992 matches found
EUVD-2026-44978
The Lenovo XClarity Integrator for Windows Admin Center plugin version 5.1.1 and below running on the WAC Gateway is vulnerable to Powershell Command Injection when establishing remote PowerShell commands...
CVE-2026-52891
Wekan prior to v9.07 is vulnerable to command execution via avatar upload. The avatar filename is embedded in shell commands in models/avatars.js and models/fileValidation.js, allowing shell metacharacters (e.g., ` and $( ) to run commands on the server through child_process.exec(). Impact: high ...
PT-2026-60317
Name of the Vulnerable Software and Affected Versions Wekan versions prior to 9.07 Description The avatar upload functionality allows the embedding of user-supplied filenames into paths that are subsequently passed to the child process.exec function for MIME-type detection. Specifically, the...
SaltStack <=3002 - Shell Injection
SaltStack Salt through 3002 allows an unauthenticated user with network access to the Salt API to use shell injections to run code on the Salt-API using the SSH client. id: CVE-2020-16846 info: name: SaltStack =3003 to mitigate this vulnerability. reference: -...
CVE-2026-59734 Coolify: OS Command Injection in Health Check Configuration Allows Remote Code Execution
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.469, Coolify's app/Jobs/ApplicationDeploymentJob.php generatehealthcheckcommands function directly interpolated the healthcheckhost, healthcheckmethod, and healthcheckpath...
CVE-2026-41857
CVE-2026-41857 affects BOSH CLI prior to 7.10.5. A compromised (malicious) BOSH Director can cause arbitrary shell commands to run on the operator’s workstation when using bosh ssh, bosh scp, or bosh logs -f with default flags. Impact is high (confidentiality, integrity, availability). Mitigation...
CVE-2026-41857 BOSH CLI Shell Injection
A compromised or malicious BOSH Director can execute arbitrary shell commands on the operator's workstation when the operator runs bosh ssh or bosh scp/bosh logs -f with default flags. Affected versions: BOSH CLI versions prior to 7.10.5...
CVE-2026-55849 @cyclonedx/cyclonedx-npm: Shell Injection via Unsanitized `--workspace` Argument
@cyclonedx/cyclonedx-npm creates CycloneDX Software Bill of Materials from npm projects. From 2.1.0 before 5.0.0, the CLI passes user-supplied --workspace values to a subshell without proper sanitization when npmexecpath is unset or empty, allowing arbitrary OS command execution with the privileg...
CVE-2026-55849
The CVE affects @cyclonedx/cyclonedx-npm: from 2.1.0 up to 5.0.0, the CLI passes user-supplied --workspace values to a subshell when npm_execpath is unset or empty, enabling arbitrary OS command execution with the invoking user’s privileges. Root cause is unsanitized input used in a shell command...
CVE-2026-55849 @cyclonedx/cyclonedx-npm: Shell Injection via Unsanitized `--workspace` Argument
@cyclonedx/cyclonedx-npm creates CycloneDX Software Bill of Materials from npm projects. From 2.1.0 before 5.0.0, the CLI passes user-supplied --workspace values to a subshell without proper sanitization when npmexecpath is unset or empty, allowing arbitrary OS command execution with the privileg...
CVE-2026-54344 ToolJet GitHub Actions comment body shell injection exposes deployment secrets
ToolJet is an open-source low-code platform for building internal tools. Prior to 3.20.180, ToolJet's render preview deployment workflow interpolates github.event.comment.body directly into a bash conditional in a run step, allowing any GitHub user who can comment on an open pull request with a...
CVE-2026-54344
CVE-2026-54344 affects ToolJet prior to version 3.20.180. The render preview deployment workflow interpolates github.event.comment.body directly into a bash conditional in a run step, enabling any GitHub user who can comment on an open PR with a deploy command to execute shell commands on the CI ...
CVE-2026-34034
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.466, the sentineltoken setting is used in shell commands without sufficient validation, allowing an authenticated user with access to server Sentinel settings to inject shell...
EUVD-2026-41993
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, user-controlled persistent volume names are interpolated into shell commands executed on managed servers without escaping or validation, allowing an authenticated member to...
CVE-2026-42143
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, user-controlled persistent volume names are interpolated into shell commands executed on managed servers without escaping or validation, allowing an authenticated member to...
CVE-2026-34152
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, pre-deployment and post-deployment commands are single-quote escaped but then sent through SSH heredoc transport that preserves newlines, allowing an authenticated user to...
PT-2026-56136
Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.471 Description Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. An authenticated user can execute commands on managed servers when a resource is deleted...
CVE-2026-55798
Pillow vulnerability CVE-2026-55798 affects WindowsViewer.get_command() in Pillow prior to 12.3.0. It builds a shell command by unescaped file path injected into an f-string and passes it to subprocess.Popen(..., shell=True), enabling injection of arbitrary cmd.exe commands. Impact is limited to ...
CVE-2026-55798
Pillow is a Python imaging library. Prior to 12.3.0, WindowsViewer.getcommand constructed a cmd.exe shell command by directly embedding a file path into an f-string without escaping and passed the result to subprocess.Popen..., shell=True, allowing shell metacharacters in the file path to inject...
PT-2026-56070
Name of the Vulnerable Software and Affected Versions linuxfabrik-lib versions prior to 5.0.0 Linuxfabrik Monitoring Plugins versions prior to 5.2.0 Description A local privilege escalation issue exists when a check plugin includes user-provided input within a command passed to the shell exec...