147 matches found
CVE-2026-41411 Vim: Command injection via backtick expansion in tag filenames
Vim is an open source, command line text editor. Prior to 9.2.0357, A command injection vulnerability exists in Vim's tag file processing. When resolving a tag, the filename field from the tags file is passed through wildcard expansion to resolve environment variables and wildcards. If the filena...
CVE-2026-41411
Vim (before version 9.2.0357) contains a local command-injection vulnerability in tag file processing. When resolving a tag, Vim passes the filename field from the tags file through wildcard expansion, enabling backtick syntax (e.g., command) that can execute arbitrary commands via the system she...
CVE-2026-41411 Vim: Command injection via backtick expansion in tag filenames
Vim is an open source, command line text editor. Prior to 9.2.0357, A command injection vulnerability exists in Vim's tag file processing. When resolving a tag, the filename field from the tags file is passed through wildcard expansion to resolve environment variables and wildcards. If the filena...
CVE-2026-41411
Vim is an open source, command line text editor. Prior to 9.2.0357, A command injection vulnerability exists in Vim's tag file processing. When resolving a tag, the filename field from the tags file is passed through wildcard expansion to resolve environment variables and wildcards. If the filena...
EUVD-2026-25575
Vim is an open source, command line text editor. Prior to 9.2.0357, A command injection vulnerability exists in Vim's tag file processing. When resolving a tag, the filename field from the tags file is passed through wildcard expansion to resolve environment variables and wildcards. If the filena...
CVE-2026-41305
PostCSS takes a CSS file and provides an API to analyze and modify its rules by transforming the rules into an Abstract Syntax Tree. Versions prior to 8.5.10 do not escape tags,...
PT-2026-35033
Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.2.0357 Description Command injection occurs during tag file processing. When resolving a tag, the filename field from the tags file undergoes wildcard expansion to resolve environment variables and wildcards. If this...
EUVD-2026-24086
FreePBX api module version 17.0.8 and prior contain a command injection vulnerability in the initiateGqlAPIProcess function where GraphQL mutation input fields are passed directly to shellexec without sanitization or escaping. An authenticated user with a valid bearer token can send a GraphQL...
PT-2026-33931
FreePBX api module version 17.0.8 and prior contain a command injection vulnerability in the initiateGqlAPIProcess function where GraphQL mutation input fields are passed directly to shell exec without sanitization or escaping. An authenticated user with a valid bearer token can send a GraphQL...
CVE-2026-39318
ChurchCRM is an open-source church management system. Versions prior to 7.1.0 have an SQL injection vulnerability in the endpoints /GroupPropsFormRowOps.php, /PersonCustomFieldsRowOps.php, and /FamilyCustomFieldsRowOps.php. A user has to be authenticated. For ManageGroups privileges have to be...
CVE-2026-35021
Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in the prompt editor invocation utility that allows attackers to execute arbitrary commands by crafting malicious file paths. Attackers can inject shell metacharacters such as $ or backtick expressions in...
EUVD-2026-19808
ChurchCRM is an open-source church management system. Prior to 7.1.0, the GroupPropsFormRowOps.php file contains a SQL injection vulnerability. User input in the Field parameter is directly inserted into SQL queries without proper sanitization. The mysqlirealescapestring function does not escape...
Linux Distros Unpatched Vulnerability : CVE-2026-33641
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, Glances supports dynamic configuration values in which substrings...
SUSE CVE-2026-33641
Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, Glances supports dynamic configuration values in which substrings enclosed in backticks are executed as system commands during configuration parsing. This behavior occurs in Config.getvalue and is implemented...
CVE-2026-33641
Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, Glances supports dynamic configuration values in which substrings enclosed in backticks are executed as system commands during configuration parsing. This behavior occurs in Config.getvalue and is implemented...
DEBIAN-CVE-2026-33641
Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, Glances supports dynamic configuration values in which substrings enclosed in backticks are executed as system commands during configuration parsing. This behavior occurs in Config.getvalue and is implemented...
UBUNTU-CVE-2026-33641
Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, Glances supports dynamic configuration values in which substrings enclosed in backticks are executed as system commands during configuration parsing. This behavior occurs in Config.getvalue and is implemented...
CVE-2026-33641
Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, Glances supports dynamic configuration values in which substrings enclosed in backticks are executed as system commands during configuration parsing. This behavior occurs in Config.getvalue and is implemented...
CVE-2026-33641
Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, Glances supports dynamic configuration values in which substrings enclosed in backticks are executed as system commands during configuration parsing. This behavior occurs in Config.getvalue and is implemented...
CVE-2026-33641 Glances Vulnerable to Command Injection via Dynamic Configuration Values
Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, Glances supports dynamic configuration values in which substrings enclosed in backticks are executed as system commands during configuration parsing. This behavior occurs in Config.getvalue and is implemented...