148 matches found
CVE-2026-33641 Glances Vulnerable to Command Injection via Dynamic Configuration Values
Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, Glances supports dynamic configuration values in which substrings enclosed in backticks are executed as system commands during configuration parsing. This behavior occurs in Config.getvalue and is implemented...
CVE-2026-33641
Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, Glances supports dynamic configuration values in which substrings enclosed in backticks are executed as system commands during configuration parsing. This behavior occurs in Config.getvalue and is implemented...
GHSA-W37C-QQFP-C67F PraisonAI: Shell Injection in run_python() via Unescaped $() Substitution
Summary runpython in praisonai constructs a shell command string by interpolating user-controlled code into python3 -c "" and passing it to subprocess.run..., shell=True. The escaping logic only handles \ and ", leaving $ and backtick substitutions unescaped, allowing arbitrary OS command executi...
Glances Vulnerable to Command Injection via Dynamic Configuration Values
Summary Glances supports dynamic configuration values in which substrings enclosed in backticks are executed as system commands during configuration parsing. This behavior occurs in Config.getvalue and is implemented without validation or restriction of the executed commands. If an attacker can...
GHSA-QHJ7-V7H7-Q4C7 Glances Vulnerable to Command Injection via Dynamic Configuration Values
Summary Glances supports dynamic configuration values in which substrings enclosed in backticks are executed as system commands during configuration parsing. This behavior occurs in Config.getvalue and is implemented without validation or restriction of the executed commands. If an attacker can...
PT-2026-29155
Name of the Vulnerable Software and Affected Versions Glances versions prior to 4.5.3 Description Glances, a system cross-platform monitoring tool, allows for the execution of arbitrary system commands through dynamic configuration values. Specifically, substrings enclosed in backticks within...
GHSA-67JX-R9PV-98RJ Traefik has Knative Ingress Rule Injection that Allows Host Restriction Bypass
Summary There is a potential vulnerability in Traefik's Kubernetes Knative, Ingress, and Ingress-NGINX providers related to rule injection. User-controlled values are interpolated into backtick-delimited Traefik router rule expressions without escaping or validation. A malicious value containing ...
Improper Encoding or Escaping of Output
Overview Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output through the Kubernetes Ingress and Knative provider buildRule/buildHostRule processes in the pkg/provider/kubernetes/ingress and pkg/provider/kubernetes/knative components. An attacker can bypass...
Improper Encoding or Escaping of Output
Overview Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output through the Kubernetes Ingress and Knative provider buildRule/buildHostRule processes in the pkg/provider/kubernetes/ingress and pkg/provider/kubernetes/knative components. An attacker can bypass...
Improper Input Validation
Overview Affected versions of this package are vulnerable to Improper Input Validation in the doKey function of Neo4jVectorFilterExpressionConverter when a user-controlled string is embedded as a filter expression key without proper escaping of backticks. An attacker can access internal resources...
CVE-2026-22743 Server-Side Request Forgery via Filter Expression Keys in Neo4jVectorStore
Spring AI's spring-ai-neo4j-store contains a Cypher injection vulnerability in Neo4jVectorFilterExpressionConverter. When a user-controlled string is passed as a filter expression key in Neo4jVectorFilterExpressionConverter of spring-ai-neo4j-store, doKey embeds the key into a backtick-delimited...
CVE-2026-22743 Server-Side Request Forgery via Filter Expression Keys in Neo4jVectorStore
Spring AI's spring-ai-neo4j-store contains a Cypher injection vulnerability in Neo4jVectorFilterExpressionConverter. When a user-controlled string is passed as a filter expression key in Neo4jVectorFilterExpressionConverter of spring-ai-neo4j-store, doKey embeds the key into a backtick-delimited...
CVE-2026-22743
Spring AI's spring-ai-neo4j-store contains a Cypher injection vulnerability in Neo4jVectorFilterExpressionConverter. When a user-controlled string is passed as a filter expression key in Neo4jVectorFilterExpressionConverter of spring-ai-neo4j-store, doKey embeds the key into a backtick-delimited...
Happy DOM ECMAScriptModuleCompiler: unsanitized export names are interpolated as executable code
Summary A code injection vulnerability in ECMAScriptModuleCompiler allows an attacker to achieve Remote Code Execution RCE by injecting arbitrary JavaScript expressions inside export declarations in ES module scripts processed by happy-dom. The compiler directly interpolates unsanitized content...
Server-Side Request Forgery via Filter Expression Keys in Neo4jVectorStore
spring-ai-neo4j-store contains a Cypher injection vulnerability in Neo4jVectorFilterExpressionConverter . When a user-controlled string is passed as a filter expression key in Neo4jVectorFilterExpressionConverter of spring-ai-neo4j-store , doKey embeds the key into a backtick-delimited Cypher...
📄 Barracuda ESG TAR Filename Command Injection
This Metasploit module exploits CVE-2023-2868, a command injection vulnerability in Barracuda Email Security Gateway ESG appliances. The vulnerability exists in how the ESG processes TAR file attachments - filenames containing shell metacharacters backticks are passed directly to shell commands...
SUSE CVE-2026-29777
Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.10, A tenant with write access to an HTTPRoute resource can inject backtick-delimited rule tokens into Traefik's router rule language via unsanitized header or query parameter match values. In shared gateway deployments, this can...
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via unsanitized header or query parameter match values in the HTTPRoute resource. An attacker can bypass listener hostname constraints and...
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via unsanitized header or query parameter match values in the HTTPRoute resource. An attacker can bypass listener hostname constraints and...
CVE-2026-29777
Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.10, A tenant with write access to an HTTPRoute resource can inject backtick-delimited rule tokens into Traefik's router rule language via unsanitized header or query parameter match values. In shared gateway deployments, this can...