CVE-2026-10214 zhayujie chatgpt-on-wechat Bash Tool bash.py _get_safety_warning os command injection

A weakness has been identified in zhayujie chatgpt-on-wechat up to 2.0.8. This issue affects the function getsafetywarning of the file agent/tools/bash/bash.py of the component Bash Tool. Executing a manipulation can lead to os command injection. The attack can be launched remotely. The exploit h...

EUVD-2026-33535

A weakness has been identified in zhayujie chatgpt-on-wechat up to 2.0.8. This issue affects the function getsafetywarning of the file agent/tools/bash/bash.py of the component Bash Tool. Executing a manipulation can lead to os command injection. The attack can be launched remotely. The exploit h...

CVE-2026-10214

The CVE affects zhayujie chatgpt-on-wechat Bash Tool (up to 2.0.8). The vulnerability is in agent/tools/bash/bash.py, _get_safety_warning, enabling os command injection via manipulated input and allowing remote exploitation. Exploit code is public (PoC), with the patch in version 2.0.9 (commit 16...

python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API

A flaw was found in the Python webbrowser.open API. If a specially crafted URL containing "%action" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution...

PT-2026-45246

A weakness has been identified in zhayujie chatgpt-on-wechat up to 2.0.8. This issue affects the function get safety warning of the file agent/tools/bash/bash.py of the component Bash Tool. Executing a manipulation can lead to os command injection. The attack can be launched remotely. The exploit...

PT-2026-45500

A vulnerability was identified in hiraishikentaro wezterm-mcp 0.1.0. The affected element is an unknown function of the file src/wezterm executor.ts of the component switch pane/write to specific pane. The manipulation of the argument request.params.arguments.pane id leads to os command injection...

CowAgent 操作系统命令注入漏洞

CowAgent is an intelligent assistant and scalable agent framework developed by zhayujie’s individual developer. Versions of CowAgent 2.0.8 and earlier had a vulnerability related to operating system command injection. This vulnerability stems from the getsafetywarning function in the...

launch-editor 命令注入漏洞

Launch-editor is a Vite open-source tool that allows opening an editor from Node.js and navigating to a specified row and column. Versions of Launch-editor prior to 2.9.0 had a command injection vulnerability. This vulnerability stemmed from insufficient cleanup of the file parameter, which could...

php-censor 操作系统命令注入漏洞

php-censor is a continuous integration server for the open-source PHP project PHP Censor. Versions of php-censor 2.1.6 and earlier contain an operating system command injection vulnerability. This vulnerability stems from incorrect handling of the commitId parameter in the file...

WezTerm MCP Server 操作系统命令注入漏洞

WezTerm MCP Server is a terminal control and interaction tool developed by Kentaro Hiraishi. Version 0.1.0 of WezTerm MCP Server contains a vulnerability related to operating system command injection. This vulnerability stems from incorrect operations in the switchpane/writetospecificpane...

goclaw 操作系统命令注入漏洞

Goclaw is an open-source multi-tenant AI agent platform developed by Next Level Builder. Goclaw versions 3.11.3 and earlier contained a vulnerability related to operating system command injection. This vulnerability originated from the FsBridge.WriteFile function in the internal/sandbox/fsbridge....

PT-2026-45251

A vulnerability was found in nextlevelbuilder GoClaw up to 3.11.3. This impacts the function FsBridge.WriteFile of the file internal/sandbox/fsbridge.go of the component write file Tool. Performing a manipulation results in os command injection. The attack is possible to be carried out remotely...

📄 dwol 1.0.0 Command Injection

This Python script is a security auditing tool designed to assess a potential unauthenticated command injection vulnerability in dwol. It interacts with the target application's API to register test machines and inject controlled payloads into the host parameter to determine whether arbitrary...

PT-2026-45449

A vulnerability was found in php-censor up to 2.1.6. This affects an unknown function of the file src/Model/Build/GitBuild.php of the component Webhook Endpoint. Performing a manipulation of the argument commitId results in os command injection. The attack can be initiated remotely. The exploit h...

openSUSE 16 Security Update : vim (openSUSE-SU-2026:20828-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20828-1 advisory. This update for vim fixes the following issues - CVE-2026-39881: command injection in NetBeans interface can lead to arbitrary file reads and...

Exploit for CVE-2022-25765

CVE-2022-25765 — Command Injection in pdfkit Descripción...

CVE-2026-10182

A vulnerability was determined in TRENDnet TEW-432BRP 3.10B20. The impacted element is the function formWlanSetup of the file /goform/formWlanSetup. Executing a manipulation of the argument enrollee can lead to command injection. The attack can be launched remotely. The exploit has been publicly...

CVE-2026-10182 TRENDnet TEW-432BRP formWlanSetup command injection

A vulnerability was determined in TRENDnet TEW-432BRP 3.10B20. The impacted element is the function formWlanSetup of the file /goform/formWlanSetup. Executing a manipulation of the argument enrollee can lead to command injection. The attack can be launched remotely. The exploit has been publicly...

CVE-2026-10182 TRENDnet TEW-432BRP formWlanSetup command injection

A vulnerability was determined in TRENDnet TEW-432BRP 3.10B20. The impacted element is the function formWlanSetup of the file /goform/formWlanSetup. Executing a manipulation of the argument enrollee can lead to command injection. The attack can be launched remotely. The exploit has been publicly...

CVE-2026-10182

A vulnerability was determined in TRENDnet TEW-432BRP 3.10B20. The impacted element is the function formWlanSetup of the file /goform/formWlanSetup. Executing a manipulation of the argument enrollee can lead to command injection. The attack can be launched remotely. The exploit has been publicly...