146390 matches found
CVE-2026-44287
FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, the JavaScript sandbox worker at projects/code-sandbox/src/pool/worker.ts:356 blocks dynamic import with the regex /\bimport\s/.testcode. JavaScript syntax accepts a block comment between import and ; the regex matches only ASCII...
Command Injection
Overview Affected versions of this package are vulnerable to Command Injection in the path query parameter of the volume browser endpoint, which is passed unsanitized to a shell command. An attacker can execute arbitrary commands within the helper container by injecting shell metacharacters into...
Command Injection
Overview Affected versions of this package are vulnerable to Command Injection in the path query parameter of the volume browser endpoint, which is passed unsanitized to a shell command. An attacker can execute arbitrary commands within the helper container by injecting shell metacharacters into...
Command Injection
Overview Affected versions of this package are vulnerable to Command Injection in the path query parameter of the volume browser endpoint, which is passed unsanitized to a shell command. An attacker can execute arbitrary commands within the helper container by injecting shell metacharacters into...
CVE-2026-49367
In JetBrains IntelliJ IDEA before 2026.1.1 command execution was possible via the guest user account...
CVE-2026-49366
In JetBrains IntelliJ IDEA before 2026.1.1 command injection was possible via filename completion...
CVE-2026-45324 Rizin: Double free in cmd_search.c
Rizin is a UNIX-like reverse engineering framework and command-line toolset. There is a double free in librz/core/cmd/cmdsearch.c:bytepatternsearch due wrong pointer ownership declared. This vulnerability is fixed by commit 045fff363b42b8a6dda8ad5229c29ec3267e7dbe...
CVE-2026-45630
Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.28.8 and earlier, authenticated OS command injection in the application.updateTraefikConfig tRPC endpoint allows admin/owner users to execute arbitrary system commands on remote servers via unsanitized echo shell interpolation...
CVE-2026-45633
Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.26.6 and earlier, Dokploy contains a command injection vulnerability in the /docker-container-logs WebSocket endpoint. The tail and since parameters are not validated and are directly concatenated into shell commands, allowing...
CVE-2026-49367
In JetBrains IntelliJ IDEA before 2026.1.1 command execution was possible via the guest user account...
EUVD-2026-33415
In JetBrains IntelliJ IDEA before 2026.1.1 command execution was possible via the guest user account...
CVE-2026-49367
In JetBrains IntelliJ IDEA before 2026.1.1 command execution was possible via the guest user account...
CVE-2026-49367
In JetBrains IntelliJ IDEA before 2026.1.1 command execution was possible via the guest user account...
CVE-2026-49367
CVE-2026-49367 affects JetBrains IntelliJ IDEA prior to 2026.1.1. The issue enables command execution via the guest user account. The available sources in the provided documents describe the vulnerability at a high level (guest-user-triggered command execution) without detailing the exact exploit...
CVE-2026-49366
In JetBrains IntelliJ IDEA before 2026.1.1 command injection was possible via filename completion...
CVE-2026-49366
In JetBrains IntelliJ IDEA before 2026.1.1 command injection was possible via filename completion...
EUVD-2026-33414
In JetBrains IntelliJ IDEA before 2026.1.1 command injection was possible via filename completion...
CVE-2026-49366
In JetBrains IntelliJ IDEA before 2026.1.1 command injection was possible via filename completion...
CVE-2026-49366
CVE-2026-49366 affects JetBrains IntelliJ IDEA prior to 2026.1.1. The issue enables command injection via filename completion, with CVSSv3.1 base score 7.8 (HIGH) and user interaction required. The root cause is not detailed in the provided documents; affected component is IntelliJ IDEA’s filenam...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization via host resolution in the CLI authentication layer. An attacker can obtain authentication tokens intended for GitHub or GitHub Enterprise by causing authenticated requests to be sent to external hosts, as the ho...