Lucene search
K

13 matches found

NVD
NVD
added 2026/06/25 4:16 p.m.9 views

CVE-2026-57456

Vim is an open source, command line text editor. Prior to 9.2.0699, Vim's Python omni-completion runtime/autoload/python3complete.vim and the legacy pythoncomplete.vim executes reconstructed function and class definitions from the current buffer with exec as part of populating the completion...

8.4CVSS0.00144EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/06/25 4:48 a.m.5 views

CVE-2026-13311

shell-quote prior to 1.8.5 finalizes parsed tokens in parse using Array.prototype.concat as a reduce accumulator, which reallocates and copies the entire growing array on every iteration. As a result parse runs in On^2 time relative to the number of input tokens. An attacker who can supply an...

8.7CVSS6.3AI score0.0036EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.4 views

Ubuntu 18.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : shell-quote vulnerability (USN-8410-1)

The remote Ubuntu 18.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-8410-1 advisory. Akshat Sinha discovered that shell-quote improperly validated object-token inputs. An attacker could possibly use this...

9.2CVSS5.7AI score0.00848EPSS
Exploits1References2
Veracode
Veracode
added 2026/06/10 3:15 p.m.7 views

OS Command Injection

shell-quote is vulnerable to OS Command Injection. The vulnerability is due to insufficient validation and escaping of object-token .op inputs in the quote function, which allows an attacker to inject line terminators and execute arbitrary shell commands when the generated output is processed by ...

9.2CVSS6.2AI score0.00848EPSS
Exploits1References26Affected Software1
vulnersOsv
vulnersOsv
added 2026/06/09 2:27 p.m.5 views

-tompan-reacttemplate (>=1.0.1 <=1.1.0), 0726react (=0.1.1) +28725 more potentially affected by CVE-2026-9277 via shell-quote (>=1.3.3 <=1.8.3)

shell-quote NPM version =1.3.3, =1.0.1, =1.1.0 - 0726react =0.1.1 - 0x0.icu.anima =0.1.0 - 0xcorde-pac =1.0.0 - 0xgank-tea-advice-pull =1.0.0 - 0xgank-tea-balance-pencil =1.0.0 - 0xgank-tea-brick-bell =1.0.0 - 0xgank-tea-cake-victory =1.0.0 - 0xgank-tea-central-compound =1.0.0 -...

9.2CVSS5.7AI score0.00848EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/05/22 3:45 p.m.7 views

-tompan-reacttemplate (>=1.0.1 <=1.1.0), 0726react (=0.1.1) +28725 more potentially affected by CVE-2026-9277 via shell-quote (>=1.3.3 <=1.8.3)

shell-quote NPM version =1.3.3, =1.0.1, =1.1.0 - 0726react =0.1.1 - 0x0.icu.anima =0.1.0 - 0xcorde-pac =1.0.0 - 0xgank-tea-advice-pull =1.0.0 - 0xgank-tea-balance-pencil =1.0.0 - 0xgank-tea-brick-bell =1.0.0 - 0xgank-tea-cake-victory =1.0.0 - 0xgank-tea-central-compound =1.0.0 -...

9.2CVSS5.7AI score0.00848EPSS
Exploits1
Snyk
Snyk
added 2026/05/22 3:45 p.m.12 views

Arbitrary Command Injection

Overview shell-quote is a package used to quote and parse shell commands. Affected versions of this package are vulnerable to Arbitrary Command Injection via the quote function when object-token inputs containing line terminators \n, \r, U+2028, U+2029 in the .op field are not properly validated...

9.2CVSS6AI score0.00848EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/02/21 7:24 a.m.24 views

CVE-2026-27469 Isso: Stored XSS via comment website field

Isso is a lightweight commenting server written in Python and JavaScript. In commits before 0afbfe0691ee237963e8fb0b2ee01c9e55ca2144, there is a stored Cross-Site Scripting XSS vulnerability affecting the website and author comment fields. The website field was HTML-escaped using quote=False, whi...

6.1CVSS0.00216EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-54225

Malicious code in bioql PyPI...

9.1CVSS7.7AI score0.02154EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2025/02/12 10:10 p.m.9 views

CVE-2022-31631 PDO::quote() may return unquoted string

In PHP versions 8.0. before 8.0.27, 8.1. before 8.1.15, 8.2. before 8.2.2 when using PDO::quote function to quote user-supplied data for SQLite, supplying an overly long string may cause the driver to incorrectly quote the data, which may further lead to SQL injection vulnerabilities...

9.1CVSS7.9AI score0.02154EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/09/23 12:0 a.m.4 views

The vulnerability of the PDO::quote function in the ext/pdo_sqlite/sqlite_driver.c component of the PHP programming language is related to integer overflow. This vulnerability allows attackers to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the PDO::quote function in the ext/pdosqlite/sqlitedriver.c component of the PHP programming language is related to integer overflow. Exploiting this vulnerability allows an attacker to access confidential data, compromise its integrity, and cause service failures...

6.9CVSS7.1AI score0.02154EPSS
Exploits0References8Affected Software4
BDU FSTEC
BDU FSTEC
added 2021/05/12 12:0 a.m.7 views

The vulnerability of the Quote sub-component of the Oracle Lease and Finance Management component in the Oracle E-Business Suite system allows a malicious individual to gain unauthorized access to the device.

The vulnerability of the Quotes sub-component of the Oracle Lease and Finance Management component within the Oracle E-Business Suite automation system is related to code errors. Exploiting this vulnerability may allow an attacker, operating remotely, to gain unauthorized access to the device...

8.5CVSS6.9AI score0.00931EPSS
Exploits0References3Affected Software1
vulnersOsv
vulnersOsv
added 2019/02/18 11:58 p.m.7 views

0latency (=0.0.0), 192.168.0.172 (=4.6.1) +3626 more potentially affected by CVE-2016-10541 via shell-quote (>=0.0.1 <=1.6.0)

shell-quote NPM version =0.0.1, =1.0.0, =0.0.2, =1.0.0, =1.4.0, =0.0.0, =1.1.0, =0.1.3, =0.1.33, =0.0.3, =0.2.9 and more Source cves: CVE-2016-10541 Source advisory: OSV:GHSA-QG8P-V9Q4-GH34...

9.8CVSS7.2AI score0.02232EPSS
Exploits1
Rows per page
Query Builder