Lucene search
K

420 matches found

Github Security Blog
Github Security Blog
added 2026/03/31 10:43 p.m.6 views

baserCMS has OS command injection vulnerability in installer

baserCMS has an OS command injection vulnerability in the installer. Target baserCMS 5.2.2 and earlier versions Vulnerability If baserCMS is placed on a server but not installed, malicious commands may be executed. Countermeasures Update to the latest version of baserCMS Please refer to the...

9.8CVSS7.1AI score0.02059EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/03/31 12:45 a.m.10 views

CVE-2026-30877

baserCMS (website development framework) has an OS command injection in the update functionality prior to v5.2.3. An authenticated administrator can run arbitrary OS commands on the server with the baserCMS process user privileges. The issue is fixed in version 5.2.3 per CVE-2026-30877 (NVD and C...

9.1CVSS6AI score0.01516EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.8 views

wenxian 操作系统命令注入漏洞

Wenxian is a tool developed by Jinzhe Zeng as a reference format generator based on document identifiers. Versions of Wenxian 0.3.1 and earlier contained a vulnerability related to operating system command injection. This vulnerability stemmed from the use of unvalidated user input directly in...

9.8CVSS6.1AI score0.02172EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/03/30 12:0 a.m.5 views

PT-2026-29100

Roo Code's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on fragile regular expressions to parse command structures; while it attempts to intercept dangerous operations, i...

6.3AI score0.01145EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/30 12:0 a.m.8 views

Cline 安全漏洞

Cline is an AI programming assistant that serves as an integrated CLI and editor for necboy developers. Cline has a security vulnerability, which stems from a vulnerability in the command autentication module—specifically, an OS command injection vulnerability—potentially allowing remote code...

9.8CVSS6.1AI score0.01145EPSS
Exploits0References3
CVE
CVE
added 2026/03/30 12:0 a.m.11 views

CVE-2026-30307

Summary: CVE-2026-30307 affects Roo Code’s command auto-approval module. The vulnerability stems from parsing command structures with fragile regular expressions that do not account for Shell command substitution (e.g., $(...) and backticks). An attacker can craft a command like: git log --grep="...

9.8CVSS6.3AI score0.01145EPSS
Exploits0References2Affected Software1
GithubExploit
GithubExploit
added 2026/03/27 11:4 p.m.194 views

websec-payloads

Web Security Payloads & Exploitation Reference Comprehensiv...

5.9AI score
Exploits0
Vulnrichment
Vulnrichment
added 2026/03/27 5:24 a.m.2 views

CVE-2026-27650

OS Command Injection vulnerability exists in BUFFALO Wi-Fi router products. If this vulnerability is exploited, an arbitrary OS command may be executed on the products...

8.8CVSS7.3AI score0.00922EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.7 views

PT-2026-28648

Name of the Vulnerable Software and Affected Versions NEC Platforms, Ltd. Aterm Series affected versions not specified Description An OS Command Injection issue exists in NEC Platforms, Ltd. Aterm Series. This allows a malicious actor to execute arbitrary OS commands through the network...

7.1CVSS6.1AI score0.00864EPSS
Exploits0References4
OSV
OSV
added 2026/03/26 8:33 p.m.5 views

GO-2026-4823 PinchTab: OS Command Injection via Profile Name in Windows Cleanup Routine Enables Arbitrary Command Execution in github.com/pinchtab/pinchtab

PinchTab: OS Command Injection via Profile Name in Windows Cleanup Routine Enables Arbitrary Command Execution in github.com/pinchtab/pinchtab...

7.2CVSS5.9AI score0.02904EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/03/26 3:15 p.m.6 views

CVE-2026-4496

A vulnerability was found in sigmade Git-MCP-Server up to 785aa159f262a02d5791a5d8a8e13c507ac42880. Affected by this vulnerability is the function childprocess.exec of the file src/gitUtils.ts of the component showmergediff/quickmergesummary/showfilediff. The manipulation results in os command...

5.3CVSS5.5AI score0.00697EPSS
Exploits0References1
NVD
NVD
added 2026/03/25 3:16 p.m.4 views

CVE-2026-26830

pdf-image npm package through version 2.0.0 allows OS command injection via the pdfFilePath parameter. The constructGetInfoCommand and constructConvertCommandForPage functions use util.format to interpolate user-controlled file paths into shell command strings that are executed via childprocess.e...

9.8CVSS0.02493EPSS
Exploits4References3
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.7 views

textract 安全漏洞

Textract is a text extraction tool developed by David Bashford, which supports multiple formats. Textract versions 2.5.0 and earlier contained security vulnerabilities. These vulnerabilities stemmed from unvalidated file path parameters, which could lead to OS command injection attacks...

9.8CVSS5.8AI score0.02421EPSS
Exploits4References6
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.8 views

pdf-image 安全漏洞

pdf-image is a Node.js tool developed by Masafumi Oyamada for converting PDFs to PNG images. Versions of pdf-image 2.0.0 and earlier contain security vulnerabilities. These vulnerabilities stem from the fact that the pdfFilePath parameter is not verified, which may lead to OS command injection...

9.8CVSS5.8AI score0.02493EPSS
Exploits4References3
NVD
NVD
added 2026/03/23 10:16 p.m.6 views

CVE-2026-4611

A flaw has been found in TOTOLINK X6000R 9.4.0cu.1360B20241207/9.4.0cu.1498B20250826. Affected by this issue is the function setLanCfg of the file /usr/sbin/shttpd. Executing a manipulation of the argument Hostname can lead to os command injection. The attack may be launched remotely...

8.8CVSS0.03034EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/23 8:43 p.m.4 views

EUVD-2026-14612

Indico discloses local files resulting in Remote Code Execution through LaTeX injection...

7.7CVSS5.9AI score0.00782EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/03/23 3:15 p.m.28 views

CVE-2026-4591 kalcaddle kodbox fileThumb Endpoint app.php checkBin os command injection

A weakness has been identified in kalcaddle kodbox 1.64. This affects the function checkBin of the file /workspace/source-code/plugins/fileThumb/app.php of the component fileThumb Endpoint. Executing a manipulation can lead to os command injection. The attack can be executed remotely. The exploit...

5.8CVSS0.02097EPSS
Exploits0References4
OSV
OSV
added 2026/03/23 2:10 p.m.3 views

CVE-2026-33482 AVideo has an OS Command Injection via $() Shell Substitution Bypass in sanitizeFFmpegCommand()

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the sanitizeFFmpegCommand function in plugin/API/standAlone/functions.php is designed to prevent OS command injection in ffmpeg commands by stripping dangerous shell metacharacters &&, ;, |, , . However, it fails ...

8.1CVSS6.1AI score0.02061EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.9 views

PT-2026-27220

A flaw has been found in TOTOLINK X6000R 9.4.0cu.1360 B20241207/9.4.0cu.1498 B20250826. Affected by this issue is the function setLanCfg of the file /usr/sbin/shttpd. Executing a manipulation of the argument Hostname can lead to os command injection. The attack may be launched remotely...

8.6CVSS6.8AI score0.03034EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/03/23 12:0 a.m.9 views

WWBN AVideo 操作系统命令注入漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 26.0 contained a vulnerability related to operating system command injection. This vulnerability stemmed from the fact that the restreamer endpoint directly concatenated user inp...

8.8CVSS5.8AI score0.00612EPSS
Exploits1References2
Rows per page
Query Builder