2 matches found
CVE-2026-48723
creationtimestamp| type| source ---|---|--- 2026-06-16 00:11:53+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3moej75ze2b2f 2026-06-16 01:00:12+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3moelvjhbsc24 2026-06-16 03:25:50+00:00| seen|...
CVE-2026-48723 BrowserStack Cypress CL: Command Injection via cypress_config_file leads to arbitrary code execution through malicious browserstack.json
The browserstack-cypress-cli is BrowserStack's CLI which allows users to run Cypress tests on BrowserStack. Versions prior to 1.36.4 are vulnerable to OS command injection via the cypressconfigfile configuration parameter. In readCypressConfigUtil.js, the loadJsFile function constructs a shell...