CVE-2025-65946

Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Prior to version 3.26.7, Due to an error in validation it was possible for Roo to automatically execute commands that did not match the allow list prefixes. This issue has been patched in version 3.26.7...

CVE-2025-65946 Roo Code is Vulnerable to Potential Remote Code Execution via zsh Command Validation Bug

Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Prior to version 3.26.7, Due to an error in validation it was possible for Roo to automatically execute commands that did not match the allow list prefixes. This issue has been patched in version 3.26.7...

CVE-2025-65946 Roo Code is Vulnerable to Potential Remote Code Execution via zsh Command Validation Bug

Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Prior to version 3.26.7, Due to an error in validation it was possible for Roo to automatically execute commands that did not match the allow list prefixes. This issue has been patched in version 3.26.7...

CVE-2025-65946 Roo Code is Vulnerable to Potential Remote Code Execution via zsh Command Validation Bug

Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Prior to version 3.26.7, Due to an error in validation it was possible for Roo to automatically execute commands that did not match the allow list prefixes. This issue has been patched in version 3.26.7...

Roo Code 命令注入漏洞

Roo Code is an AI-based autonomous coding agent from Roo Code. A command injection vulnerability exists in Roo Code versions prior to 3.26.7 that stems from an authentication error and could lead to the execution of unauthorized commands...

EUVD-2025-27053

Malicious code in bioql PyPI...

EUVD-2024-36432

Malicious code in bioql PyPI...

CVE-2025-58371

CVE-2025-58371 affects Roo Code (versions ≤ 3.26.6). A GitHub workflow used unsanitized pull request metadata in a privileged context, enabling an attacker to craft input that caused Remote Code Execution (RCE) on the Actions runner. The runner’s broad permissions and access to repository secrets...

Roo Code 操作系统命令注入漏洞

Roo Code is an AI-based autonomous coding agent from Roo Code. An operating system command injection vulnerability exists in Roo Code 3.26.6 and prior versions, which stems from workflows that do not clean up their inputs and could lead to remote code execution...

PT-2025-36339

Name of the Vulnerable Software and Affected Versions: Roo Code versions 3.26.6 and below Description: Roo Code is an AI-powered autonomous coding agent. A Github workflow used unsanitized pull request metadata in a privileged context, allowing an attacker to achieve Remote Code Execution RCE on...

CVE-2024-37111

Missing Authorization vulnerability in Membership Software WishList Member X.This issue affects WishList Member X: from n/a before 3.26.7...

WordPress plugin WishList Member X Information Disclosure Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information disclosure...

CVE-2024-37112

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Membership Software WishList Member X.This issue affects WishList Member X: from n/a before 3.26.7...

WordPress plugin WishList Member X SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A SQL injection...

PT-2024-27308 · Unknown · Wishlist Member

Name of the Vulnerable Software and Affected Versions: WishList Member X versions prior to 3.26.7 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for potential exploitation, but specific...

CVE-2024-37109

Improper Control of Generation of Code 'Code Injection' vulnerability in Membership Software WishList Member X allows Code Injection.This issue affects WishList Member X: from n/a before 3.26.7...

CVE-2024-37107

Improper Privilege Management vulnerability in Membership Software WishList Member X allows Privilege Escalation.This issue affects WishList Member X: from n/a before 3.26.7...

CVE-2024-37111

Missing Authorization vulnerability in Membership Software WishList Member X.This issue affects WishList Member X: from n/a before 3.26.7...

PT-2024-27302 · Unknown · Wishlist Member

Name of the Vulnerable Software and Affected Versions: WishList Member X versions prior to 3.26.7 Description: The issue is related to Improper Privilege Management, allowing Privilege Escalation in the Membership Software. Recommendations: For versions prior to 3.26.7, update to version 3.26.7 o...

PT-2024-27307 · Unknown · Wishlist Member

Name of the Vulnerable Software and Affected Versions: WishList Member X versions prior to 3.26.7 Description: A Missing Authorization issue has been identified in the Membership Software WishList Member X. This issue may allow unauthorized access due to the lack of proper authorization checks...