CVE-2026-30916 Shescape has possible misidentification of shell due to link chains

Shescape is a simple shell escape library for JavaScript. Prior to 2.1.9, an attacker may be able to bypass escaping for the shell being used. This can result, for example, in exposure of sensitive information. This impacts users of Shescape that configure their shell to point to a file on disk...

CVE-2026-30916

REJECT DO NOT USE THIS CANDIDATE NUMBER. Reason: Further investigation determined that the software behavior described did not falls within the project's threat model. See https://github.com/github/advisory-database/pull/7206 for more information...

EUVD-2026-10424

Shescape is a simple shell escape library for JavaScript. Prior to 2.1.9, an attacker may be able to bypass escaping for the shell being used. This can result, for example, in exposure of sensitive information. This impacts users of Shescape that configure their shell to point to a file on disk...

EUVD-2026-10425

Shescape is a simple shell escape library for JavaScript. Prior to 2.1.9, an attacker may be able to bypass escaping for the shell being used. This can result, for example, in exposure of sensitive information. This impacts users of Shescape that configure their shell to point to a file on disk...

CVE-2026-30916

...

CVE-2026-30916

...

CVE-2026-25041

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.23.22 and earlier, the PostgreSQL integration constructs shell commands using user-controlled configuration values database name, host, password, etc. without proper sanitization. The password and other...

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization in the system.run process. An attacker can cause unauthorized commands to be persisted as trusted entries by submitting a shell command with an unquoted character,...

OpenClaw: system.run allow-always persistence included shell-commented payload tails

OpenClaw's system.run allowlist analysis did not honor POSIX shell comment semantics when deriving allow-always persistence entries. A caller in security=allowlist mode who received an allow-always decision could submit a shell command whose tail was commented out at runtime, for example by using...

GHSA-9Q2P-VC84-2RWM OpenClaw: system.run allow-always persistence included shell-commented payload tails

OpenClaw's system.run allowlist analysis did not honor POSIX shell comment semantics when deriving allow-always persistence entries. A caller in security=allowlist mode who received an allow-always decision could submit a shell command whose tail was commented out at runtime, for example by using...

OpenClaw: system.run wrapper-depth boundary could skip shell approval gating

OpenClaw's system.run dispatch-wrapper handling applied different depth-boundary rules to shell-wrapper approval detection and execution planning. With exactly four transparent dispatch wrappers such as repeated env invocations before /bin/sh -c, the approval classifier could stop treating the...

GHSA-R6QF-8968-WJ9Q OpenClaw: system.run wrapper-depth boundary could skip shell approval gating

OpenClaw's system.run dispatch-wrapper handling applied different depth-boundary rules to shell-wrapper approval detection and execution planning. With exactly four transparent dispatch wrappers such as repeated env invocations before /bin/sh -c, the approval classifier could stop treating the...

OpenClaw's system.run allowlist approval parsing missed PowerShell encoded-command wrappers

OpenClaw's system.run shell-wrapper detection did not recognize PowerShell -EncodedCommand forms as inline-command wrappers. In allowlist mode, a caller with access to system.run could invoke pwsh or powershell using -EncodedCommand, -enc, or -e, and the request would fall back to plain argv...

CVE-2026-25041

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.23.22 and earlier, the PostgreSQL integration constructs shell commands using user-controlled configuration values database name, host, password, etc. without proper sanitization. The password and other...

CVE-2026-25041 Budibase has a Command Injection in PostgreSQL Dump Command

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.23.22 and earlier, the PostgreSQL integration constructs shell commands using user-controlled configuration values database name, host, password, etc. without proper sanitization. The password and other...

EUVD-2026-10353

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.23.22 and earlier, the PostgreSQL integration constructs shell commands using user-controlled configuration values database name, host, password, etc. without proper sanitization. The password and other...

@budibase/server: Command Injection in PostgreSQL Dump Command

Location: packages/server/src/integrations/postgres.ts:529-531 Description The PostgreSQL integration constructs shell commands using user-controlled configuration values database name, host, password, etc. without proper sanitization. The password and other connection parameters are directly...

CLSA-2026-1773073974 Fix CVE(s): CVE-2025-10230

SECURITY UPDATE: command injection via improper NetBIOS name validation in shell hook handling CVE - debian/patches/CVE-2025-10230-1.patch: Validate NetBIOS names before passing them to hook shell command, rejecting characters outside alphanumeric, dot, underscore, or hyphen. Prevent command...

EUVD-2025-208404

The rtsol8 and rtsold8 programs do not validate the domain search list options provided in router advertisement messages; the option body is passed to resolvconf8 unmodified. resolvconf8 is a shell script which does not validate its input. A lack of quoting meant that shell commands pass as input...

CVE-2025-14558 Remote code execution via ND6 Router Advertisements

The rtsol8 and rtsold8 programs do not validate the domain search list options provided in router advertisement messages; the option body is passed to resolvconf8 unmodified. resolvconf8 is a shell script which does not validate its input. A lack of quoting meant that shell commands pass as input...