EUVD-2026-32657

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, src/tmux.c reads the user's $TMUX environment variable, splits it on commas, and interpolates the socket-path component directly into a shell command passed to popen. Because the value is placed insi...

CVE-2026-44713

Pam_usb vulnerability: in versions prior to 0.8.7, src/tmux.c reads the TMUX environment variable, splits on commas, and interpolates the socket-path directly into a shell command passed to popen(), placing the value inside double quotes without sanitisation. This allows an attacker-controlled va...

CVE-2026-44713

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, src/tmux.c reads the user's $TMUX environment variable, splits it on commas, and interpolates the socket-path component directly into a shell command passed to popen. Because the value is placed insi...

UBUNTU-CVE-2026-45570

go-git is an extensible git implementation library written in pure Go. Prior to 5.19.1 and 6.0.0-alpha.4, go-git's SSH transport constructs the remote exec command by wrapping the repository path in single quotes without escaping single quotes embedded inside the path. A repository path containin...

CVE-2026-45570 go-git: Improper single-quote escaping in go-git SSH transport

go-git is an extensible git implementation library written in pure Go. Prior to 5.19.1 and 6.0.0-alpha.4, go-git's SSH transport constructs the remote exec command by wrapping the repository path in single quotes without escaping single quotes embedded inside the path. A repository path containin...

CVE-2026-45570

go-git is an extensible git implementation library written in pure Go. Prior to 5.19.1 and 6.0.0-alpha.4, go-git's SSH transport constructs the remote exec command by wrapping the repository path in single quotes without escaping single quotes embedded inside the path. A repository path containin...

Debian dsa-6300 : node-shell-quote - security update

The remote Debian 12 / 13 host has a package installed that is affected by a vulnerability as referenced in the dsa-6300 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6300-1 [email protected] https://www.debian.org/security/...

pam_usb 安全漏洞

pamusb is a Linux hardware authentication tool developed by McDope’s individual developer, based on USB devices. Versions of pamusb prior to 0.8.7 contain security vulnerabilities. These vulnerabilities stem from the code in src/tmux.c, which reads the user’s $TMUX environment variable and insert...

PT-2026-44113

Name of the Vulnerable Software and Affected Versions pam usb versions prior to 0.8.7 Description In the src/tmux.c file, the software reads the $TMUX environment variable, splits it by commas, and interpolates the socket-path component directly into a shell command executed via the popen functio...

UBUNTU-CVE-2026-48695

FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the MikroTik router integration plugin. The log function in src/mikrotikplugin/fastnetmonmikrotik.php lines 107-108 constructs shell commands by concatenating the $msg parameter directly into exec calls:...

CVE-2026-44723 Vowpal Wabbit: Shell injection via crafted PR title in python_checks.yml allows arbitrary command execution on CI runner

Vowpal Wabbit is a machine learning system. The workflow .github/workflows/pythonchecks.yml embeds $ github.event.pullrequest.title directly inside double-quoted bash strings in four separate steps across four jobs, each passing it as a CLI argument to the Python test script...

CVE-2026-44723 Vowpal Wabbit: Shell injection via crafted PR title in python_checks.yml allows arbitrary command execution on CI runner

Vowpal Wabbit is a machine learning system. The workflow .github/workflows/pythonchecks.yml embeds $ github.event.pullrequest.title directly inside double-quoted bash strings in four separate steps across four jobs, each passing it as a CLI argument to the Python test script...

CVE-2026-4480 Samba: samba: remote code execution in printing subsystem via unescaped job description

A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the "print command" setting via the "%J" substitution character without escaping shell meta characters. A remote attacker could exploit this vulnerability by...

TencentOS Server 3: python3 (TSSA-2026:0369)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0369 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

CLSA-2026-1779371406 vim: Fix of CVE-2026-42307

CVE-2026-42307: fix shell injection in netrw via the tempfile suffix when reading sftp:// or file:// URLs by escaping the tempfile and restricting the suffix regex to word characters...

CLSA-2026-1779700361 vim: Fix of CVE-2026-42307

CVE-2026-42307: fix shell injection in netrw via the tempfile suffix when reading sftp:// or file:// URLs by escaping the tempfile and restricting the suffix regex to word characters...

CLSA-2026-1779694105 Fix CVE(s): CVE-2026-42307

SECURITY UPDATE: fix shell-injection in netrw via crafted sftp:// and file:// URLs by escaping the tempfile name and restricting the filename-suffix regex to word characters runtime/autoload/netrw.vim, upstream patch 9.2.0383 - debian/patches/CVE-2026-42307.patch: fix shell-injection in netrw via...

CLSA-2026-1779436673 vim: Fix of CVE-2026-42307

CVE-2026-42307: fix shell-injection in netrw via crafted sftp:// and file:// URLs by escaping the tempfile name and restricting the filename-suffix regex to word characters runtime/autoload/netrw.vim, upstream patch 9.2.0383...

RockyLinux 9 : cockpit: Unauthenticated remote code execution due to SSH command-line argument injection (Critical) (RLSA-2026:7384)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:7384 advisory. cockpit: ws: be more explicit when handling hostnames on cli CVE-2026-4631 Tenable has extracted the preceding description block directly from the RockyLinux...

Unity Linux 20.1060e / 20.1070e Security Update: maven-shared-utils (UTSA-2026-016689)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016689 advisory. In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection...