CVE-2026-30311

Ridvay Code's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on fragile regular expressions to parse command structures; while it attempts to intercept dangerous operations...

EUVD-2026-17188

Roo Code's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on fragile regular expressions to parse command structures; while it attempts to intercept dangerous operations, i...

Server-Side Template Injection (SSTI)

getgrav/grav is vulnerable to Server-Side Template Injection SSTI. The vulnerability is due to weak regex validation in the cleanDangerousTwig method, which allows an attacker to execute arbitrary commands on the server...

CVE-2025-66294

Grav is a file-based Web platform. Prior to 1.8.0-beta.27, a Server-Side Template Injection SSTI vulnerability exists in Grav that allows authenticated attackers with editor permissions to execute arbitrary commands on the server and, under certain conditions, may also be exploited by...

OneBlog 安全漏洞

OneBlog is a beautiful and powerful Java blog by the individual developer yadong.zhang. A security vulnerability exists in OneBlog 2.3.9 and earlier versions, which stems from a mishandling of the X-Forwarded-For parameter that can lead to insufficient regular expression complexity...