CVE-2026-8210

A security vulnerability has been detected in aandrew-me tgpt up to 2.11.1 on Linux/macOS. Affected by this vulnerability is the function helper.Update of the file helper.go of the component Update Handler. The manipulation leads to command injection. Local access is required to approach this...

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the helper.Update function. An attacker can execute arbitrary system commands by providing crafted input to the update process. Remediation There is no fixed version for...

PT-2026-39416

Name of the Vulnerable Software and Affected Versions andrew-me tgpt versions prior to 2.11.2 Description Command injection is possible in the Update Handler component via the Update function within the helper.go file. This issue requires local access to be exploited. Recommendations Update to a...

Medium: amazon-ecr-credential-helper

Issue Overview: The various Is methods IsPrivate, IsLoopback, etc did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms. CVE-2024-24790 Affected Packages: amazon-ecr-credential-helper Issue Correction: Run dn...