70933 matches found
Command Injection
Overview @google/gemini-cli is a Gemini CLI Affected versions of this package are vulnerable to Command Injection via the processing of untrusted workspace folders in headless mode and the handling of tool allowlisting under --yolo mode. An attacker can execute arbitrary code by submitting...
CVE-2026-41411
Vim is an open source, command line text editor. Prior to 9.2.0357, A command injection vulnerability exists in Vim's tag file processing. When resolving a tag, the filename field from the tags file is passed through wildcard expansion to resolve environment variables and wildcards. If the filena...
CVE-2026-41411 Vim: Command injection via backtick expansion in tag filenames
Vim is an open source, command line text editor. Prior to 9.2.0357, A command injection vulnerability exists in Vim's tag file processing. When resolving a tag, the filename field from the tags file is passed through wildcard expansion to resolve environment variables and wildcards. If the filena...
EUVD-2026-25575
Vim is an open source, command line text editor. Prior to 9.2.0357, A command injection vulnerability exists in Vim's tag file processing. When resolving a tag, the filename field from the tags file is passed through wildcard expansion to resolve environment variables and wildcards. If the filena...
CVE-2026-41411 Vim: Command injection via backtick expansion in tag filenames
Vim is an open source, command line text editor. Prior to 9.2.0357, A command injection vulnerability exists in Vim's tag file processing. When resolving a tag, the filename field from the tags file is passed through wildcard expansion to resolve environment variables and wildcards. If the filena...
CVE-2026-41411
Vim is an open source, command line text editor. Prior to 9.2.0357, A command injection vulnerability exists in Vim's tag file processing. When resolving a tag, the filename field from the tags file is passed through wildcard expansion to resolve environment variables and wildcards. If the filena...
CVE-2026-41411
Vim (before version 9.2.0357) contains a local command-injection vulnerability in tag file processing. When resolving a tag, Vim passes the filename field from the tags file through wildcard expansion, enabling backtick syntax (e.g., command) that can execute arbitrary commands via the system she...
Arbitrary Command Injection
Overview @anthropic-ai/claude-code is an Use Claude, Anthropic's AI assistant, right from your terminal. Claude can understand your codebase, edit files, run terminal commands, and handle entire workflows for you. Affected versions of this package are vulnerable to Arbitrary Command Injection via...
CVE-2026-6349
The iSherlock developed by HGiga has an OS Command Injection vulnerability, allowing unauthenticated local attackers to inject arbitrary OS commands and execute them on the server...
CISA Adds Four Known Exploited Vulnerabilities to Catalog
CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2024-7399link is external Samsung MagicINFO 9 Server Path Traversal Vulnerability CVE-2024-57726link is external SimpleHelp Missing Authorization Vulnerability...
Security update for vim
This update for vim fixes the following issues: Update to version 9.2.0280. CVE-2026-34982: missing input validation allows for a modeline sandbox bypass and can lead to arbitrary OS command execution bsc1261271. CVE-2026-34714: missing checks allow for a tabpanel modeline escape and can lead to...
SUSE-SU-2026:1607-1 Security update for vim
This update for vim fixes the following issues: Update to version 9.2.0280. - CVE-2026-34982: missing input validation allows for a modeline sandbox bypass and can lead to arbitrary OS command execution bsc1261271. - CVE-2026-34714: missing checks allow for a tabpanel modeline escape and can lead...
Exploit for OS Command Injection in Gnu Bash
CVE-201...
CVE-2026-33208
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the /config/ /find-in-config endpoint in Roxy-WI fails to sanitize the user-supplied words parameter before embedding it into a shell command string that is subsequently executed on a...
SUSE CVE-2026-40517
radare2 prior to 6.1.4 contains a command injection vulnerability in the PDB parser's printgvars function that allows attackers to execute arbitrary commands by crafting a malicious PDB file with newline characters in symbol names. Attackers can inject arbitrary radare2 commands through unsanitiz...
TOTOLINK A3300R stunServerAddr Parameter OS Command Injection Vulnerability
TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. An operating system command injection vulnerability exists in the TOTOLINK A3300R stunServerAddr parameter, which originates from the cstecgi.cgi file failing to properly validate the stunServerAddr parameter, which can ...
TOTOLINK A3300R pppoeServiceName Parameter Command Injection Vulnerability
TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK A3300R pppoeServiceName parameter suffers from a command injection vulnerability that stems from the cstecgi.cgi file failing to properly validate the pppoeServiceName parameter, which can be exploited by an...
TOTOLINK A3300R stun_user parameter command injection vulnerability
TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK A3300R stunuser parameter, which originates from the failure of the stunuser parameter in the cstecgi.cgi file to properly validate user input, and can be exploite...
TOTOLINK A3300R informEnable Parameter Command Injection Vulnerability
The TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK A3300R informEnable parameter, which stems from the cstecgi.cgi file failing to properly validate the informEnable parameter and can be exploited by an attacke...
TOTOLINK A3300R ttlWay Parameter Command Injection Vulnerability
TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK A3300R ttlWay parameter, which can be exploited by an attacker to execute arbitrary commands by sending malicious data to the ttlWay parameter of...