Lucene search
K

315 matches found

Snyk
Snyk
added 2026/02/12 10:27 p.m.4 views

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the interpolation of untrusted agent metadata into tmux shell command strings executed through /bin/sh -c. An attacker can execute arbitrary commands on the operator host by supplying crafted metadata...

9.9CVSS6AI score0.0327EPSS
Exploits1References2
Snyk
Snyk
added 2026/02/08 7:53 p.m.3 views

Arbitrary Command Injection

Overview xcode-mcp-server is an An MCP server for Xcode integration, enabling AI assistants to interact with Xcode projects Affected versions of this package are vulnerable to Arbitrary Command Injection via the registerXcodeTools function in the runlldb component when processing the args argumen...

8.8CVSS6.1AI score0.02953EPSS
Exploits1References2
Snyk
Snyk
added 2026/02/08 3:51 a.m.3 views

Arbitrary Command Injection

Overview mcp-maigret is a MCP server for maigret - OSINT username search across social networks Affected versions of this package are vulnerable to Arbitrary Command Injection via the searchusername process in index.ts when handling the Username argument. An attacker can execute arbitrary system...

9.8CVSS7AI score0.01583EPSS
Exploits0References2
Veracode
Veracode
added 2026/02/02 9:6 p.m.6 views

Arbitrary Command Injection

cai-framework is vulnerable to Arbitrary Command Injection. The vulnerability is due to passing user-controlled input directly to shell commands via subprocess.Popen with shell=True, which allows an attacker to inject malicious arguments for example -exec in the findfile tool and execute arbitrar...

9.6CVSS5.8AI score0.008EPSS
Exploits3References4Affected Software1
Snyk
Snyk
added 2026/02/01 6:27 a.m.2 views

Arbitrary Command Injection

Overview borgmatic is a Simple, configuration-driven backup software for servers and workstations Affected versions of this package are vulnerable to Arbitrary Command Injection via the command hook interpolation logic in borgmatic. An attacker can execute arbitrary shell commands by supplying...

9.8CVSS6AI score
Exploits0References3
Snyk
Snyk
added 2026/01/30 9:17 p.m.2 views

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the jsStringEscape function. An attacker can execute arbitrary code in generated files by injecting / sequences that breaks out of JavaScript comment blocks. Note: This vulnerability stems from an...

9.8CVSS6.1AI score0.0075EPSS
Exploits1References3
Snyk
Snyk
added 2026/01/30 8:38 p.m.4 views

Arbitrary Command Injection

Overview cai-framework is a Cybersecurity AI Framework Affected versions of this package are vulnerable to Arbitrary Command Injection via the findfile function, which calls subprocess.Popen with shell=True. An attacker can execute arbitrary commands on the host system by injecting malicious...

9.6CVSS5.8AI score0.008EPSS
Exploits3References2
Snyk
Snyk
added 2026/01/29 10:52 p.m.3 views

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the buildCmd function. An attacker can execute arbitrary commands by supplying crafted values in the buildOptions structure, which are embedded unsafely in Makefile commands. Note: This is only exploitabl...

7.8CVSS5.9AI score0.01281EPSS
Exploits1References2
Veracode
Veracode
added 2026/01/28 8:6 a.m.7 views

Arbitrary Command Injection

Elysia is vulnerable to Arbitrary Command Injection. The vulnerability is due to unsanitized injection of dynamic cookie configuration into compiled routes, which allows an attacker with write access to the cookie configuration to inject and execute arbitrary code...

8.8CVSS6.1AI score0.00679EPSS
Exploits1References7Affected Software1
Veracode
Veracode
added 2026/01/27 10:2 a.m.6 views

Arbitrary Command Injection

@orval/core is vulnerable to Arbitrary Command Injection. The vulnerability is due to improper handling and escaping of untrusted OpenAPI specification data in the x-enumDescriptions field during enum generation, which allows an attacker to inject and execute arbitrary TypeScript or JavaScript co...

9.8CVSS6.1AI score0.0075EPSS
Exploits1References5Affected Software1
Snyk
Snyk
added 2026/01/26 12:30 p.m.4 views

Arbitrary Command Injection

Overview org.apache.continuum:continuum is an Apache Continuum is an enterprise-ready continuous integration server with features such as automated builds, release management, role-based security, and integration with popular build tools and source control management systems. Affected versions of...

9.9CVSS6.1AI score0.03732EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/23 12:49 a.m.8 views

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the getMockScalar function. An attacker can execute arbitrary code by supplying a crafted OpenAPI specification containing malicious values in the const property, which are then interpolated into generate...

9.8CVSS6.2AI score0.00678EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/20 9:47 p.m.2 views

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the poplib module. An attacker can manipulate mailbox state, such as deleting emails or reading metadata and specific email content, by injecting additional POP3 commands through malicious input containin...

7.1CVSS6AI score0.00315EPSS
Exploits0References2
Veracode
Veracode
added 2026/01/19 9:44 a.m.7 views

Arbitrary Command Injection

@orval/mcp is vulnerable to Arbitrary Command Injection. The vulnerability is due to improper validation and escaping of the OpenAPI specification summary field during MCP server generation, which allows an attacker to break out of string literals and inject arbitrary code...

9.8CVSS5.6AI score0.00709EPSS
Exploits2References3Affected Software1
Snyk
Snyk
added 2026/01/13 8:29 p.m.5 views

Arbitrary Command Injection

Overview renovate is a dependency updater. Affected versions of this package are vulnerable to Arbitrary Command Injection due to the improper sanitazation of user-supplied depName in the packagesToUpdate functions of gleam manager. An attacker can execute arbitrary commands on the host system by...

8.4CVSS7.7AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/01/13 8:29 p.m.9 views

Renovate vulnerable to arbitrary command injection via gleam manager and malicious gleam.toml file

Summary The user-provided string depName in the gleam manager is appended to the gleam deps update command without proper sanitization. Details Adversaries can provide a maliciously crafted gleam.toml in conjunctions with a tweaked Renovate configuration file to trick Renovate to execute arbitrar...

8.2AI score
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/01/13 7:12 p.m.3 views

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via improper handling of the summary field during server generation logic. An attacker can execute arbitrary code by injecting malicious input into the OpenAPI specification, which is then incorporated withou...

9.8CVSS8AI score0.00709EPSS
Exploits2References2
Snyk
Snyk
added 2026/01/10 4:57 a.m.3 views

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the stdioconfig.command or stdioconfig.args parameters in MCP stdio settings. An attacker can execute arbitrary system commands by injecting malicious values into these parameters. Remediation Upgrade...

9.9CVSS7.9AI score0.01747EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/01/09 12:50 p.m.7 views

CVE-2014-4982

LPAR2RRD ≤ 4.53 and ≤ 3.5 has arbitrary command injection on the application server...

9.8CVSS7.7AI score0.04571EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:8 a.m.12 views

CVE-2020-7842

Improper Input validation vulnerability exists in Netis Korea D'live AP which could cause arbitrary command injection and execution when the time setting using ntpServerlp1 parameter for the users. This affects D'live set-top box APWF2429TB v1.1.10...

6.6CVSS7.7AI score0.01485EPSS
Exploits0References1
Rows per page
Query Builder