2582 matches found
MAL-2026-2911 Malicious code in terminal-formatter (npm)
terminal-formatter is a malicious npm package that when installed postinstall-hook or imported sends local env variables, files and bash history to https://ghostraper.top and registers a new ssh key in .ssh/authorizedkeys. --- -= Per source details. Do not edit below this line.=- Source:...
PT-2026-33357
Name of the Vulnerable Software and Affected Versions Snowflake Cortex Code CLI versions prior to 1.0.25 Description Improper validation of bash commands allows subsequent commands to execute outside the sandbox. An attacker can embed specially crafted commands in untrusted content, such as a...
Snowflake Cortex Code CLI 安全漏洞
Snowflake Cortex Code CLI is an open-source command-line development tool provided by Snowflake. Versions of Snowflake Cortex Code CLI prior to 1.0.25 contained security vulnerabilities. These vulnerabilities were due to improper validation of bash commands, which could allow attackers to execute...
ROOT-OS-UBUNTU-2510-CVE-0000-0000 CVE-0000-0000 in rootio-bash - Patched by Root
Root has patched CVE-0000-0000 in the rootio-bash package for Root:Ubuntu:25.10. Multiple fixed versions available...
Exploit for CVE-2026-39866
CVE-2026-39866 — Command Injection via unquoted workflow dispa...
FoundationAgents MetaGPT vulnerable to OS Command Injection in metagpt/tools/libs/terminal.py
A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.1. The affected element is the function Bash.run in the library metagpt/tools/libs/terminal.py. This manipulation causes os command injection. The attack is possible to be carried out remotely. The project was informed of the...
EUVD-2026-21072
A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.1. The affected element is the function Bash.run in the library metagpt/tools/libs/terminal.py. This manipulation causes os command injection. The attack is possible to be carried out remotely. The project was informed of the...
Arbitrary Command Injection
Overview metagpt is a The Multi-Agent Framework Affected versions of this package are vulnerable to Arbitrary Command Injection via the Bash.run method in metagpt/tools/libs/terminal.py. An attacker can execute arbitrary operating system commands by supplying crafted input remotely. Remediation A...
GHSA-FCC8-4Q7H-WVWC FoundationAgents MetaGPT vulnerable to OS Command Injection in metagpt/tools/libs/terminal.py
A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.1. The affected element is the function Bash.run in the library metagpt/tools/libs/terminal.py. This manipulation causes os command injection. The attack is possible to be carried out remotely. The project was informed of the...
CVE-2026-5974
A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.1. The affected element is the function Bash.run in the library metagpt/tools/libs/terminal.py. This manipulation causes os command injection. The attack is possible to be carried out remotely. The project was informed of the...
CVE-2026-5974 FoundationAgents MetaGPT terminal.py Bash.run os command injection
A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.1. The affected element is the function Bash.run in the library metagpt/tools/libs/terminal.py. This manipulation causes os command injection. The attack is possible to be carried out remotely. The project was informed of the...
CVE-2026-5974
A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.1. The affected element is the function Bash.run in the library metagpt/tools/libs/terminal.py. This manipulation causes os command injection. The attack is possible to be carried out remotely. The project was informed of the...
CVE-2026-5974
FoundationAgents MetaGPT
Exploit for OS Command Injection in Gnu Bash
...
MetaGPT 操作系统命令注入漏洞
MetaGPT is a multi-agent framework developed by MetaGPT Inc. Versions of MetaGPT 0.8.1 and earlier contained a vulnerability related to operating system command injection. This vulnerability stemmed from the Bash.run function in the metagpt/tools/libs/terminal.py library, which could allow attack...
CVE-2026-39862
Tophat, a mobile alkalmazations testing harness, is affected prior to version 2.5.1. A crafted tophat:// or localhost:29070 URL causes the arguments query parameter to flow unsanitized from URL parsing to /bin/bash -c, enabling remote code execution with the developer’s macOS user permissions. An...
EUVD-2026-20455
Command injection in alerts in CoolerControl/coolercontrold 4.0.0 allows authenticated attackers to execute arbitrary code as root via injected bash commands in alert names...
CVE-2026-5208
Command injection in alerts in CoolerControl/coolercontrold 4.0.0 allows authenticated attackers to execute arbitrary code as root via injected bash commands in alert names...
CVE-2026-5208 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in coolercontrold
Command injection in alerts in CoolerControl/coolercontrold 4.0.0 allows authenticated attackers to execute arbitrary code as root via injected bash commands in alert names...
EUVD-2026-19918
dbt enables data analysts and engineers to transform their data using the same practices that software engineers use to build applications. Inside the reusable workflow dbt-labs/actions/blob/main/.github/workflows/open-issue-in-repo.yml, the prep job uses peter-evans/find-comment to search for an...