Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the check field in metadata files due to unsafe execution using /bin/bash -c. An attacker can craft malicious metadata that executes arbitrary shell commands on the victim’s system when common uniget operations suc...

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the check field in metadata files due to unsafe execution using /bin/bash -c. An attacker can craft malicious metadata that executes arbitrary shell commands on the victim’s system when common uniget operations suc...

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the check field in metadata files due to unsafe execution using /bin/bash -c. An attacker can craft malicious metadata that executes arbitrary shell commands on the victim’s system when common uniget operations suc...

CVE-2026-45152

CVE-2026-45152 affects uniget prior to 0.27.1, where a command injection is possible via the check field loaded from untrusted JSON metadata. The implementation runs /bin/bash -c on tool.Check, allowing an attacker-controlled value to execute arbitrary shell commands during common operations (des...

CVE-2026-45152 uniget: Command Injection in tool.Check Leading to Arbitrary Code Execution

uniget is a universal installer and updater for container tools. Prior to 0.27.1, a command injection vulnerability exists in uniget due to unsafe execution of the check field from metadata files using /bin/bash -c. Because the check field is loaded directly from untrusted JSON metadata without...

Command Injection

uniget is vulnerable to Command Injection. The vulnerability is due to unsafe execution of the untrusted check field from metadata files through /bin/bash -c without proper validation or sanitization, which allows an attacker to execute arbitrary shell commands on the victim's system...

PT-2026-40728

Name of the Vulnerable Software and Affected Versions uniget versions prior to 0.27.1 Description A command injection issue exists in uniget, a universal installer and updater for container tools. The problem occurs because the check field from JSON metadata files is loaded and executed using...

uniget is Vulnerable to Command Injection in tool.Check Leading to Arbitrary Code Execution

A command injection vulnerability exists in uniget due to unsafe execution of the check field from metadata files using /bin/bash -c. Because the check field is loaded directly from untrusted JSON metadata without validation or sanitization, an attacker can craft malicious metadata that executes...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free in cifsoplockbreak CVE-2025-38527 In the Linux kernel, the following vulnerability has been resolved: can: netlink: canchangelink: fix NULL pointer deref of struct canpriv::dosetmod...

CVE-2025-5117

CVE-2025-5117 describes a privilege-escalation in the WordPress plugin “Property” (Real Estate Directory Listing). The root cause is a missing capability check on the property_package_user_role metadata used when creating a package post, enabling an authenticated user with Author+ privileges to e...

Potential token duplication validation bypass

Lines of code Vulnerability details Impact Potential token duplication validation bypass Proof of Concept The loop statement in init function will check if there is duplicated token for a Well. function initstring memory name, string memory symbol public initializer ERC20Permitinitname;...

Qualcomm 芯片缓冲区错误漏洞

A Qualcomm chip is a chip from Qualcomm Incorporated USA. A way to miniaturize circuits mainly semiconductor devices, but also passive components, etc., and from time to time are manufactured on the surface of semiconductor wafers. The Qualcomm chip suffers from a security vulnerability that stem...