13 matches found
CVE-2026-41411
Vim (before version 9.2.0357) contains a local command-injection vulnerability in tag file processing. When resolving a tag, Vim passes the filename field from the tags file through wildcard expansion, enabling backtick syntax (e.g., command) that can execute arbitrary commands via the system she...
PT-2026-35033
Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.2.0357 Description Command injection occurs during tag file processing. When resolving a tag, the filename field from the tags file undergoes wildcard expansion to resolve environment variables and wildcards. If this...
Exploit for Deserialization of Untrusted Data in Facebook React
$$\ $$\ $$$$$$$\ $$\ $$\ $$$$$$$$\ $$\ $...
EUVD-2025-1503
Malicious code in bioql PyPI...
CVE-2025-0106
A wildcard expansion vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to enumerate files on the host filesystem...
CVE-2025-0106 Expedition: Wildcard Expansion Vulnerability
A wildcard expansion vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to enumerate files on the host filesystem...
CVE-2025-0106
CVE-2025-0106 is a wildcard expansion vulnerability in Palo Alto Networks Expedition. An unauthenticated attacker can enumerate files on the host filesystem via the Expedition tool’s wildcard expansion handling. Affected product: Palo Alto Networks Expedition. Root cause: wildcard expansion issue...
CVE-2025-0106 Expedition: Wildcard Expansion Vulnerability
A wildcard expansion vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to enumerate files on the host filesystem...
PT-2025-1075
Name of the Vulnerable Software and Affected Versions Palo Alto Networks Expedition affected versions not specified Description The issue is related to a wildcard expansion vulnerability in Palo Alto Networks Expedition. This vulnerability allows an unauthenticated attacker to enumerate files on...
MGASA-2019-0156 Updated openssh packages fix security vulnerabilities
Updated openssh packages fix security vulnerabilities: Due to missing character encoding in the progress display, the object name can be used to manipulate the client output, for example to employ ANSI codes to hide additional files being transferred CVE-2019-6109. Due to scp client insufficient...
Debian DSA-4387-1 : openssh - security update
Harry Sintonen from F-Secure Corporation discovered multiple vulnerabilities in OpenSSH, an implementation of the SSH protocol suite. All the vulnerabilities are in found in the scp client implementing the SCP protocol. - CVE-2018-20685 Due to improper directory name validation, the scp client...
DEBIAN-CVE-2018-12562
An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. The wrapper script 'mount.cifs.wrapper' uses the shell to forward the arguments to the actual mount.cifs binary. The shell evaluates wildcards such as in an injected string:/home/../tmp/ string...
java-1_7_0-openjdk: update to 2.3.6 (critical)
java-170-openjdk was updated to icedtea-2.3.6 bnc803379 containing various security and bugfixes: Security fixes - S6563318, CVE-2013-0424: RMI data sanitization - S6664509, CVE-2013-0425: Add logging context - S6664528, CVE-2013-0426: Find log level matching its name or value given at constructi...