2 matches found
CVE-2026-39862 Tophat has a Command Injection Vulnerability When Accessing a Maliciously Crafted Tophat Link
Tophat is a mobile applications testing harness. Prior to 2.5.1, Tophat is affected by remote code execution via crafted tophat:// or http://localhost:29070 URLs. The arguments query parameter flows unsanitized from URL parsing through to /bin/bash -c execution, allowing an attacker to execute...
PT-2021-20784 · Foreman +1 · Foreman +1
Name of the Vulnerable Software and Affected Versions: Foreman versions prior to 2.5.0 Description: A flaw in the smart proxy of Foreman, which provides a restful API to various sub-systems, can cause a Man-in-the-Middle attack. The FreeIPA module of Foreman smart proxy does not check the SSL...