70984 matches found
PT-2026-33435
A vulnerability was found in Wavlink WL-WN530H4 20220721. This vulnerability affects the function strcat/snprintf of the file /cgi-bin/internet.cgi. The manipulation results in os command injection. It is possible to launch the attack remotely. The exploit has been made public and could be used...
FreeBSD : python -- more webbrowser.open() command injection vulnerabilities (cf75f572-378a-11f1-a119-e36228bfe7d4)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the cf75f572-378a-11f1-a119-e36228bfe7d4 advisory. Seth Larson reports: CVE-2026-4786 Incomplete mitigation of CVE-2026-4519, %action expansion for comman...
MiracleLinux 9 : vim-8.2.2637-23.el9_7.2.ML.1 (AXSA:2026-447:08)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-447:08 advisory. vim: Vim: Arbitrary code execution via OS command injection in the netrw plugin CVE-2026-28417 vim: Vim: Denial of service and information disclosure...
BIT-PYTHON-MIN-2026-4786 Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()
Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open" API could have commands injected into the underlying shell. See CVE-2026-4519 for details...
BIT-PYTHON-2026-4786 Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()
Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open" API could have commands injected into the underlying shell. See CVE-2026-4519 for details...
BIT-MLFLOW-2026-0596 Command Injection in mlflow/mlflow
A command injection vulnerability exists in mlflow/mlflow when serving a model with enablemlserver=True. The modeluri is embedded directly into a shell command executed via bash -c without proper sanitization. If the modeluri contains shell metacharacters, such as $ or backticks, it allows for...
BIT-MLFLOW-2025-14287 Command Injection in mlflow/mlflow
A command injection vulnerability exists in mlflow/mlflow versions before v3.7.0, specifically in the mlflow/sagemaker/init.py file at lines 161-167. The vulnerability arises from the direct interpolation of user-supplied container image names into shell commands without proper sanitization, whic...
BIT-LIBPYTHON-2026-4786 Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()
Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open" API could have commands injected into the underlying shell. See CVE-2026-4519 for details...
SUSE CVE-2026-41015
radare2 before 9236f44, when configured on UNIX without SSL, allows command injection via a PDB name to rabin2 -PP. NOTE: although users are supposed to use the latest version from git not a release, the date range for the vulnerable code was less than a week, occurring after 6.1.2 but before 6.1...
K000160853: Multiple Vim vulnerabilities
Security Advisory Description CVE-2026-28417 Vim is an open source, command line text editor. Prior to version 9.2.0073, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim. By inducing a user to open a crafted URL e.g., using the scp:// protocol handler, an...
Command Injection
Overview Affected versions of this package are vulnerable to Command Injection via the cleanupCommand field in the PATCH /api/execution-workspaces/:id endpoint, which is stored and later executed by the server without input validation or sanitization. An attacker can execute arbitrary system...
GHSA-VR7G-88FQ-VHQ3 Paperclip: OS Command Injection via Execution Workspace cleanupCommand
| Field | Value | |-------|-------| | Affected Software | Paperclip AI v2026.403.0 | | Affected Component | Execution Workspace lifecycle workspace-runtime.ts | | Affected Endpoint | PATCH /api/execution-workspaces/:id | | Deployment Modes | All — localtrusted zero auth, authenticated any company...
Paperclip: OS Command Injection via Execution Workspace cleanupCommand
| Field | Value | |-------|-------| | Affected Software | Paperclip AI v2026.403.0 | | Affected Component | Execution Workspace lifecycle workspace-runtime.ts | | Affected Endpoint | PATCH /api/execution-workspaces/:id | | Deployment Modes | All — localtrusted zero auth, authenticated any company...
Arbitrary Command Injection
Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the spawn function. An attacker can execute arbitrary shell commands on the server and access sensitive environment variables, including API keys, authentication secrets, and database credentials, by...
Arbitrary Command Injection
Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the spawn function. An attacker can execute arbitrary shell commands on the server and access sensitive environment variables, including API keys, authentication secrets, and database credentials, by...
Arbitrary Command Injection
Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the spawn function. An attacker can execute arbitrary shell commands on the server and access sensitive environment variables, including API keys, authentication secrets, and database credentials, by...
GHSA-XR6F-H4X7-R6QP WWBN AVideo: RCE cause by clonesite plugin
Description Summary The cloneServer.json.php endpoint in the CloneSite plugin constructs shell commands using user-controlled input url parameter without proper sanitization. The input is directly concatenated into a wget command executed via exec, allowing command injection. An attacker can inje...
WWBN AVideo: RCE cause by clonesite plugin
Description Summary The cloneServer.json.php endpoint in the CloneSite plugin constructs shell commands using user-controlled input url parameter without proper sanitization. The input is directly concatenated into a wget command executed via exec, allowing command injection. An attacker can inje...
Command Injection
Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Command Injection in the cloneServer.json.php endpoint of the CloneSite plugin, where user-controlled input is concatenated into a shell command without proper...
Command Injection
Overview electerm is an open-sourced terminal/ssh/telnet/serialport/sftp client Affected versions of this package are vulnerable to Command Injection via the runMac and runLinux functions. An attacker can execute arbitrary system commands and compromise the system by supplying malicious remote...