13 matches found
CVE-2026-57456
Vim is an open source, command line text editor. Prior to 9.2.0699, Vim's Python omni-completion runtime/autoload/python3complete.vim and the legacy pythoncomplete.vim executes reconstructed function and class definitions from the current buffer with exec as part of populating the completion...
CVE-2026-13311
shell-quote prior to 1.8.5 finalizes parsed tokens in parse using Array.prototype.concat as a reduce accumulator, which reallocates and copies the entire growing array on every iteration. As a result parse runs in On^2 time relative to the number of input tokens. An attacker who can supply an...
Ubuntu 18.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : shell-quote vulnerability (USN-8410-1)
The remote Ubuntu 18.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-8410-1 advisory. Akshat Sinha discovered that shell-quote improperly validated object-token inputs. An attacker could possibly use this...
OS Command Injection
shell-quote is vulnerable to OS Command Injection. The vulnerability is due to insufficient validation and escaping of object-token .op inputs in the quote function, which allows an attacker to inject line terminators and execute arbitrary shell commands when the generated output is processed by ...
-tompan-reacttemplate (>=1.0.1 <=1.1.0), 0726react (=0.1.1) +28725 more potentially affected by CVE-2026-9277 via shell-quote (>=1.3.3 <=1.8.3)
shell-quote NPM version =1.3.3, =1.0.1, =1.1.0 - 0726react =0.1.1 - 0x0.icu.anima =0.1.0 - 0xcorde-pac =1.0.0 - 0xgank-tea-advice-pull =1.0.0 - 0xgank-tea-balance-pencil =1.0.0 - 0xgank-tea-brick-bell =1.0.0 - 0xgank-tea-cake-victory =1.0.0 - 0xgank-tea-central-compound =1.0.0 -...
-tompan-reacttemplate (>=1.0.1 <=1.1.0), 0726react (=0.1.1) +28725 more potentially affected by CVE-2026-9277 via shell-quote (>=1.3.3 <=1.8.3)
shell-quote NPM version =1.3.3, =1.0.1, =1.1.0 - 0726react =0.1.1 - 0x0.icu.anima =0.1.0 - 0xcorde-pac =1.0.0 - 0xgank-tea-advice-pull =1.0.0 - 0xgank-tea-balance-pencil =1.0.0 - 0xgank-tea-brick-bell =1.0.0 - 0xgank-tea-cake-victory =1.0.0 - 0xgank-tea-central-compound =1.0.0 -...
Arbitrary Command Injection
Overview shell-quote is a package used to quote and parse shell commands. Affected versions of this package are vulnerable to Arbitrary Command Injection via the quote function when object-token inputs containing line terminators \n, \r, U+2028, U+2029 in the .op field are not properly validated...
CVE-2026-27469 Isso: Stored XSS via comment website field
Isso is a lightweight commenting server written in Python and JavaScript. In commits before 0afbfe0691ee237963e8fb0b2ee01c9e55ca2144, there is a stored Cross-Site Scripting XSS vulnerability affecting the website and author comment fields. The website field was HTML-escaped using quote=False, whi...
EUVD-2022-54225
Malicious code in bioql PyPI...
CVE-2022-31631 PDO::quote() may return unquoted string
In PHP versions 8.0. before 8.0.27, 8.1. before 8.1.15, 8.2. before 8.2.2 when using PDO::quote function to quote user-supplied data for SQLite, supplying an overly long string may cause the driver to incorrectly quote the data, which may further lead to SQL injection vulnerabilities...
The vulnerability of the PDO::quote function in the ext/pdo_sqlite/sqlite_driver.c component of the PHP programming language is related to integer overflow. This vulnerability allows attackers to access confidential data, compromise its integrity, and cause service failures.
The vulnerability of the PDO::quote function in the ext/pdosqlite/sqlitedriver.c component of the PHP programming language is related to integer overflow. Exploiting this vulnerability allows an attacker to access confidential data, compromise its integrity, and cause service failures...
The vulnerability of the Quote sub-component of the Oracle Lease and Finance Management component in the Oracle E-Business Suite system allows a malicious individual to gain unauthorized access to the device.
The vulnerability of the Quotes sub-component of the Oracle Lease and Finance Management component within the Oracle E-Business Suite automation system is related to code errors. Exploiting this vulnerability may allow an attacker, operating remotely, to gain unauthorized access to the device...
0latency (=0.0.0), 192.168.0.172 (=4.6.1) +3626 more potentially affected by CVE-2016-10541 via shell-quote (>=0.0.1 <=1.6.0)
shell-quote NPM version =0.0.1, =1.0.0, =0.0.2, =1.0.0, =1.4.0, =0.0.0, =1.1.0, =0.1.3, =0.1.33, =0.0.3, =0.2.9 and more Source cves: CVE-2016-10541 Source advisory: OSV:GHSA-QG8P-V9Q4-GH34...