CVE-2026-22688

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.5, there is a command injection vulnerability that allows authenticated users to inject stdioconfig.command/args into MCP stdio settings, causing the server to execute...

EUVD-2026-1879

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.5, there is a command injection vulnerability that allows authenticated users to inject stdioconfig.command/args into MCP stdio settings, causing the server to execute...

CVE-2026-22688

WeKnora is vulnerable to a command-injection in MCP stdio settings (stdio_config.command/args) that can cause the server to execute subprocesses when a user is authenticated. Affected: WeKnora prior to v0.2.5; patched in v0.2.5. The issue is triggered via MCP stdio configuration values and has be...

CVE-2026-22688 WeKnora has Command Injection in MCP stdio test

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.5, there is a command injection vulnerability that allows authenticated users to inject stdioconfig.command/args into MCP stdio settings, causing the server to execute...

GHSA-78H3-63C4-5FQC WeKnora has Command Injection in MCP stdio test

Vulnerability Description --- Vulnerability Overview This issue is a command injection vulnerability CWE-78 that allows authenticated users to inject stdioconfig.command/args into MCP stdio settings, causing the server to execute subprocesses using these injected values. The root causes are as...

PT-2026-1993

Name of the Vulnerable Software and Affected Versions GPT Academic affected versions not specified Description A flaw exists in the run in subprocess wrapper func function that allows remote attackers to execute arbitrary code on affected systems. Authentication is not required for exploitation...

PT-2025-49043

Name of the Vulnerable Software and Affected Versions Thermo Fisher Torrent Suite Django application version 5.18.1 Description A remote code execution issue exists in the network configuration functionality due to inadequate input validation when handling network configuration parameters via...

CVE-2025-54306

An issue was discovered in the Thermo Fisher Torrent Suite Django application 5.18.1. A remote code execution vulnerability exists in the network configuration functionality, stemming from insufficient input validation when processing network configuration parameters through administrative...

Command Injection

Overview claude-statusline is a Real-time session tracking and analytics for Claude Code Affected versions of this package are vulnerable to Command Injection due to improper handling of subprocess calls. The instancemanager.py module constructs shell commands using string interpolation and passe...

Command Injection

Overview talkpipe is a Python internal and external DSL for writing generative AI analytics Affected versions of this package are vulnerable to Command Injection via the talkpipe.util.os.runcommand function which use subprocess.Popen..., shell=True unsafe. An attacker can execute arbitrary...

Linux Distros Unpatched Vulnerability : CVE-2025-60360

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - radare2 v5.9.8 and before contains a memory leak in the function r2rsubprocessinit. CVE-2025-60360 Note that Nessus relies on the presence of the package as...

SUSE CVE-2025-54469

A vulnerability was identified in NeuVector, where the enforcer used environment variables CLUSTERRPCPORT and CLUSTERLANPORT to generate a command to be executed via popen, without first sanitising their values. The entry process of the enforcer container is the monitor process. When the enforcer...

CVE-2025-60360

radare2 v5.9.8 and before contains a memory leak in the function r2rsubprocessinit...

CVE-2025-60360

radare2 v5.9.8 and before contains a memory leak in the function r2rsubprocessinit...

CVE-2025-60360

radare2 v5.9.8 and before contains a memory leak in the function r2rsubprocessinit...

CVE-2025-60360

CVE-2025-60360 affects radare2 up to v5.9.8, where a memory leak in r2r_subprocess_init is reported. Multiple connected advisories (Ubuntu USN-7915-1, OSV, RH) describe the issue as memory leaks that could enable denial of service, with CVSSv3.1 metrics indicating a local attack vector, low attac...

EUVD-2025-34880

radare2 v5.9.8 and before contains a memory leak in the function r2rsubprocessinit...

Radare2 安全漏洞

Radare2 is a Libre reverse framework for Unix geeks open-sourced by Radare. A security vulnerability exists in radare2 version 5.9.8 and earlier, which stems from a memory leak in the r2rsubprocessinit function...

EUVD-2000-0268

Malware in sbrugna...

EUVD-2020-0028

Malware in sbrugna...