70842 matches found
EUVD-2026-29084
OS command injection CWE-78 vulnerability in pgAdmin 4 Import/Export query export. User-supplied input was interpolated directly into a psql \copy metacommand template without sanitization. An authenticated user could inject " TO PROGRAM 'cmd'" to break out of the \copy ... context and achieve...
pgAdmin 4: OS command injection vulnerability in Import/Export query export
OS command injection CWE-78 vulnerability in pgAdmin 4 Import/Export query export. User-supplied input was interpolated directly into a psql \copy metacommand template without sanitization. An authenticated user could inject " TO PROGRAM 'cmd'" to break out of the \copy ... context and achieve...
GHSA-J74F-G7VX-FH4X pgAdmin 4: OS command injection vulnerability in Import/Export query export
OS command injection CWE-78 vulnerability in pgAdmin 4 Import/Export query export. User-supplied input was interpolated directly into a psql \copy metacommand template without sanitization. An authenticated user could inject " TO PROGRAM 'cmd'" to break out of the \copy ... context and achieve...
EUVD-2026-29054
GPT-Pilot thru commit 0819827ce20346ef5f25b3fe29293cb448840565 2025-09-03 contains a command injection vulnerability CWE-78 in the Executor.run method. During project execution, when the system prompts the user to confirm or modify a command to be run, it accepts free-text input without proper...
GPT-Pilot contains a command injection vulnerability in the Executor.run() method
GPT-Pilot thru commit 0819827ce20346ef5f25b3fe29293cb448840565 2025-09-03 contains a command injection vulnerability CWE-78 in the Executor.run method. During project execution, when the system prompts the user to confirm or modify a command to be run, it accepts free-text input without proper...
Command Injection
Overview gpt-pilot is a GPT Pilot - an AI developer that works with you to build complex projects Affected versions of this package are vulnerable to Command Injection via the Executor.run function. An attacker can execute arbitrary shell commands by supplying crafted input that is passed directl...
GHSA-M85W-WHWH-QVFX GPT-Pilot contains a command injection vulnerability in the Executor.run() method
GPT-Pilot thru commit 0819827ce20346ef5f25b3fe29293cb448840565 2025-09-03 contains a command injection vulnerability CWE-78 in the Executor.run method. During project execution, when the system prompts the user to confirm or modify a command to be run, it accepts free-text input without proper...
CVE-2026-36983
D-Link DCS-932L v2.18.01 is vulnerable to Command Injection in the function sub42EF14 of the file /bin/alphapd. The manipulation of the argument LightSensorControl leads to command injection...
CVE-2026-30635
Command injection vulnerability in automagik-genie 2.5.27 MCP Server allows attackers to execute arbitrary commands via the viewtask aka view in the readTranscriptFromCommit function in dist/mcp/server.js when a user reads from an external FORGEBASEURL...
Command Injection
Overview @wdio/browserstack-service is a WebdriverIO service for better Browserstack integration Affected versions of this package are vulnerable to Command Injection via the getGitMetadataForAISelection function. An attacker can execute arbitrary commands on the host system by supplying a...
WebdriverIO BrowserStack Service has a Command Injection issue
Summary A command injection vulnerability exists in @wdio/browserstack-service that allows remote code execution RCE when processing git branch names in test orchestration. An attacker can exploit this by providing a malicious git repository with a branch name containing shell command injection...
GHSA-5C46-X3QW-Q7J7 WebdriverIO BrowserStack Service has a Command Injection issue
Summary A command injection vulnerability exists in @wdio/browserstack-service that allows remote code execution RCE when processing git branch names in test orchestration. An attacker can exploit this by providing a malicious git repository with a branch name containing shell command injection...
CVE-2026-7816
OS command injection CWE-78 vulnerability in pgAdmin 4 Import/Export query export. User-supplied input was interpolated directly into a psql \copy metacommand template without sanitization. An authenticated user could inject " TO PROGRAM 'cmd'" to break out of the \copy ... context and achieve...
CVE-2026-31246
GPT-Pilot thru commit 0819827ce20346ef5f25b3fe29293cb448840565 2025-09-03 contains a command injection vulnerability CWE-78 in the Executor.run method. During project execution, when the system prompts the user to confirm or modify a command to be run, it accepts free-text input without proper...
CVE-2026-7816
OS command injection CWE-78 vulnerability in pgAdmin 4 Import/Export query export. User-supplied input was interpolated directly into a psql \copy metacommand template without sanitization. An authenticated user could inject " TO PROGRAM 'cmd'" to break out of the \copy ... context and achieve...
CVE-2026-7816
The CVE-2026-7816 entry describes an OS command injection in pgAdmin 4 Import/Export query export. User input was directly interpolated into a psql \copy metacommand template without sanitization, allowing an authenticated user to inject commands to break out of the \copy context and execute arbi...
CVE-2026-7816 pgAdmin 4: OS command injection in Import/Export query export via psql metacommand breakout
OS command injection CWE-78 vulnerability in pgAdmin 4 Import/Export query export. User-supplied input was interpolated directly into a psql \copy metacommand template without sanitization. An authenticated user could inject " TO PROGRAM 'cmd'" to break out of the \copy ... context and achieve...
CVE-2026-7816 pgAdmin 4: OS command injection in Import/Export query export via psql metacommand breakout
OS command injection CWE-78 vulnerability in pgAdmin 4 Import/Export query export. User-supplied input was interpolated directly into a psql \copy metacommand template without sanitization. An authenticated user could inject " TO PROGRAM 'cmd'" to break out of the \copy ... context and achieve...
Dockerfile command injection via envs[*].name in bentofile.yaml (sibling fix-bypass of CVE-2026-33744 and CVE-2026-35043)
BentoML envs.name Dockerfile command injection — sibling of CVE-2026-33744 / CVE-2026-35043 A malicious bentofile.yaml containing a newline-injected value in envs.name produces unquoted RUN directives in the BentoML-generated Dockerfile. When the victim runs bentoml containerize on the imported...
GHSA-W2PM-X38X-JP44 Dockerfile command injection via envs[*].name in bentofile.yaml (sibling fix-bypass of CVE-2026-33744 and CVE-2026-35043)
BentoML envs.name Dockerfile command injection — sibling of CVE-2026-33744 / CVE-2026-35043 A malicious bentofile.yaml containing a newline-injected value in envs.name produces unquoted RUN directives in the BentoML-generated Dockerfile. When the victim runs bentoml containerize on the imported...