7 matches found
PT-2026-24106
Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.23.22 and earlier, the PostgreSQL integration constructs shell commands using user-controlled configuration values database name, host, password, etc. without proper sanitization. The password and other...
CVE-2025-68144
In mcp-server-git versions prior to 2025.12.17, the gitdiff and gitcheckout functions passed user-controlled arguments directly to git CLI commands without sanitization. Flag-like values e.g., --output=/path/to/file for gitdiff would be interpreted as command-line options rather than git refs,...
EUVD-2018-7246
Malware in sbrugna...
CVE-2019-9467
In the Bootloader, there is a possible kernel command injection due to missing command sanitization. This could lead to a local elevation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...
SUSE-SU-2024:1536-1 Security update for flatpak
This update for flatpak fixes the following issues: - CVE-2024-32462: Fixed arbitrary code execution outside sandbox via malicious app due to insufficient 'command' argument sanitization bsc1223110...
The vulnerability of the operating system for managing Synology Router Manager allows a hacker to execute arbitrary commands.
The vulnerability of the Synology Router Manager operating system exists because measures to neutralize special elements used in the operating system commands are not taken. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...
Design/Logic Flaw
enpeem through 2.2.0 allows execution of arbitrary commands. The "options.dir" argument is provided to the "exec" function without any sanitization...