CVE-2026-9255

Missing input source validation in the tool authorization prompt in Kiro CLI before 1.28.0 allows a local attacker to execute arbitrary tools, including shell commands, without user approval by crafting content that is piped to kiro-cli via stdin. We recommend you to upgrade to kiro-cli version...

CVE-2026-9255 Tool Execution Without Authorization via Piped Stdin in Kiro CLI

Missing input source validation in the tool authorization prompt in Kiro CLI before 1.28.0 allows a local attacker to execute arbitrary tools, including shell commands, without user approval by crafting content that is piped to kiro-cli via stdin. We recommend you to upgrade to kiro-cli version...

CVE-2026-9255

Kiro CLI vulnerability CVE-2026-9255 affects kiro-cli prior to version 1.28.0. Missing input source validation in the tool authorization prompt allows a local attacker to run arbitrary tools, including shell commands, by piping crafted content to kiro-cli via stdin. This is a local-attack risk wi...

CLSA-2026-1779368297 polkit: Fix of CVE-2026-4897

CVE-2026-4897: Fix unbounded stdin reads that allow local user to trigger OOM and DoS in setuid helper; add input length checks and limit allocations...

EUVD-2026-30964

Kitty is a cross-platform GPU based terminal. Versions 0.46.2 and below contain a heap buffer overflow in loadimagedata that allows any process which can write to the terminal's stdin to crash kitty immediately. The vulnerability is triggered by a single APC graphics protocol command with a PNG...

CVE-2026-47091

Claude HUD up to version 0.0.12 is affected by a path traversal flaw exposed by an unvalidated transcript_path in stdin JSON. The vulnerability lets an attacker read arbitrary files readable by the process, and the accessed file metadata is written to a persistent cache file with insufficient per...

CVE-2026-39054

CVE-2026-39054 affects Oinone Pamirs 7.0.0. A vulnerability in CommandHelper.executeCommands allows command injection: the code starts a shell process and writes attacker-controlled command strings directly to stdin without sanitization, enabling arbitrary OS command execution in affected deploym...

oinone-pamirs 命令注入漏洞

Oinone-Pamirs is an open-source AI-driven low-code development framework developed by Oinone. Version 7.0.0 of Oinone-Pamirs contains a command injection vulnerability. This vulnerability stems from the CommandHelper.executeCommands method, which initiates shell processes and directly writes the...

PT-2026-38380

Name of the Vulnerable Software and Affected Versions Gotenberg versions prior to 8.31.0 Description An unauthenticated remote attacker can achieve OS command execution via the '/forms/pdfengines/metadata/write' endpoint. The application accepts a JSON metadata object and passes its keys to...

Astra Linux - уязвимость в imagemagick

ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image e.g., for resize, the convert process could be left waiting for stdin input...

Gotenberg has ExifTool stdin argument injection via metadata value newlines (bypass of key sanitization fix)

Vulnerability Details CWE: CWE-20 - Improper Input Validation The metadata value sanitization introduced in v8.30.1 commit 405f106 only validates metadata KEYS via safeKeyPattern regex. Metadata VALUES are passed unsanitized to go-exiftool SetString, which writes them as fmt.Fprintlne.stdin,...

GHSA-Q7R4-HC83-HF2Q Gotenberg has ExifTool stdin argument injection via metadata value newlines (bypass of key sanitization fix)

Vulnerability Details CWE: CWE-20 - Improper Input Validation The metadata value sanitization introduced in v8.30.1 commit 405f106 only validates metadata KEYS via safeKeyPattern regex. Metadata VALUES are passed unsanitized to go-exiftool SetString, which writes them as fmt.Fprintlne.stdin,...

UBUNTU-CVE-2026-33948

jq is a command-line JSON processor. Commits before 6374ae0bcdfe33a18eb0ae6db28493b1f34a0a5b contain a vulnerability where CLI input parsing allows validation bypass via embedded NUL bytes. When reading JSON from files or stdin, jq uses strlen to determine buffer length instead of the actual byte...

CVE-2026-32022

OpenClaw versions prior to 2026.2.21 contain a stdin-only policy bypass vulnerability in the grep tool within tools.exec.safeBins that allows attackers to read arbitrary files by supplying a pattern via the -e flag parameter. Attackers can include a positional filename operand to bypass file acce...

CVE-2026-4897

A flaw was found in polkit. A local user can exploit this by providing a specially crafted, excessively long input to the polkit-agent-helper-1 setuid binary via standard input stdin. This unbounded input can lead to an out-of-memory OOM condition, resulting in a Denial of Service DoS for the...

Linux Distros Unpatched Vulnerability : CVE-2026-4897

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in polkit. A local user can exploit this by providing a specially crafted, excessively long input to the polkit-agent-helper-1 setuid binary vi...

CVE-2026-32909

Rejected reason: This CVE ID has been rejected...

CVE-2026-32909

...

CVE-2026-32022

OpenClaw versions prior to 2026.2.21 contain a stdin-only policy bypass vulnerability in the grep tool within tools.exec.safeBins that allows attackers to read arbitrary files by supplying a pattern via the -e flag parameter. Attackers can include a positional filename operand to bypass file acce...

CVE-2026-32022

OpenClaw versions prior to 2026.2.21 contain a stdin-only policy bypass vulnerability in the grep tool within tools.exec.safeBins that allows attackers to read arbitrary files by supplying a pattern via the -e flag parameter. Attackers can include a positional filename operand to bypass file acce...