CVE-2024-39331

A flaw was found in Emacs. Arbitrary shell commands can be executed without prompting when an Org mode file is opened or when the Org mode is enabled, when Emacs is used as an email client, this issue can be triggered when previewing email attachments. Mitigation Do not open Org mode files or...

CVE-2024-4748

CVE-2024-4748 affects CRUDDIY/Cruddiy. The vulnerability is a shell command injection triggered by sending a crafted POST request to the application server. The exploitation risk is described as limited because CRUDDIY is designed to be launched locally, but a user running the project could be ta...

CVE-2024-4748 RCE in Cruddiy

The CRUDDIY project is vulnerable to shell command injection via sending a crafted POST request to the application server. The exploitation risk is limited since CRUDDIY is meant to be launched locally. Nevertheless, a user with the project running on their computer might visit a website which...

PT-2024-32629 · Cruddiy · Cruddiy

Name of the Vulnerable Software and Affected Versions: CRUDDIY affected versions not specified Description: The issue allows for shell command injection via sending a crafted POST request to the application server. The exploitation risk is limited since CRUDDIY is meant to be launched locally...

Cruddiy Command Injection Vulnerability

Cruddiy is a free no-code PHP bootstrap CRUD generator by Jan van den Berg, a personal developer. A security vulnerability exists in Cruddiy that stems from vulnerability to shell command injection attacks...

PT-2024-23853 · Unknown · Parisneo/Lollms

Name of the Vulnerable Software and Affected Versions: parisneo/lollms version 5.9.0 Description: A remote code execution issue exists in the create conda env function due to the use of shell=True in the subprocess.Popen function. This allows an attacker to inject arbitrary commands by manipulati...

CVE-2024-39331

In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %... link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5...

AZL-42925 CVE-2024-39331 affecting package emacs for versions less than 29.4-1

In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %... link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5...

AZL-42868 CVE-2024-39331 affecting package emacs for versions less than 29.4-1

In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %... link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5...

CVE-2024-39331

In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %... link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5...

DEBIAN-CVE-2024-39331

In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %... link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5...

CVE-2024-39331

In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %... link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5...

UBUNTU-CVE-2024-39331

In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %... link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5...

CVE-2024-39331

In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %... link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5...

CVE-2024-39331

In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %... link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5...

CVE-2023-39517 Cross site scripting (XSS) when clicking on an untrusted `<map>` link in Joplin

Joplin is a free, open source note taking and to-do application. A Cross site scripting XSS vulnerability in affected versions allows clicking on an untrusted image link to execute arbitrary shell commands. The HTML sanitizer packages/renderer/htmlUtils.ts::sanitizeHtml preserves links. However,...

CVE-2024-1881

AutoGPT, a component of significant-gravitas/autogpt, is vulnerable to an improper neutralization of special elements used in an OS command 'OS Command Injection' due to a flaw in its shell command validation function. Specifically, the vulnerability exists in versions v0.5.0 up to but not...

CVE-2024-1881

AutoGPT, a component of significant-gravitas/autogpt, is vulnerable to an improper neutralization of special elements used in an OS command 'OS Command Injection' due to a flaw in its shell command validation function. Specifically, the vulnerability exists in versions v0.5.0 up to but not...

CVE-2024-1881 Improper Neutralization of Special Elements used in an OS Command in significant-gravitas/autogpt

AutoGPT, a component of significant-gravitas/autogpt, is vulnerable to an improper neutralization of special elements used in an OS command 'OS Command Injection' due to a flaw in its shell command validation function. Specifically, the vulnerability exists in versions v0.5.0 up to but not...

CVE-2024-1881 Improper Neutralization of Special Elements used in an OS Command in significant-gravitas/autogpt

AutoGPT, a component of significant-gravitas/autogpt, is vulnerable to an improper neutralization of special elements used in an OS command 'OS Command Injection' due to a flaw in its shell command validation function. Specifically, the vulnerability exists in versions v0.5.0 up to but not...