PT-2026-47030

Name of the Vulnerable Software and Affected Versions HAX CMS versions prior to 26.0.0 Description An OS command injection issue exists in the Git.php library of the PHP backend. The application executes shell command strings using the proc open function without properly sanitizing input. An...

Markdown Preview Enhanced 操作系统命令注入漏洞

Markdown Preview Enhanced is a highly powerful markup extension developed by Yiyi Wang. Versions of Markdown Preview Enhanced prior to 0.8.28 contained a vulnerability related to operating system command injection. This vulnerability stemmed from opening external files and links via the shell...

CVE-2026-41011

PackagePersister.validatetgz builds "tar -tf tgz 2&1" where tgz = File.joinreleasedir, 'packages', "name.tgz" and name = packagemeta'name' comes directly from release.MF inside the uploaded tarball. The string is passed to Bosh::Common::Exec.sh, which executes via %x — i.e., /bin/sh -c. No...

CVE-2026-41011

PackagePersister.validatetgz builds "tar -tf tgz 2&1" where tgz = File.joinreleasedir, 'packages', "name.tgz" and name = packagemeta'name' comes directly from release.MF inside the uploaded tarball. The string is passed to Bosh::Common::Exec.sh, which executes via %x — i.e., /bin/sh -c. No...

EUVD-2026-34197

PackagePersister.validatetgz builds "tar -tf tgz 2&1" where tgz = File.joinreleasedir, 'packages', "name.tgz" and name = packagemeta'name' comes directly from release.MF inside the uploaded tarball. The string is passed to Bosh::Common::Exec.sh, which executes via %x — i.e., /bin/sh -c. No...

CVE-2026-41011

PackagePersister.validatetgz builds "tar -tf tgz 2&1" where tgz = File.joinreleasedir, 'packages', "name.tgz" and name = packagemeta'name' comes directly from release.MF inside the uploaded tarball. The string is passed to Bosh::Common::Exec.sh, which executes via %x — i.e., /bin/sh -c. No...

PT-2026-46131

PackagePersister.validate tgz builds "tar -tf tgz 2&1" where tgz = File.joinrelease dir, 'packages', "name.tgz" and name = package meta'name' comes directly from release.MF inside the uploaded tarball. The string is passed to Bosh::Common::Exec.sh, which executes via %x — i.e., /bin/sh -c. No...

Dulwich Vulnerable to Command Injection via Merge Driver Path

Summary Dulwich's ProcessMergeDriver substitutes the file path from the git tree, controllable by an attacker via a malicious branch into the merge driver command via the %P placeholder and executes it with subprocess.run..., shell=True. An attacker who can cause a victim to merge an untrusted...

GHSA-9277-MP7X-85JF Dulwich Vulnerable to Command Injection via Merge Driver Path

Summary Dulwich's ProcessMergeDriver substitutes the file path from the git tree, controllable by an attacker via a malicious branch into the merge driver command via the %P placeholder and executes it with subprocess.run..., shell=True. An attacker who can cause a victim to merge an untrusted...

Exploit for CVE-2026-48030

CVE-2026-48030 — OS Command Injection in Pheditor Overview...

PT-2026-44725

Name of the Vulnerable Software and Affected Versions Dulwich versions prior to 1.2.5-1.1 Description Command injection occurs in the ProcessMergeDriver when the file path from the git tree is substituted into the merge driver command via the %P placeholder. This command is then executed using...

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the check field in metadata files due to unsafe execution using /bin/bash -c. An attacker can craft malicious metadata that executes arbitrary shell commands on the victim’s system when common uniget operations suc...

CVE-2026-45152

uniget is a universal installer and updater for container tools. Prior to 0.27.1, a command injection vulnerability exists in uniget due to unsafe execution of the check field from metadata files using /bin/bash -c. Because the check field is loaded directly from untrusted JSON metadata without...

CVE-2026-45087

Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, when dalfox is started in REST API server mode dalfox server, the server binds to 0.0.0.0:6664 by default and requires no API key unless the operator explicitly passes --api-key. Because model.Options...

CVE-2026-36044

@pensar/apex = 0.0.58 is vulnerable to OS command injection via the smartenumerate tool. The createSmartEnumerateTool function in src/core/agent/tools.ts constructs a shell command by concatenating unsanitized values from the extensions array and url parameter into a string passed to Node.js...

CVE-2026-36044

CVE-2026-36044 affects @pensar/apex

CVE-2026-48687

FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the Juniper router integration plugin. The log function in src/juniperplugin/fastnetmonjuniper.php lines 117-118 constructs shell commands by concatenating the $msg parameter directly into exec calls:...

MAL-2026-4550 Malicious code in emojifancy-print (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 87a0b34b08697e7c8c67b8111ab442ec2d1168f0981b4680fc327a40ba370d79 The package advertises itself as a colorized logger but ships a backdoor in dist/logger.js that fires automatically when the module is loaded. At...

go-git: Improper single-quote escaping in go-git SSH transport

Impact go-git's SSH transport constructs the remote exec command by wrapping the repository path in single quotes without escaping single quotes embedded inside the path. This diverges from canonical Git, which shell-quotes the path through sqquotebuf so that an embedded ' becomes the '''...

GHSA-M7CR-M3PV-HGRP go-git: Improper single-quote escaping in go-git SSH transport

Impact go-git's SSH transport constructs the remote exec command by wrapping the repository path in single quotes without escaping single quotes embedded inside the path. This diverges from canonical Git, which shell-quotes the path through sqquotebuf so that an embedded ' becomes the '''...