CVE-2026-44887

Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Alert's web-based configuration editor allows arbitrary Python code to be injected into pialert.conf. Since the background scan daemon loads this file via Python's exec, injected code executes as the...

GHSA-G3XQ-3GMV-QQ8G claude-code-cache-fix vulnerable to local code execution via Python triple-quote injection in tools/quota-statusline.sh

Summary tools/quota-statusline.sh introduced in v3.5.0 interpolates Claude Code's hook stdin payload directly into a Python triple-quoted string literal. A ''' byte sequence in any user-controlled field of the payload closes the literal early and lets following bytes execute as Python in the user...

claude-code-cache-fix vulnerable to local code execution via Python triple-quote injection in tools/quota-statusline.sh

Summary tools/quota-statusline.sh introduced in v3.5.0 interpolates Claude Code's hook stdin payload directly into a Python triple-quoted string literal. A ''' byte sequence in any user-controlled field of the payload closes the literal early and lets following bytes execute as Python in the user...

CVE-2026-7066

A vulnerability was found in choieastsea simple-openstack-mcp up to 767b2f4a8154cca344344b9725537a58399e6036. The affected element is the function execopenstack of the file server.py. The manipulation results in os command injection. It is possible to launch the attack remotely. The exploit has...

Codemers KLIMS 安全漏洞

Codemers KLIMS is a system for laboratory information management from Codemers. A security vulnerability exists in Codemers KLIMS version 1.6.DEV, which originates from Python code injection and could lead to server-side execution of arbitrary code...

CVE-2023-36467 AWS data.all vulnerable to RCE through user injection of Python Commands

AWS data.all is an open source development framework to help users build a data marketplace on Amazon Web Services. data.all versions 1.2.0 through 1.5.1 do not prevent remote code execution when a user injects Python commands into the ‘Template’ field when configuring a data pipeline. The issue...

ZyXEL CloudCNM SecuManager Injection Vulnerability

ZyXEL CloudCNM SecuManager is a set of network management software from Taiwan, China-based ZyXEL. The software supports centralized control, device management and intelligent monitoring. A security vulnerability exists in ZyXEL CloudCNM SecuManager version 3.1.0 and 3.1.1. An attacker can exploi...

CVE-2018-16168

LogonTracer 1.2.0 and earlier allows remote attackers to conduct Python code injection attacks via unspecified vectors...

GHSA-M85C-9MF8-M2M6 Unsafe deserialization in confire

An exploitable vulnerability exists in the YAML parsing functionality in config.py in Confire 0.2.0. Due to the user-specific configuration being loaded from "/.confire.yaml" using the yaml.load function, a YAML parser can execute arbitrary Python commands resulting in command execution. An...