Lucene search
K

4 matches found

NVD
NVD
added 2026/03/31 4:16 p.m.5 views

CVE-2026-34243

wenxian is a tool to generate BIBTEX files from given identifiers DOI, PMID, arXiv ID, or paper title. In versions 0.3.1 and prior, a GitHub Actions workflow uses untrusted user input from issuecomment.body directly inside a shell command, allowing potential command injection and arbitrary code...

9.8CVSS0.02172EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/03/31 3:49 p.m.25 views

CVE-2026-34243 wenxian: Command Injection in GitHub Actions Workflow via `issue_comment.body`

wenxian is a tool to generate BIBTEX files from given identifiers DOI, PMID, arXiv ID, or paper title. In versions 0.3.1 and prior, a GitHub Actions workflow uses untrusted user input from issuecomment.body directly inside a shell command, allowing potential command injection and arbitrary code...

9.8CVSS0.02172EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/31 3:49 p.m.3 views

CVE-2026-34243 wenxian: Command Injection in GitHub Actions Workflow via `issue_comment.body`

wenxian is a tool to generate BIBTEX files from given identifiers DOI, PMID, arXiv ID, or paper title. In versions 0.3.1 and prior, a GitHub Actions workflow uses untrusted user input from issuecomment.body directly inside a shell command, allowing potential command injection and arbitrary code...

9.8CVSS6.4AI score0.02172EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.8 views

wenxian 操作系统命令注入漏洞

Wenxian is a tool developed by Jinzhe Zeng as a reference format generator based on document identifiers. Versions of Wenxian 0.3.1 and earlier contained a vulnerability related to operating system command injection. This vulnerability stemmed from the use of unvalidated user input directly in...

9.8CVSS6.1AI score0.02172EPSS
Exploits1References1
Rows per page
Query Builder