31132 matches found
OS Command Injection
OliveTin is vulnerable to Command Injection. The vulnerability is due to insufficient input validation in Shell mode, where password-typed arguments and webhook-extracted JSON values bypass checkShellArgumentSafety before being passed to sh -c, allowing authenticated or unauthenticated attackers ...
Malicious code in cdp-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dbf55b093e3a93e8d3f536101e62e09cf7e86636cd42813d02f518138cbcb8ed The package ships cdpinject.js, which combines childprocess, fs, http/https, and base64 encoding to gather system information and exfiltrate it over...
PT-2026-41306
Oinone Pamirs 7.0.0 contains a command injection vulnerability in CommandHelper.executeCommands. The method starts a shell process and writes attacker-controlled command strings directly to the process standard input without sanitization. In affected deployments, this can result in arbitrary...
PT-2026-43460
Name of the Vulnerable Software and Affected Versions WWBN AVideo versions 29.0 and earlier Description A shell-metacharacter injection exists in the YPTSocket notification branch within the plugin/Live/on publish.php file. The application constructs a command line for the execAsync function usin...
PT-2026-41321
Tabby formerly Terminus is a highly configurable terminal emulator. Prior to 1.0.233, Tabby before 1.0.233 automatically confirms ZMODEM protocol detection on all terminal session output without user interaction, enabling shell command execution when a user displays attacker-controlled content. T...
CVE-2026-39054
Oinone Pamirs 7.0.0 contains a command injection vulnerability in CommandHelper.executeCommands. The method starts a shell process and writes attacker-controlled command strings directly to the process standard input without sanitization. In affected deployments, this can result in arbitrary...
PT-2026-41314
Turborepo is a high-performance build system for JavaScript and TypeScript codebases. Prior to 2.9.14000, the Turborepo LSP VS Code extension could execute shell commands derived from workspace-controlled values. The extension used string-based command execution for Turborepo daemon commands and...
oinone-pamirs 命令注入漏洞
Oinone-Pamirs is an open-source AI-driven low-code development framework developed by Oinone. Version 7.0.0 of Oinone-Pamirs contains a command injection vulnerability. This vulnerability stems from the CommandHelper.executeCommands method, which initiates shell processes and directly writes the...
CVE-2026-39054
Oinone Pamirs 7.0.0 contains a command injection vulnerability in CommandHelper.executeCommands. The method starts a shell process and writes attacker-controlled command strings directly to the process standard input without sanitization. In affected deployments, this can result in arbitrary...
CVE-2026-45369
python-utcp is the python implementation of UTCP. Prior to 1.1.3, the substituteutcpargs method in clicommunicationprotocol.py inserts user-controlled toolargs values directly into shell command strings without any sanitization or escaping. These commands are then executed via /bin/bash -c Unix o...
CVE-2026-44666
HRConvert2 is a self-hosted, drag-and-drop & nosql file conversion server & share tool. Prior to 3.3.8, the sanitizeString function in convertCore.php is missing backtick and tab \t from its strip list. User input then reaches shellexec, where the shell interprets these characters and commands...
utcp-cli Vulnerable to Command Injection via Unsanitized Argument Substitution in CLI Communication Protocol
Summary The substituteutcpargs method in clicommunicationprotocol.py inserts user-controlled toolargs values directly into shell command strings without any sanitization or escaping. These commands are then executed via /bin/bash -c Unix or powershell.exe -Command Windows, allowing an attacker to...
GHSA-33P6-5JXP-P3X4 utcp-cli Vulnerable to Command Injection via Unsanitized Argument Substitution in CLI Communication Protocol
Summary The substituteutcpargs method in clicommunicationprotocol.py inserts user-controlled toolargs values directly into shell command strings without any sanitization or escaping. These commands are then executed via /bin/bash -c Unix or powershell.exe -Command Windows, allowing an attacker to...
EUVD-2026-30480
HRConvert2 is a self-hosted, drag-and-drop & nosql file conversion server & share tool. Prior to 3.3.8, the sanitizeString function in convertCore.php is missing backtick and tab \t from its strip list. User input then reaches shellexec, where the shell interprets these characters and commands...
CVE-2026-44666
HRConvert2 is a self-hosted, drag-and-drop & nosql file conversion server & share tool. Prior to 3.3.8, the sanitizeString function in convertCore.php is missing backtick and tab \t from its strip list. User input then reaches shellexec, where the shell interprets these characters and commands...
GHSA-72W5-PF8H-XFP4 DeepSeek TUI: task_create Insecure Defaults Enable RCE via Prompt Injection in Project Files
Summary The taskcreate tool spawns durable sub-agents that inherit two insecure defaults: - allowshell defaults to true config.rs:1499: self.allowshell.unwraportrue - autoapprove defaults to true taskmanager.rs:297: autoapprove: Sometrue When a user approves a taskcreate call which requires...
DeepSeek TUI: task_create Insecure Defaults Enable RCE via Prompt Injection in Project Files
Summary The taskcreate tool spawns durable sub-agents that inherit two insecure defaults: - allowshell defaults to true config.rs:1499: self.allowshell.unwraportrue - autoapprove defaults to true taskmanager.rs:297: autoapprove: Sometrue When a user approves a taskcreate call which requires...
CVE-2026-45369 python-utcp: Command Injection via Unsanitized Argument Substitution in CLI Communication Protocol
python-utcp is the python implementation of UTCP. Prior to 1.1.3, the substituteutcpargs method in clicommunicationprotocol.py inserts user-controlled toolargs values directly into shell command strings without any sanitization or escaping. These commands are then executed via /bin/bash -c Unix o...
CVE-2026-45369 python-utcp: Command Injection via Unsanitized Argument Substitution in CLI Communication Protocol
python-utcp is the python implementation of UTCP. Prior to 1.1.3, the substituteutcpargs method in clicommunicationprotocol.py inserts user-controlled toolargs values directly into shell command strings without any sanitization or escaping. These commands are then executed via /bin/bash -c Unix o...
CVE-2026-45369
python-utcp is the python implementation of UTCP. Prior to 1.1.3, the substituteutcpargs method in clicommunicationprotocol.py inserts user-controlled toolargs values directly into shell command strings without any sanitization or escaping. These commands are then executed via /bin/bash -c Unix o...