CVE-2026-45792

Vulnerability summary (CVE-2026-45792) RTK (Rust Token Killer) prior to 0.32.0 trusts project-local configuration by auto-loading the highest-priority .rtk/filters.toml without user notification. An attacker with repository access can place a malicious filter to modify shell command output before...

CVE-2026-45792

rtk filters and compresses command outputs before they reach your LLM context. Prior to 0.32.0, RTK Rust Token Killer improperly trusts project-local configuration files. RTK automatically loads .rtk/filters.toml from the working directory with highest priority and without user notification. An...

Malicious code in event-metrics-q3x7 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9b805c0ac88b45f49b1698fb9ea33e00767380544221d574a0da0e0f526d07f8 On install, package.json runs a postinstall hook node run.js that triggers beacon scripts beacon20.js, beaconlinux.js shipped in the tarball. The...

EUVD-2019-19740

NetGain EM Plus 10.1.68 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands by submitting malicious parameters to the scripttest.jsp endpoint. Attackers can send POST requests with shell commands embedded in the 'content'...

CVE-2026-28269

Kiteworks is a private data network PDN. Prior to version 9.2.0, avulnerability in Kiteworks command execution functionality allows authenticated users to redirect command output to arbitrary file locations. This could be exploited to overwrite critical system files and gain elevated access...

Output Injection

Badkeys is vulnerable to output injection. The vulnerability is due to improper handling and sanitization of control characters in input, which allows an attacker to inject malicious content that produces misleading or manipulated command-line output when scanning DKIM keys, SSH keys, or filename...

EUVD-2022-38393

Malicious code in bioql PyPI...

Exploit for Code Injection in Langflow

mitsec - CVE-2025-3248 Langflow RCE Exploit Remote Code Execu...

CVE-2025-49141

HAX CMS PHP allows users to manage their microsite universe with a PHP backend. Prior to version 11.0.3, the gitImportSite functionality obtains a URL string from a POST request and insufficiently validates user input. The setremote function later passes this input into procopen, yielding OS...

CVE-2022-35505

A segmentation fault in TripleCross v0.1.0 occurs when sending a control command from the client to the server. This occurs because there is no limit to the length of the output of the executed command...

CVE-2025-2157 Foreman: disclosure of executed commands and outputs in foreman / red hat satellite

A flaw was found in Foreman/Red Hat Satellite. Improper file permissions allow low-privileged OS users to monitor and access temporary files under /var/tmp, exposing sensitive command outputs, such as /etc/shadow. This issue can lead to information disclosure and privilege escalation if exploited...

Exploit for Unrestricted Upload of File with Dangerous Type in Avaya Aura_Device_Services

CVE-2023-3722 Python POC for CVE-2023-3722 Avaya Aura Device S...

RUSTSEC-2024-0364 gitoxide-core does not neutralize special characters for terminals

Summary The gix and ein commands write pathnames and other metadata literally to terminals, even if they contain characters terminals treat specially, including ANSI escape sequences. This sometimes allows an untrusted repository to misrepresent its contents and to alter or concoct error messages...

A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. The ExecSync request runs commands in a container and logs the output of the command. This output is then read by CRI-O after command execution and it is read in a manner where the entire file corresponding to the output of the command is read in. Thus if the output of the command is large it is possible to exhaust the memory or the disk space of the node when CRI-O reads the output of the command. The highest threat from this vulnerability is system availability.

...

Exploit for Improper Neutralization of Escape, Meta, or Control Sequences in Kernel Util-Linux

Wall-Escape CVE-2024-28085 The util-linux wall command does...

cri-o: memory exhaustion on the node when access to the kube api

A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. The ExecSync request runs commands in a container and logs the output of the command. This output is then read by CRI-O after command execution, and it is read in a...

cri-o: memory exhaustion on the node when access to the kube api

A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. The ExecSync request runs commands in a container and logs the output of the command. This output is then read by CRI-O after command execution, and it is read in a...

CVE-2022-35505

A segmentation fault in TripleCross v0.1.0 occurs when sending a control command from the client to the server. This occurs because there is no limit to the length of the output of the executed command...

CVE-2022-35505

A segmentation fault in TripleCross v0.1.0 occurs when sending a control command from the client to the server. This occurs because there is no limit to the length of the output of the executed command...

CVE-2022-35505

A segmentation fault in TripleCross v0.1.0 occurs when sending a control command from the client to the server. This occurs because there is no limit to the length of the output of the executed command...