vim: Vim: Arbitrary code execution via command injection in glob() function

A flaw was found in Vim. By including a newline character in a pattern passed to Vim's glob function, an attacker may be able to execute arbitrary shell commands. This command injection vulnerability allows for arbitrary code execution, depending on the user's shell settings...

EUVD-2026-19438

Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in the command lookup helper and deep-link terminal launcher that allows local attackers to execute arbitrary commands by manipulating the TERMINAL environment variable. Attackers can inject shell...

CVE-2026-34982

A flaw was found in Vim. A modeline is used to set specific editor options directly from a text file. However, the complete, guitabtooltip, printheader options and the mapset function lack proper security checks, allowing an attacker to bypass restrictions and cause arbitrary OS command execution...

CVE-2026-35020

...

Malicious code in frontend-backoffice (npm)

Malicious package due to arbitrary command execution, data exfiltration to Telegram, and a suspicious preinstall script executing code on installation. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2f06949fafe41d4b38a42b1c5573750638b411c02b6edcb1958f3f5aad933d...

MAL-2026-2525 Malicious code in frontend-backoffice (npm)

Malicious package due to arbitrary command execution, data exfiltration to Telegram, and a suspicious preinstall script executing code on installation. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2f06949fafe41d4b38a42b1c5573750638b411c02b6edcb1958f3f5aad933d...

CVE-2026-34982

Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens a crafted file. The complete, guitabtooltip and printheader options are missing the PMLE flag, allowing a modeline to be executed...

vim: Vim: Arbitrary code execution via OS command injection in the netrw plugin

A flaw was found in Vim, an open-source command-line text editor. Specifically, an operating system OS command injection vulnerability exists in the netrw standard plugin. A remote attacker could exploit this by tricking a user into opening a specially crafted URL, such as one using the scp://...

PT-2026-30706

Name of the Vulnerable Software and Affected Versions Anthropic Claude Code CLI and Claude Agent SDK affected versions not specified Description Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection issue in the command lookup helper and deep-link terminal launcher. Local...

CVE-2019-25687

Pegasus CMS 1.0 contains a remote code execution vulnerability in the extrafields.php plugin that allows unauthenticated attackers to execute arbitrary commands by exploiting unsafe eval functionality. Attackers can send POST requests to the submit.php endpoint with malicious PHP code in the acti...

CVE-2026-25044

Budibase is an open-source low-code platform. Prior to version 3.33.4, the bash automation step executes user-provided commands using execSync without proper sanitization or validation. User input is processed through processStringSync which allows template interpolation, potentially allowing...

CVE-2026-34935

PraisonAI is a multi-agent teams system. From version 4.5.15 to before version 4.5.69, the --mcp CLI argument is passed directly to shlex.split and forwarded through the call chain to anyio.openprocess with no validation, allowlist check, or sanitization at any hop, allowing arbitrary OS command...

CVE-2026-34935

PraisonAI is a multi-agent teams system. From version 4.5.15 to before version 4.5.69, the --mcp CLI argument is passed directly to shlex.split and forwarded through the call chain to anyio.openprocess with no validation, allowlist check, or sanitization at any hop, allowing arbitrary OS command...

CVE-2026-25044

Budibase is an open-source low-code platform. Prior to version 3.33.4, the bash automation step executes user-provided commands using execSync without proper sanitization or validation. User input is processed through processStringSync which allows template interpolation, potentially allowing...

GHSA-QPC3-8VQG-8G6W pymetasploit3 vulnerable to command injection in console.run_module_with_output()

Command injection vulnerability in console.runmodulewithoutput in pymetasploit3 through version 1.0.6 allows attackers to inject newline characters into module options such as RHOSTS. This breaks the intended command structure and causes the Metasploit console to execute additional unintended...

CVE-2026-5463

Command injection vulnerability in console.runmodulewithoutput in pymetasploit3 through version 1.0.6 allows attackers to inject newline characters into module options such as RHOSTS. This breaks the intended command structure and causes the Metasploit console to execute additional unintended...

CVE-2026-1345

IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 could allow an unauthenticated user to execute arbitrary commands as lowe...

CVE-2026-1345

The CVE-2026-1345 entry affects IBM Verify Identity Access Container (11.0–11.0.2), IBM Security Verify Access Container (10.0–10.0.9.1), IBM Verify Identity Access (11.0–11.0.2), and IBM Security Verify Access (10.0–10.0.9.1). The root cause is improper validation of user-supplied input, enablin...

CVE-2026-20160 Cisco Smart Software Manager On-Prem Arbitrary Command Execution Vulnerability

A vulnerability in Cisco Smart Software Manager On-Prem SSM On-Prem could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected SSM On-Prem host. This vulnerability is due to the unintentional exposure of an internal service. An...

CVE-2026-20096 Cisco Integrated Management Controller Command Injection Vulnerability

A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with admin-level privileges to perform command injection attacks on an affected system and execute arbitrary commands as the root user. This vulnerability is due to improper validation...