CVE-2026-28732 Slash command trigger-word update allowed command hijacking

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 Fail to enforce slash command trigger-word uniqueness during command updates which allows an authenticated team member with Manage Own Slash Commands permission to hijack and impersonate existing system or custom slash...

EUVD-2024-2428

Malicious code in bioql PyPI...

CVE-2025-8943 Unsupervised OS command execution leads to remote code execution by unauthenticated network attackers

The Custom MCPs feature is designed to execute OS commands, for instance, using tools like npx to spin up local MCP Servers. However, Flowise's inherent authentication and authorization model is minimal and lacks role-based access controls RBAC. Furthermore, in Flowise versions before 3.0.1 the...

CVE-2025-8943

Flowise CVE-2025-8943 affects Flowise versions before 3.0.1. The vulnerability resides in the Custom MCPs feature, specifically the /api/v1/node-load-method/customMCP endpoint, where insufficient authentication/authorization allows unauthenticated network attackers to execute OS commands unsandbo...

CVE-2024-41815

Starship is a cross-shell prompt. Starting in version 1.0.0 and prior to version 1.20.0, undocumented and unpredictable shell expansion and/or quoting rules make it easily to accidentally cause shell injection when using custom commands with starship in bash. This issue only affects users with...

SUSE CVE-2024-41815

Starship is a cross-shell prompt. Starting in version 1.0.0 and prior to version 1.20.0, undocumented and unpredictable shell expansion and/or quoting rules make it easily to accidentally cause shell injection when using custom commands with starship in bash. This issue only affects users with...

GHSA-VX24-X4MV-VWR5 Starship vulnerable to shell injection via undocumented, unpredictable shell expansion in custom commands

Description Starship is a cross-shell prompt. Starting in version 1.0.0 and prior to version 1.20.0, undocumented and unpredictable shell expansion and/or quoting rules make it easily to accidentally cause shell injection when using custom commands with starship in bash. Version 1.20.0 fixes the...

Starship vulnerable to shell injection via undocumented, unpredictable shell expansion in custom commands

Description Starship is a cross-shell prompt. Starting in version 1.0.0 and prior to version 1.20.0, undocumented and unpredictable shell expansion and/or quoting rules make it easily to accidentally cause shell injection when using custom commands with starship in bash. Version 1.20.0 fixes the...

CVE-2024-41815

Starship is a cross-shell prompt. Starting in version 1.0.0 and prior to version 1.20.0, undocumented and unpredictable shell expansion and/or quoting rules make it easily to accidentally cause shell injection when using custom commands with starship in bash. This issue only affects users with...

CVE-2024-41815 Starship vulnerable to shell injection via undocumented, unpredictable shell expansion in custom commands

Starship is a cross-shell prompt. Starting in version 1.0.0 and prior to version 1.20.0, undocumented and unpredictable shell expansion and/or quoting rules make it easily to accidentally cause shell injection when using custom commands with starship in bash. This issue only affects users with...

CVE-2024-41815 Starship vulnerable to shell injection via undocumented, unpredictable shell expansion in custom commands

Starship is a cross-shell prompt. Starting in version 1.0.0 and prior to version 1.20.0, undocumented and unpredictable shell expansion and/or quoting rules make it easily to accidentally cause shell injection when using custom commands with starship in bash. This issue only affects users with...

CVE-2024-41815

Starship (shell prompt) is affected by CVE-2024-41815: before 1.20.0, undocumented shell expansion/quoting in custom commands can lead to shell injection in Bash. Impact is limited to users with custom commands, but local exploitation is possible. Version 1.20.0 contains the fix; upgrade to mitig...

CVE-2024-41815 Starship vulnerable to shell injection via undocumented, unpredictable shell expansion in custom commands

Starship is a cross-shell prompt. Starting in version 1.0.0 and prior to version 1.20.0, undocumented and unpredictable shell expansion and/or quoting rules make it easily to accidentally cause shell injection when using custom commands with starship in bash. This issue only affects users with...

CVE-2024-41815

Starship is a cross-shell prompt. Starting in version 1.0.0 and prior to version 1.20.0, undocumented and unpredictable shell expansion and/or quoting rules make it easily to accidentally cause shell injection when using custom commands with starship in bash. This issue only affects users with...

RUSTSEC-2024-0446 Shell expansion in custom commands

Summary Undocumented and unpredictable shell expansion and/or quoting rules make it easily to accidentally cause shell injection when using custom commands with starship in bash. Details I wanted to show the git commit name in my prompt I use bash, so I added a command: custom.gitcommitname comma...

Shell expansion in custom commands

Summary Undocumented and unpredictable shell expansion and/or quoting rules make it easily to accidentally cause shell injection when using custom commands with starship in bash. Details I wanted to show the git commit name in my prompt I use bash, so I added a command: custom.gitcommitname comma...

PT-2024-29581 · Starship · Starship

Name of the Vulnerable Software and Affected Versions: Starship versions 1.0.0 through 1.19.x Description: Starship is a cross-shell prompt that has undocumented and unpredictable shell expansion and/or quoting rules, making it easy to accidentally cause shell injection when using custom commands...

MSSqlPwner - An Advanced And Versatile Pentesting Tool Designed To Seamlessly Interact With MSSQL Servers And Based On Impacket

MSSqlPwner is an advanced and versatile pentesting tool designed to seamlessly interact with MSSQL servers and based on Impacket. The MSSqlPwner tool empowers ethical hackers and security professionals to conduct comprehensive security assessments on MSSQL environments. With MSSqlPwner, users can...

Exploit for Code Injection in Vmware Spring_Cloud_Function

CVE-2022-22963 Exploit This repository contains a Rust-based e...

Apache Ambari Improper Access Control

Custom commands may be executed on Ambari Agent 2.4.x, before 2.4.2 hosts without authorization, leading to unauthorized access to operations that may affect the underlying system. Such operations are invoked by the Ambari Agent process on Ambari Agent hosts, as the user executing the Ambari Agen...