Trivy Action 操作系统命令注入漏洞

Trivy Action is a container vulnerability scanning tool developed by Aqua Security. Versions of Trivy Action prior to 0.33.1 contain an operating system command injection vulnerability. This vulnerability arises from improper handling of input during the process of exporting environment variables...

Arbitrary Command Injection

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Arbitrary Command Injection due to embedding the current working directory path into LLM prompts without sanitization. An attacker can manipulate agent behavior or cause disclosure of...

CVE-2025-13689 DataStage on Cloud Pak for Data is vulnerable to arbitrary code injection due to runtime environment

IBM DataStage on Cloud Pak for Data could allow an authenticated user to execute arbitrary commands and gain access to sensitive information due to unrestricted file uploads...

PT-2026-20225

Name of the Vulnerable Software and Affected Versions IBM DataStage on Cloud Pak for Data affected versions not specified Description An authenticated user may be able to execute arbitrary commands and gain access to sensitive information due to unrestricted file uploads. Recommendations At the...

PT-2026-20950

Name of the Vulnerable Software and Affected Versions OpenClaw versions 2026.2.6 through 2026.2.13 Description The OpenClaw macOS desktop client registers the openclaw:// URL scheme. For openclaw://agent deep links lacking an unattended key, the application displays a confirmation dialog...

Advisory ROSA-SA-2026-3204

Software: vim 8.0.1763 OS: ROSA Virtualization 2.1 unaffected versions = vim-8.0.1763-21.0.1.rv3 affected versions vim-8.0.1763-21.0.0.1.rv3 CVE-ID: CVE-2025-53905 BDU-ID: 2025-11730 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the vim text editor is related to an incorrect restriction of the...

CVE-2025-69770

A zip slip vulnerability in the /DesignTools/SkinList.aspx endpoint of MojoPortal CMS v2.9.0.1 allows attackers to execute arbitrary commands via uploading a crafted zip file...

CVE-2025-69770

A zip slip vulnerability in the /DesignTools/SkinList.aspx endpoint of MojoPortal CMS v2.9.0.1 allows attackers to execute arbitrary commands via uploading a crafted zip file...

CVE-2025-69770

A zip slip vulnerability in the /DesignTools/SkinList.aspx endpoint of MojoPortal CMS v2.9.0.1 allows attackers to execute arbitrary commands via uploading a crafted zip file...

CVE-2025-69770

A zip slip vulnerability in the /DesignTools/SkinList.aspx endpoint of MojoPortal CMS v2.9.0.1 allows attackers to execute arbitrary commands via uploading a crafted zip file...

n8n Node.js Package >= 0.187.0 < 1.120.3 Command Injection (CVE-2026-21893)

The version of the n8n Node.js Package installed on the remote host is = 0.187.0 and prior to 1.120.3. It is, therefore, affected by a command injection vulnerability: - A command injection vulnerability was identified in n8n's community package installation functionality. The issue allows...

VulnCheck KEV: CVE-2026-25108

FileZen contains an OS command injection vulnerability. When FileZen Antivirus Check Option is enabled, a logged-in user may send a specially crafted HTTP request to execute an arbitrary OS command...

MojoPortal CMS 安全漏洞

MojoPortal CMS is a content management system developed by MojoPortal Corporation. Version 2.9.0.1 of MojoPortal CMS has a security vulnerability. This vulnerability stems from a zip slip vulnerability present in the /DesignTools/SkinList.aspx endpoint, which may allow arbitrary commands to be...

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the interpolation of untrusted agent metadata into tmux shell command strings executed through /bin/sh -c. An attacker can execute arbitrary commands on the operator host by supplying crafted metadata...

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the interpolation of untrusted agent metadata into tmux shell command strings executed through /bin/sh -c. An attacker can execute arbitrary commands on the operator host by supplying crafted metadata...

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the interpolation of untrusted agent metadata into tmux shell command strings executed through /bin/sh -c. An attacker can execute arbitrary commands on the operator host by supplying crafted metadata...

D-Link DIR-600 Command Injection Vulnerability

The D-Link DIR-600 is a wireless router from China's AUO D-Link. A command injection vulnerability exists in D-Link DIR-600 2.15WWb02 and earlier versions, which stems from the failure to properly filter constructed command special characters, commands, etc. in the parameter...

CVE-2026-25740

captive browser, a dedicated Chrome instance to log into captive portals without messing with DNS settings. In 25.05 and earlier, when programs.captive-browser is enabled, any user of the system can run arbitrary commands with the CAPNETRAW capability binding to privileged ports, spoofing localho...

ZAI Shell 代码注入漏洞

ZAI Shell is a terminal-independent AI proxy software developed by Ömer Efe Başol TaklaXBR. Versions of ZAI Shell prior to 9.0.3 contained a code injection vulnerability. This vulnerability stemmed from the lack of an authentication mechanism in the P2P terminal sharing feature, which could lead ...

Arbitrary Command Injection

Overview xcode-mcp-server is an An MCP server for Xcode integration, enabling AI assistants to interact with Xcode projects Affected versions of this package are vulnerable to Arbitrary Command Injection via the registerXcodeTools function in the runlldb component when processing the args argumen...