CVE-2025-65946

Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Prior to version 3.26.7, Due to an error in validation it was possible for Roo to automatically execute commands that did not match the allow list prefixes. This issue has been patched in version 3.26.7...

CVE-2025-65946 Roo Code is Vulnerable to Potential Remote Code Execution via zsh Command Validation Bug

Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Prior to version 3.26.7, Due to an error in validation it was possible for Roo to automatically execute commands that did not match the allow list prefixes. This issue has been patched in version 3.26.7...

CVE-2025-65946 Roo Code is Vulnerable to Potential Remote Code Execution via zsh Command Validation Bug

Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Prior to version 3.26.7, Due to an error in validation it was possible for Roo to automatically execute commands that did not match the allow list prefixes. This issue has been patched in version 3.26.7...

CVE-2025-65946 Roo Code is Vulnerable to Potential Remote Code Execution via zsh Command Validation Bug

Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Prior to version 3.26.7, Due to an error in validation it was possible for Roo to automatically execute commands that did not match the allow list prefixes. This issue has been patched in version 3.26.7...

EUVD-2025-27053

Malicious code in bioql PyPI...

EUVD-2024-36432

Malicious code in bioql PyPI...

CVE-2025-58371

CVE-2025-58371 affects Roo Code (versions ≤ 3.26.6). A GitHub workflow used unsanitized pull request metadata in a privileged context, enabling an attacker to craft input that caused Remote Code Execution (RCE) on the Actions runner. The runner’s broad permissions and access to repository secrets...

PT-2025-36339

Name of the Vulnerable Software and Affected Versions: Roo Code versions 3.26.6 and below Description: Roo Code is an AI-powered autonomous coding agent. A Github workflow used unsanitized pull request metadata in a privileged context, allowing an attacker to achieve Remote Code Execution RCE on...

CVE-2024-37111

Missing Authorization vulnerability in Membership Software WishList Member X.This issue affects WishList Member X: from n/a before 3.26.7...

WordPress plugin WishList Member X SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A SQL injection...

PT-2024-27302 · Unknown · Wishlist Member

Name of the Vulnerable Software and Affected Versions: WishList Member X versions prior to 3.26.7 Description: The issue is related to Improper Privilege Management, allowing Privilege Escalation in the Membership Software. Recommendations: For versions prior to 3.26.7, update to version 3.26.7 o...

PT-2024-27304 · Unknown · Wishlist Member

Name of the Vulnerable Software and Affected Versions: WishList Member X versions prior to 3.26.7 Description: The issue is related to improper control of generation of code, also known as 'Code Injection', in Membership Software WishList Member X. This allows for code injection. Recommendations:...