1774 matches found
GHSA-8H3Q-9FPP-C883 Duplicate Advisory: Wrangler affected by OS Command Injection in `wrangler pages deploy`
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-36p8-mvp6-cv38. This link is maintained to preserve external references. Original Description SummaryA command injection vulnerability CWE-78 has been found to exist in the wrangler pages deploy command. The iss...
Improper Input Validation
Overview wrangler is a Command-line interface for all things Cloudflare Workers Affected versions of this package are vulnerable to Improper Input Validation via the wrangler pages deploy command when the --commit-hash parameter is passed directly to a shell command without proper validation or...
CVE-2026-0933
SummaryA command injection vulnerability CWE-78 has been found to exist in the wrangler pages deploy command. The issue occurs because the --commit-hash parameter is passed directly to a shell command without proper validation or sanitization, allowing an attacker with control of --commit-hash to...
CVE-2026-0933
SummaryA command injection vulnerability CWE-78 has been found to exist in the wrangler pages deploy command. The issue occurs because the --commit-hash parameter is passed directly to a shell command without proper validation or sanitization, allowing an attacker with control of --commit-hash to...
CVE-2026-0933
Summary of CVE-2026-0933 : A command injection vulnerability exists in the Cloudflare Wrangler tool’s “wrangler pages deploy” command. The root cause is that the commitHash provided via the --commit-hash CLI argument is interpolated directly into a shell command (example: execSync(git show -s --f...
CVE-2026-0933 OS Command Injection in `wrangler pages deploy`
SummaryA command injection vulnerability CWE-78 has been found to exist in the wrangler pages deploy command. The issue occurs because the --commit-hash parameter is passed directly to a shell command without proper validation or sanitization, allowing an attacker with control of --commit-hash to...
PT-2026-3738
Name of the Vulnerable Software and Affected Versions Wrangler versions prior to 3.114.17 Wrangler versions prior to 4.59.1 Wrangler version 2 EOL Description A command injection issue exists in the wrangler pages deploy command. The issue occurs because the --commit-hash parameter is passed to a...
MiracleLinux 8 : sssd-2.4.0-9.el8.2 (AXSA:2021-2364:07)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2364:07 advisory. sssd: shell command injection in sssctl CVE-2021-3621 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory...
MiracleLinux 4 : rh-mysql56-mysql-5.6.37-5.AXS4 (AXSA:2017-2302:01)
The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-2302:01 advisory. An integer overflow flaw leading to a buffer overflow was found in the way MySQL parsed connection handshake packets. An unauthenticated remote...
CVE-2026-23520 Arcane has a Command Injection in Arcane Updater Lifecycle Labels Enables RCE
Arcane provides modern docker management. Prior to 1.13.0, Arcane has a command injection in the updater service. Arcane’s updater service supported lifecycle labels com.getarcaneapp.arcane.lifecycle.pre-update and com.getarcaneapp.arcane.lifecycle.post-update that allowed defining a command to r...
TencentOS Server 2: httpd (TSSA-2026:0012)
The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0012 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...
HPE AOS 安全漏洞
HPE AOS is an operating system from HPE, USA. A security vulnerability exists in HPE AOS that stems from a packet header that can be injected with shell commands, which could lead to the execution of arbitrary commands...
CVE-2018-18753
Typecho V1.1 allows remote attackers to send shell commands via base64-encoded serialized data, as demonstrated by SSRF...
CVE-2022-42500
In OEMOnRequest of sced.cpp, there is a possible shell command execution due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:...
CVE-2024-39226
GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a vulnerability can be exploited to manipulate routers b...
CVE-2025-6225
Kieback Neutrino-GLT product is used for building management. It's web component "SM70 PHWEB" is vulnerable to shell command injection via login form. The injected commands would execute with low privileges. The vulnerability has been fixed in version 9.40.02...
CVE-2021-41016
A improper neutralization of special elements used in a command 'command injection' in Fortinet FortiExtender version 7.0.1 and below, 4.2.3 and below, 4.1.7 and below allows an authenticated attacker to execute privileged shell commands via CLI commands including special characters...
Kieback&Peter Neutrino-GLT 操作系统命令注入漏洞
Kieback&Peter Neutrino-GLT is a building management system from Kieback&Peter, Germany. Kieback&Peter Neutrino-GLT suffers from an operating system command injection vulnerability that stems from a shell command injection in the web component SM70 PHWEB login form, which could lead to the executi...
PT-2025-54455
Name of the Vulnerable Software and Affected Versions Gargoyle router management utility versions 1.5.x Description The application does not properly restrict or validate input provided through the commands parameter, leading to authenticated OS command execution. This occurs in the /utility/run...
Exploit for Deserialization of Untrusted Data in Facebook React
⚡ react2shellpoc 🚨 Educational Proof of Concept – Handle...