Lucene search
K

70967 matches found

EUVD
EUVD
added 2026/04/18 1:16 a.m.4 views

EUVD-2026-23628

Emissary is a P2P based data-driven workflow engine. In versions 8.42.0 and below, Executrix.getCommand is vulnerable to OS command injection because it interpolates temporary file paths into a /bin/sh -c shell command string without any escaping or input validation. The INFILEENDING and...

8.8CVSS5.9AI score0.00861EPSS
Exploits1References2
CVE
CVE
added 2026/04/18 1:16 a.m.14 views

CVE-2026-35582

CVE-2026-35582: Emissary’s Executrix.getCommand() interpolates IN_FILE_ENDING and OUT_FILE_ENDING directly into a /bin/sh -c command string without escaping, enabling local OS command injection when a config place writes shell metacharacters. Connected docs provide concrete details: TempFileNames...

8.8CVSS5.9AI score0.00861EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/18 1:16 a.m.5 views

CVE-2026-35582

Emissary is a P2P based data-driven workflow engine. In versions 8.42.0 and below, Executrix.getCommand is vulnerable to OS command injection because it interpolates temporary file paths into a /bin/sh -c shell command string without any escaping or input validation. The INFILEENDING and...

8.8CVSS5.9AI score0.00861EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/18 1:16 a.m.4 views

CVE-2026-35582 Emissary has an OS Command Injection via Unvalidated IN_FILE_ENDING / OUT_FILE_ENDING in Executrix

Emissary is a P2P based data-driven workflow engine. In versions 8.42.0 and below, Executrix.getCommand is vulnerable to OS command injection because it interpolates temporary file paths into a /bin/sh -c shell command string without any escaping or input validation. The INFILEENDING and...

8.8CVSS5.9AI score0.00861EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/17 10:33 p.m.4 views

Command Injection

Overview studio-42/elfinder is an open-source file manager for web, written in JavaScript using jQuery UI. Affected versions of this package are vulnerable to Command Injection via the resize process when the bg parameter is supplied by a user and is not properly sanitized before being incorporat...

9.8CVSS6.1AI score0.01567EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/17 10:33 p.m.8 views

elFinder: Command injection in resize background color parameter when using ImageMagick CLI

Severity High bg can be injected into shell command construction, leading to possible RCE in affected configurations. Summary elFinder contains a command injection vulnerability in the resize command. The bg background color parameter is accepted from user input and passed through image...

9.8CVSS6.1AI score0.01567EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/04/17 10:23 p.m.11 views

Command Injection

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

9.8CVSS6.2AI score0.00541EPSS
Exploits2References2
OSV
OSV
added 2026/04/17 10:23 p.m.2 views

GHSA-9QHQ-V63V-FV3J PraisonAI has an incomplete fix for CVE-2026-34935 - OS Command Injection

Summary The fix for PraisonAI's MCP command handling does not add a command allowlist or argument validation to parsemcpcommand, allowing arbitrary executables like bash, python, or /bin/sh with inline code execution flags to pass through to subprocess execution. Affected Package - Ecosystem: PyP...

9.8CVSS6.7AI score0.00824EPSS
Exploits2References5
Github Security Blog
Github Security Blog
added 2026/04/17 10:23 p.m.9 views

PraisonAI has an incomplete fix for CVE-2026-34935 - OS Command Injection

Summary The fix for PraisonAI's MCP command handling does not add a command allowlist or argument validation to parsemcpcommand, allowing arbitrary executables like bash, python, or /bin/sh with inline code execution flags to pass through to subprocess execution. Affected Package - Ecosystem: PyP...

9.8CVSS6.9AI score0.00824EPSS
Exploits2References5Affected Software1
Snyk
Snyk
added 2026/04/17 9:53 p.m.4 views

Command Injection

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Command Injection via improper handling of environment variable assignments in argv forms during shell-wrapper detection. An attacker can execute arbitrary commands by injecting specially...

9.2CVSS6AI score0.00407EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/17 9:31 p.m.7 views

EUVD-2026-23534

radare2 prior to commit bc5a890 contains a command injection vulnerability in the afsv/afsvj command path where crafted ELF binaries can embed malicious r2 command sequences as DWARF DWTAGformalparameter names. Attackers can craft a binary with shell commands in DWARF parameter names that execute...

