samba: Remote Code Execution in SAMR

A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers that use the "check password script" feature. If this script is configured with the %u substitution character, the client-controlled username is passed without proper...

Fedora 44 : composer (2026-9b34a78e81)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-9b34a78e81 advisory. Version 2.10.1 - 2026-06-04 Security: Fixed shell escaping when opening an editor 12903 Security: Verify backup phar signature before restoring it when using...

Fedora 43 : composer (2026-4308b5fc39)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-4308b5fc39 advisory. Version 2.10.1 - 2026-06-04 Security: Fixed shell escaping when opening an editor 12903 Security: Verify backup phar signature before restoring it when using...

CVE-2026-46643 Snappy: Binary path is never shell-escaped due to an inverted is_executable check

Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Prior to version 1.7.1, on POSIX, escapeshellarg‘/usr/bin/wkhtmltopdf’ returns the literal string ‘/usr/bin/wkhtmltopdf’ with the single-quote characters included. isexecutable then looks for a file...

CVE-2026-45662

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.29.0 and earlier, the deleteRegistry function in Dokploy packages/server/src/services/registry.ts executes docker logout $response.registryUrl without shell escaping. In the same file, the docker login command correctly uses shEsca...

EUVD-2026-33349

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.29.0 and earlier, the deleteRegistry function in Dokploy packages/server/src/services/registry.ts executes docker logout $response.registryUrl without shell escaping. In the same file, the docker login command correctly uses shEsca...

CVE-2026-45662

Dokploy (PaaS) vulnerability CVE-2026-45662 affects deleteRegistry in packages/server/src/services/registry.ts. In 0.29.0 and earlier, docker logout ${response.registryUrl} is executed without shell escaping, while docker login uses shEscape() to prevent injection. This inconsistency enables a po...

CVE-2026-45662

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.29.0 and earlier, the deleteRegistry function in Dokploy packages/server/src/services/registry.ts executes docker logout $response.registryUrl without shell escaping. In the same file, the docker login command correctly uses shEsca...

Dokploy 操作系统命令注入漏洞

Dokploy is an open-source software developed by Dokploy itself. Versions of Dokploy prior to 0.29.0 contained a vulnerability related to operating system command injection. This vulnerability arose because the deleteRegistry function executed the docker logout command without proper shell escapin...

PT-2026-44903

Name of the Vulnerable Software and Affected Versions Dokploy versions prior to 0.29.1 Description Dokploy is a self-hostable Platform as a Service PaaS. A command injection issue exists in the deleteRegistry function within the packages/server/src/services/registry.ts file. The application...

GHSA-VPR4-P6FQ-85JC Snappy: Binary path is never shell-escaped due to an inverted is_executable check

Impact On POSIX, escapeshellarg‘/usr/bin/wkhtmltopdf’ returns the literal string ‘/usr/bin/wkhtmltopdf’ with the single-quote characters included. isexecutable then looks for a file whose actual name contains those quote characters, which essentially never exists. The safe branch is dead code and...

CLSA-2026-1777661044 vim: Fix of CVE-2026-33412

CVE-2026-33412: fix OS command injection via newline in glob by adding \n to SHELLSPECIAL in src/osunix.c so newlines are escaped before the pattern is passed to the user's shell...

CLSA-2026-1777565595 vim: Fix of CVE-2026-33412

CVE-2026-33412: fix OS command injection via newline in glob by adding \n to SHELLSPECIAL in src/osunix.c so newlines are escaped before the pattern is passed to the user's shell...

CLSA-2026-1777306218 Fix CVE(s): CVE-2026-33412

SECURITY UPDATE: Command injection via newline in glob - debian/patches/CVE-2026-33412.patch: add '\n' to SHELLSPECIAL in src/osunix.c so newlines in glob patterns are shell-escaped before mchexpandwildcards hands the string to the user's shell - CVE-2026-33412...

GHSA-9JFH-9XRQ-4VWM Shescape escape() leaves bracket glob expansion active on Bash, BusyBox, and Dash

Summary Shescapeescape does not escape square-bracket glob syntax for Bash, BusyBox sh, and Dash. Applications that interpolate the return value directly into a shell command string can cause an attacker-controlled value like secret12 to expand into multiple filesystem matches instead of a single...

Shescape escape() leaves bracket glob expansion active on Bash, BusyBox, and Dash

Summary Shescapeescape does not escape square-bracket glob syntax for Bash, BusyBox sh, and Dash. Applications that interpolate the return value directly into a shell command string can cause an attacker-controlled value like secret12 to expand into multiple filesystem matches instead of a single...

CVE-2026-30916

Shescape is a simple shell escape library for JavaScript. Prior to 2.1.9, an attacker may be able to bypass escaping for the shell being used. This can result, for example, in exposure of sensitive information. This impacts users of Shescape that configure their shell to point to a file on disk...

CVE-2026-30916

Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. Reason: Further investigation determined that the software behavior described did not falls within the project's threat model. See https://github.com/github/advisory-database/pull/7206 for more information...

CVE-2026-30916

REJECT DO NOT USE THIS CANDIDATE NUMBER. Reason: Further investigation determined that the software behavior described did not falls within the project's threat model. See https://github.com/github/advisory-database/pull/7206 for more information...

CVE-2026-30916

...