8691 matches found
CVE-2026-42045
LobeHub is a work-and-lifestyle space to find, build, and collaborate with agent teammates that grow with you. Prior to 2.1.48, when LobeChat processes custom tags in the Render process of src/features/Portal/Artifacts/Body/Renderer/index.tsx, if no type match is found, it will choose to call the...
HPE Aruba Networking Wireless Operating System 安全漏洞
HPE Aruba Networking Wireless Operating System is a wireless network operating system developed by the American company HPE. There is a security vulnerability in the HPE Aruba Networking Wireless Operating System. This vulnerability stems from the lack of cleaning of parameters passed to the...
LobeHub 跨站脚本漏洞
LobeHub is an open-source AI dialogue framework developed by LobeHub. Versions of LobeHub prior to 2.1.48 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper filtering during the processing of custom tags, which could lead to cross-site scripting attacks and t...
RHEL 9 : openssh (RHSA-2026:16059)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:16059 advisory. OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files...
pgAdmin 4: OS command injection vulnerability in Import/Export query export
OS command injection CWE-78 vulnerability in pgAdmin 4 Import/Export query export. User-supplied input was interpolated directly into a psql \copy metacommand template without sanitization. An authenticated user could inject " TO PROGRAM 'cmd'" to break out of the \copy ... context and achieve...
EUVD-2026-29084
OS command injection CWE-78 vulnerability in pgAdmin 4 Import/Export query export. User-supplied input was interpolated directly into a psql \copy metacommand template without sanitization. An authenticated user could inject " TO PROGRAM 'cmd'" to break out of the \copy ... context and achieve...
CVE-2026-7816
OS command injection CWE-78 vulnerability in pgAdmin 4 Import/Export query export. User-supplied input was interpolated directly into a psql \copy metacommand template without sanitization. An authenticated user could inject " TO PROGRAM 'cmd'" to break out of the \copy ... context and achieve...
GitHub Copilot CLI: Nested Bare Repository Can Execute Arbitrary Commands via core.fsmonitor
Summary A security vulnerability has been identified in GitHub Copilot CLI where a malicious bare git repository nested inside a project directory can achieve arbitrary code execution when the agent performs git operations. By exploiting git's automatic bare repository discovery during directory...
SUSE CVE-2025-2296
EDK2 contains a vulnerability in BIOS where an attacker may cause “ Improper Input Validation” by local access. Successful exploitation of this vulnerability could alter control flow in unexpected ways, potentially allowing arbitrary command execution and impacting Confidentiality, Integrity, and...
CVE-2026-7816
OS command injection CWE-78 vulnerability in pgAdmin 4 Import/Export query export. User-supplied input was interpolated directly into a psql \copy metacommand template without sanitization. An authenticated user could inject " TO PROGRAM 'cmd'" to break out of the \copy ... context and achieve...
CVE-2026-7816 pgAdmin 4: OS command injection in Import/Export query export via psql metacommand breakout
OS command injection CWE-78 vulnerability in pgAdmin 4 Import/Export query export. User-supplied input was interpolated directly into a psql \copy metacommand template without sanitization. An authenticated user could inject " TO PROGRAM 'cmd'" to break out of the \copy ... context and achieve...
CVE-2026-4802
A flaw was found in Cockpit. This vulnerability allows a remote attacker to achieve arbitrary command execution on the host by exploiting unsanitized user-controlled parameters within crafted links in the system logs user interface UI. An attacker can inject shell metacharacters and command...
CVE-2026-4802
CVE-2026-4802 describes a remote command-execution flaw in Cockpit, caused by unsanitized user-controlled parameters in crafted links within the system logs UI. An attacker can inject shell metacharacters and command substitutions to run arbitrary commands on the host, potentially leading to full...
PT-2026-39663
Name of the Vulnerable Software and Affected Versions BentoML versions prior to 1.4.39 Description BentoML is a Python library used for building online serving systems optimized for AI applications and model inference. The issue occurs because the template src/bentoml/...
PT-2026-39746
EDIMAX BR-6428nS V3 1.15 is vulnerable to Command Injection. An authenticated attacker with access to the network can submit crafted input to the WLAN configuration functionality. Due to insufficient input validation, the attacker is able to execute arbitrary system commands on the device...
EDIMAX BR-6428nS 安全漏洞
The EDIMAX BR-6428nS is a wireless router produced by EDIMAX Corporation. The EDIMAX BR-6428nS V3 1.15 version has a security vulnerability. This vulnerability stems from insufficient input validation in the WLAN configuration function. It allows authenticated attackers to submit malicious inputs...
PT-2026-39626
Name of the Vulnerable Software and Affected Versions pgAdmin 4 versions prior to 9.15 Description An OS command injection issue exists in the Import/Export query export feature. User-supplied input is interpolated directly into a psql copy metacommand template without proper sanitization. An...
Arbitrary Command Injection
Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the helper.Update function. An attacker can execute arbitrary system commands by providing crafted input to the update process. Remediation There is no fixed version for...
CVE-2026-3828
Some Hikvision switch products discontinued since December 2023 are vulnerable to authenticated remote command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devices, leadi...
SUSE CVE-2026-42215
GitPython is a python library used to interact with Git repositories. From version 3.1.30 to before version 3.1.47, GitPython blocks dangerous Git options such as --upload-pack and --receive-pack by default, but the equivalent Python kwargs uploadpack and receivepack bypass that check. If an...