8.5CVSS6.2AI score0.00915EPSS
Exploits1References4
EUVD
EUVD
added 2026/04/17 9:31 p.m.4 views

EUVD-2026-23521

Anviz CX2 Lite is vulnerable to an authenticated command injection via a filename parameter that enables arbitrary command execution e.g., starting telnetd, resulting in root‑level access...

8.8CVSS6AI score0.01787EPSS
Exploits0References4
OSV
OSV
added 2026/04/17 9:24 p.m.4 views

GHSA-W5J3-8FCR-H87W Dolibarr: OS Command Injection (RCE) via MAIN_ODT_AS_PDF configuration

Summary An authenticated administrator can execute arbitrary operating system commands by injecting a malicious payload into the MAINODTASPDF configuration constant. This vulnerability exists because the application fails to properly validate or escape the command path before passing it to the ex...

9.4CVSS6.1AI score0.00922EPSS
Exploits3References4
NVD
NVD
added 2026/04/17 9:16 p.m.9 views

CVE-2026-40527

radare2 prior to commit bc5a890 contains a command injection vulnerability in the afsv/afsvj command path where crafted ELF binaries can embed malicious r2 command sequences as DWARF DWTAGformalparameter names. Attackers can craft a binary with shell commands in DWARF parameter names that execute...

8.5CVSS0.00915EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2026/04/17 9:16 p.m.6 views

CVE-2026-40527

radare2 prior to commit bc5a890 contains a command injection vulnerability in the afsv/afsvj command path where crafted ELF binaries can embed malicious r2 command sequences as DWARF DWTAGformalparameter names. Attackers can craft a binary with shell commands in DWARF parameter names that execute...

8.5CVSS6.1AI score0.00915EPSS
Exploits1References3
OSV
OSV
added 2026/04/17 9:16 p.m.3 views

UBUNTU-CVE-2026-40527

radare2 prior to commit bc5a890 contains a command injection vulnerability in the afsv/afsvj command path where crafted ELF binaries can embed malicious r2 command sequences as DWARF DWTAGformalparameter names. Attackers can craft a binary with shell commands in DWARF parameter names that execute...

8.5CVSS6.1AI score0.00915EPSS
Exploits1References4
CVE
CVE
added 2026/04/17 8:25 p.m.10 views

CVE-2026-23500

Dolibarr Dolibarr ERP/CRM prior to 23.0.0 is vulnerable to OS Command Injection via MAIN_ODT_AS_PDF in odf.php. An authenticated administrator can inject arbitrary commands by injecting into the MAIN_ODT_AS_PDF configuration constant, using command separators to execute as the web server user whe...

9.4CVSS6.5AI score0.00922EPSS
Exploits3References2Affected Software1
Cvelist
Cvelist
added 2026/04/17 8:25 p.m.18 views

CVE-2026-23500 Dolibarr: OS Command Injection (RCE) via MAIN_ODT_AS_PDF configuration

Dolibarr is an enterprise resource planning ERP and customer relationship management CRM software package. In versions prior to 23.0.0 , the ODT to PDF conversion process in odf.php concatenates the MAINODTASPDF configuration constant directly into a shell command passed to exec without...

9.4CVSS0.00922EPSS
Exploits3References2
Vulnrichment
Vulnrichment
added 2026/04/17 8:25 p.m.5 views

CVE-2026-23500 Dolibarr: OS Command Injection (RCE) via MAIN_ODT_AS_PDF configuration

Dolibarr is an enterprise resource planning ERP and customer relationship management CRM software package. In versions prior to 23.0.0 , the ODT to PDF conversion process in odf.php concatenates the MAINODTASPDF configuration constant directly into a shell command passed to exec without...

9.4CVSS6.5AI score0.00922EPSS
Exploits3References2
AlpineLinux
AlpineLinux
added 2026/04/17 8:25 p.m.6 views

CVE-2026-40527

radare2 prior to commit bc5a890 contains a command injection vulnerability in the afsv/afsvj command path where crafted ELF binaries can embed malicious r2 command sequences as DWARF DWTAGformalparameter names. Attackers can craft a binary with shell commands in DWARF parameter names that execute...

8.5CVSS6AI score0.00915EPSS
Exploits1References3
Rows per page
Query Builder