353 matches found
CVE-2026-Pending-Delegator-Command-Injection
CVE-2026-XXXXX Pending: Command Injection in delegator.py...
Azure Linux 3.0 Security Update: python3 (CVE-2023-6507)
The version of python3 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-6507 advisory. - An issue was found in CPython 3.12.0 subprocess module on POSIX platforms. The issue was fixed in CPython...
SUSE CVE-2026-22688
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.5, there is a command injection vulnerability that allows authenticated users to inject stdioconfig.command/args into MCP stdio settings, causing the server to execute...
CVE-2026-22688
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.5, there is a command injection vulnerability that allows authenticated users to inject stdioconfig.command/args into MCP stdio settings, causing the server to execute...
CVE-2026-22688
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.5, there is a command injection vulnerability that allows authenticated users to inject stdioconfig.command/args into MCP stdio settings, causing the server to execute...
CVE-2026-22688
WeKnora is vulnerable to a command-injection in MCP stdio settings (stdio_config.command/args) that can cause the server to execute subprocesses when a user is authenticated. Affected: WeKnora prior to v0.2.5; patched in v0.2.5. The issue is triggered via MCP stdio configuration values and has be...
EUVD-2026-1879
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.5, there is a command injection vulnerability that allows authenticated users to inject stdioconfig.command/args into MCP stdio settings, causing the server to execute...
CVE-2026-22688 WeKnora has Command Injection in MCP stdio test
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.5, there is a command injection vulnerability that allows authenticated users to inject stdioconfig.command/args into MCP stdio settings, causing the server to execute...
GHSA-78H3-63C4-5FQC WeKnora has Command Injection in MCP stdio test
Vulnerability Description --- Vulnerability Overview This issue is a command injection vulnerability CWE-78 that allows authenticated users to inject stdioconfig.command/args into MCP stdio settings, causing the server to execute subprocesses using these injected values. The root causes are as...
PT-2026-1993
Name of the Vulnerable Software and Affected Versions GPT Academic affected versions not specified Description A flaw exists in the run in subprocess wrapper func function that allows remote attackers to execute arbitrary code on affected systems. Authentication is not required for exploitation...
CVE-2025-54306
An issue was discovered in the Thermo Fisher Torrent Suite Django application 5.18.1. A remote code execution vulnerability exists in the network configuration functionality, stemming from insufficient input validation when processing network configuration parameters through administrative...
PT-2025-49043
Name of the Vulnerable Software and Affected Versions Thermo Fisher Torrent Suite Django application version 5.18.1 Description A remote code execution issue exists in the network configuration functionality due to inadequate input validation when handling network configuration parameters via...
Command Injection
Overview claude-statusline is a Real-time session tracking and analytics for Claude Code Affected versions of this package are vulnerable to Command Injection due to improper handling of subprocess calls. The instancemanager.py module constructs shell commands using string interpolation and passe...
Command Injection
Overview talkpipe is a Python internal and external DSL for writing generative AI analytics Affected versions of this package are vulnerable to Command Injection via the talkpipe.util.os.runcommand function which use subprocess.Popen..., shell=True unsafe. An attacker can execute arbitrary...
Linux Distros Unpatched Vulnerability : CVE-2025-60360
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - radare2 v5.9.8 and before contains a memory leak in the function r2rsubprocessinit. CVE-2025-60360 Note that Nessus relies on the presence of the package as...
SUSE CVE-2025-54469
A vulnerability was identified in NeuVector, where the enforcer used environment variables CLUSTERRPCPORT and CLUSTERLANPORT to generate a command to be executed via popen, without first sanitising their values. The entry process of the enforcer container is the monitor process. When the enforcer...
CVE-2025-60360
radare2 v5.9.8 and before contains a memory leak in the function r2rsubprocessinit...
CVE-2025-60360
radare2 v5.9.8 and before contains a memory leak in the function r2rsubprocessinit...
Radare2 安全漏洞
Radare2 is a Libre reverse framework for Unix geeks open-sourced by Radare. A security vulnerability exists in radare2 version 5.9.8 and earlier, which stems from a memory leak in the r2rsubprocessinit function...
EUVD-2025-34880
radare2 v5.9.8 and before contains a memory leak in the function r2rsubprocessinit...