Authorizer: CQL/N1QL Injection in Cassandra and Couchbase Backends via fmt.Sprintf String Interpolation

Vulnerability Details CWE: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic All 66+ CQL queries in internal/storage/db/cassandradb/ use fmt.Sprintf to interpolate user-controlled values directly into CQL query strings without parameterization. Unauthenticated endpoints...

CVE-2026-31862 Cloud CLI has Command Injection via Multiple Parameters

Cloud CLI aka Claude Code UI is a desktop and mobile UI for Claude Code, Cursor CLI, Codex, and Gemini-CLI. Prior to 1.24.0, multiple Git-related API endpoints use execAsync with string interpolation of user-controlled parameters file, branch, message, commit, allowing authenticated attackers to...

defuddle vulnerable to XSS via unescaped string interpolation in _findContentBySchemaText image tag

Summary The findContentBySchemaText method in src/defuddle.ts interpolates image src and alt attributes directly into an HTML string without escaping: typescript html += ; An attacker can use a " in the alt attribute to break out of the attribute context and inject event handlers. This is a...

GHSA-5MQ8-78GM-PJMQ defuddle vulnerable to XSS via unescaped string interpolation in _findContentBySchemaText image tag

Summary The findContentBySchemaText method in src/defuddle.ts interpolates image src and alt attributes directly into an HTML string without escaping: typescript html += ; An attacker can use a " in the alt attribute to break out of the attribute context and inject event handlers. This is a...

CVE-2023-34112

JavaCPP Presets is a project providing Java distributions of native C++ libraries. All the actions in the bytedeco/javacpp-presets use the github.event.headcommit.message​ parameter in an insecure way. For example, the commit message is used in a run statement - resulting in a command injection...

CVE-2023-30623 Arbitrary command injection in embano1/wip

embano1/wip is a GitHub Action written in Bash. Prior to version 2, the embano1/wip action uses the github.event.pullrequest.title parameter in an insecure way. The title parameter is used in a run statement - resulting in a command injection vulnerability due to string interpolation. This...

CVE-2023-30623 Arbitrary command injection in embano1/wip

embano1/wip is a GitHub Action written in Bash. Prior to version 2, the embano1/wip action uses the github.event.pullrequest.title parameter in an insecure way. The title parameter is used in a run statement - resulting in a command injection vulnerability due to string interpolation. This...

CVE-2023-24538

Templates do not properly consider backticks as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to...

Vulnerability fixed in Apache Commons Text

A vulnerability has been fixed in Apache Commons Text. The vulnerability allows an unauthenticated remote malicious person potentially able to execute arbitrary code with the privileges of the vulnerable application. To do so, a malicious person must have specific text processed by the vulnerable...

HackerOne: Second-order SOQL injection through email and campaign name parameter in Salesforce lead submission

The HackerOne directory contains profiles of bug bounty and vulnerability disclosure programs that aren't managed on HackerOne. These profiles can be claimed by the organization that manages it. As part of this flow, they will need to enter an email address to confirm that affiliation with the...

Remote Code Execution (RCE) Through Eval

heist is vulnerable to remote code execution RCE attacks. The vulnerability exists as the eval code for strings leads to Kernel.eval, and allows string interpolation to happen. This can eventually lead to a sandbox escape and remote code execution. The following code illustrates the issue RCE...

Square Open Source: Unsafe usage of Ruby string interpolation enabling command injection in git-fastclone

While testing git-fastclone for the ext protocol issues in my other report, I looked at the source code and immediately noticed you're using the Cocaine0 library unsafely. Cocaine will protect from command injection but it "only does that for arguments interpolated via run, NOT arguments passed...