GHSA-M9G7-RGFC-JCM7 baserCMS Update Functionality Vulnerable to OS Command Injection

Summary The latest version of baserCMS basercms-5.2.2 contains an OS command injection vulnerability CWE-78 in its update functionality. Due to this issue, an authenticated user with administrator privileges in baserCMS can execute arbitrary OS commands on the server with the privileges of the us...

EUVD-2026-17259

baserCMS Update Functionality Vulnerable to OS Command Injection...

CVE-2026-34218 ClearanceKit: Managed and user-defined policy rules not enforced between opfilter start and first policy modification

ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to version 4.2.14, two related startup defects created a window during which only the single compile-time baseline rule was enforced by opfilter. All managed MDM-delivered and user-defined...

ROOT-OS-DEBIAN-12-CVE-2023-3164 CVE-2023-3164 in rootio-tiff - Patched by Root

Root has patched CVE-2023-3164 in the rootio-tiff package for Root:Debian:12. Multiple fixed versions available...

Malicious Package

Overview plain-crypto-js is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and the author of this...

CVE-2026-30877

baserCMS (website development framework) has an OS command injection in the update functionality prior to v5.2.3. An authenticated administrator can run arbitrary OS commands on the server with the baserCMS process user privileges. The issue is fixed in version 5.2.3 per CVE-2026-30877 (NVD and C...

CVE-2026-30877

baserCMS is a website development framework. Prior to version 5.2.3, there is an OS command injection vulnerability in the update functionality. Due to this issue, an authenticated user with administrator privileges in baserCMS can execute arbitrary OS commands on the server with the privileges o...

PT-2026-29253

Ridvay Code's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on fragile regular expressions to parse command structures; while it attempts to intercept dangerous operations...

CVE-2026-30312

DSAI-Cline's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on string-based parsing to validate commands; while it intercepts dangerous operators such as ;, &&, ||, |, and...

PT-2026-33149

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 147.0.7727.101 Description An uninitialized use in the Accessibility component of Google Chrome on Windows allows a remote attacker who has already compromised the renderer process to potentially perform a sandb...

PT-2026-29146

Name of the Vulnerable Software and Affected Versions baserCMS versions prior to 5.2.3 Description baserCMS is a website development framework. Prior to version 5.2.3, it contains an OS command injection vulnerability in the core update functionality. An authenticated administrator can execute...

Unspecified Vulnerability in Apple macOS (CNVD-2026-16058)

Apple macOS is a specialized operating system developed by Apple for Mac computers. A security vulnerability exists in Apple macOS Sequoia prior to 15.7.4 and Tahoe prior to 26.3, which can be exploited by an attacker to cause an application to capture the user's screen...

wenxian 操作系统命令注入漏洞

Wenxian is a tool developed by Jinzhe Zeng as a reference format generator based on document identifiers. Versions of Wenxian 0.3.1 and earlier contained a vulnerability related to operating system command injection. This vulnerability stemmed from the use of unvalidated user input directly in...

Apple macOS Denial of Service Vulnerability (CNVD-2026-19032)

Apple macOS is a specialized operating system developed by Apple for Mac computers. A denial of service vulnerability exists in Apple macOS, which can be exploited by an attacker to cause an application to cause an unexpected system termination...

Ridvay Code 安全漏洞

Ridvay Code is an artificial intelligence code assistant provided by Ridvay Code Inc. There is a security vulnerability in Ridvay Code, which stems from OS command injection, potentially leading to remote code execution...

baserCMS 操作系统命令注入漏洞

BaserCMS is a corporate-level content management system CMS developed by the BaserCMS team. Versions of BaserCMS prior to 5.2.3 had a vulnerability related to operating system command injection. This vulnerability stemmed from features that allowed for OS command injections, potentially enabling...

CVE-2026-30311

Ridvay Code's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on fragile regular expressions to parse command structures; while it attempts to intercept dangerous operations...

Unspecified vulnerability in Apple macOS Tahoe (CNVD-2026-19041)

Apple macOS Tahoe is an operating system from the American company Apple. A security vulnerability exists in Apple macOS Tahoe, which can be exploited by an attacker to access protected portions of the file system...

Linux Distros Unpatched Vulnerability : CVE-2025-66038

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, sccompacttlvfindtag searches a compact-TLV buffer for a given tag. In...

CVE-2026-5125 raine consult-llm-mcp server.ts child_process.execSync os command injection

A vulnerability was detected in raine consult-llm-mcp up to 2.5.3. Affected by this vulnerability is the function childprocess.execSync of the file src/server.ts. The manipulation of the argument gitdiff.baseref/gitdiff.files results in os command injection. The attack is only possible with local...