupt central directory record in archive/zip bsc1225973 - CVE-2024-24790: Fixed unexpected behavior from ...

9.8CVSS8.4AI score0.91969EPSS
Exploits2References23
ptsecurity
ptsecurity
added 2024/07/28 12:0 a.m.6 views

PT-2024-29713 · Splashtop · Splashtop Streamer

Name of the Vulnerable Software and Affected Versions: Splashtop Streamer for Windows versions prior to 3.6.0.0 Description: The issue concerns the MSI installer for Splashtop Streamer for Windows, which uses a temporary folder with weak permissions during installation. This weakness can be...

7.8CVSS7.3AI score0.00155EPSS
Exploits0References5
susecve
susecve
added 2023/02/15 3:24 a.m.5 views

SUSE CVE-2022-35861

pyenv 1.2.24 through 2.3.2 allows local users to gain privileges via a .python-version file in the current working directory. An attacker can craft a Python version string in .python-version to execute shims under their control. Shims are executables that pass a command along to a specific versio...

7.8CVSS7.8AI score0.00288EPSS
Exploits0References4
osv
osv
added 2022/09/27 11:15 p.m.7 views

CVE-2022-23006

A stack-based buffer overflow vulnerability was found on Western Digital My Cloud Home, My Cloud Home Duo, and SanDisk ibi that could allow an attacker accessing the system locally to read information from /etc/version file. This vulnerability can only be exploited by chaining it with another...

6.7CVSS6.6AI score0.00278EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2022/09/27 12:0 a.m.9 views

PT-2022-15774 · Sandisk +1 · Sandisk Ibi +1

Name of the Vulnerable Software and Affected Versions: Western Digital My Cloud Home affected versions not specified Western Digital My Cloud Home Duo affected versions not specified SanDisk ibi affected versions not specified Description: A stack-based buffer overflow issue was found that could...

6.7CVSS6.8AI score0.00278EPSS
Exploits0References3
nvd
nvd
added 2022/07/17 5:15 p.m.22 views

CVE-2022-35861

pyenv 1.2.24 through 2.3.2 allows local users to gain privileges via a .python-version file in the current working directory. An attacker can craft a Python version string in .python-version to execute shims under their control. Shims are executables that pass a command along to a specific versio...

7.8CVSS0.00288EPSS
Exploits0References1
attackerkb
attackerkb
added 2022/07/17 5:15 p.m.15 views

CVE-2022-35861

pyenv 1.2.24 through 2.3.2 allows local users to gain privileges via a .python-version file in the current working directory. An attacker can craft a Python version string in .python-version to execute shims under their control. Shims are executables that pass a command along to a specific versio...

7.8CVSS7.2AI score0.00288EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2022/07/17 12:0 a.m.9 views

PT-2022-22974 · Pyenv · Pyenv

Name of the Vulnerable Software and Affected Versions: pyenv versions 1.2.24 through 2.3.2 Description: The issue allows local users to gain privileges via a .python-version file in the current working directory. An attacker can craft a Python version string in .python-version to execute shims...

7.8CVSS7.8AI score0.00288EPSS
Exploits0References9
debiancve
debiancve
added 2019/10/29 9:1 p.m.42 views

CVE-2010-2061

rpcbind 0.2.0 does not properly validate 1 /tmp/portmap.xdr and 2 /tmp/rpcbind.xdr, which can be created by an attacker before the daemon is started...

7.8CVSS7.7AI score0.0042EPSS
Exploits0
ubuntucve
ubuntucve
added 2018/06/26 4:29 p.m.43 views

CVE-2018-1000548

Umlet version 14.3 contains a XML External Entity XXE vulnerability in File parsing that can result in disclosure of confidential data, denial of service, server side request forgery. This attack appear to be exploitable via Specially crafted UXF file. This vulnerability appears to have been fixe...

7.8CVSS7.1AI score0.01317EPSS
Exploits1References3
osv
osv
added 2013/07/31 1:20 p.m.3 views

DEBIAN-CVE-2013-4996

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 a crafted database name, 2 a crafted user name, 3 a crafted logo URL in the navigation panel, 4 a...

4.3CVSS6.3AI score0.01832EPSS
Exploits0References1
openvas
openvas
added 2010/03/12 12:0 a.m.42 views

Mandriva Update for mandriva-release MDVA-2010:087 (mandriva-release)

Check for the Version of mandriva-release OpenVAS Vulnerability Test Mandriva Update for mandriva-release MDVA-2010:087 mandriva-release Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribut...

9.3CVSS7.2AI score0.08703EPSS
Exploits4References2
Rows per page
Query Builder