OS Command Injection

tkeasygui is vulnerable to OS Command Injection. The vulnerability is due to settings that construct messages from external sources without validation, allowing attackers to supply crafted input e.g., shell metacharacters to execute arbitrary OS commands...

Uncontrolled Search Path Element

tkeasygui is vulnerable to Uncontrolled Search Path Element. The vulnerability is due to improper control over the directories searched for executable files, which allows an attacker to place malicious files in a trusted path and execute arbitrary code with the privileges of the running program...

EUVD-2025-26998

Malicious code in bioql PyPI...

TkEasyGUI Affected by Uncontrolled Search Path Element Issue

Uncontrolled search path element issue exists in TkEasyGUI versions prior to v1.0.22. If this vulnerability is exploited, arbitrary code may be executed with the privilege of running the program...

GHSA-PH2W-CX28-VHRQ TkEasyGUI Affected by Uncontrolled Search Path Element Issue

Uncontrolled search path element issue exists in TkEasyGUI versions prior to v1.0.22. If this vulnerability is exploited, arbitrary code may be executed with the privilege of running the program...

GHSA-HFRJ-3W3G-JV32 TkEasyGUI Vulnerable to OS Command Injection

Improper neutralization of special elements used in an OS command 'OS Command Injection' issue exists in TkEasyGUI versions prior to v1.0.22. If this vulnerability is exploited, an arbitrary OS command may be executed by a remote unauthenticated attacker if the settings are configured to construc...

TkEasyGUI Vulnerable to OS Command Injection

Improper neutralization of special elements used in an OS command 'OS Command Injection' issue exists in TkEasyGUI versions prior to v1.0.22. If this vulnerability is exploited, an arbitrary OS command may be executed by a remote unauthenticated attacker if the settings are configured to construc...

CVE-2025-55037

Improper neutralization of special elements used in an OS command 'OS Command Injection' issue exists in TkEasyGUI versions prior to v1.0.22. If this vulnerability is exploited, an arbitrary OS command may be executed by a remote unauthenticated attacker if the settings are configured to construc...

CVE-2025-55671

Uncontrolled search path element issue exists in TkEasyGUI versions prior to v1.0.22. If this vulnerability is exploited, arbitrary code may be executed with the privilege of running the program...

CVE-2025-55037

Improper neutralization of special elements used in an OS command 'OS Command Injection' issue exists in TkEasyGUI versions prior to v1.0.22. If this vulnerability is exploited, an arbitrary OS command may be executed by a remote unauthenticated attacker if the settings are configured to construc...

Multiple vulnerabilities in TkEasyGUI

Overview TkEasyGUI provided by kujirahand contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2025-55037 Uncontrolled search path element CWE-427 - CVE-2025-55671 Satoki Tsuji of Ikotas Labs, Inc. reported these vulnerabilities to IPA. JPCERT/CC coordinated with the...

Command Injection

Overview TkEasyGUI is a TkEasyGUI is simple GUI Library for Python3 with Tkinter Affected versions of this package are vulnerable to Command Injection via improper neutralization of special elements in the popupnotify method. An attacker can execute arbitrary operating system commands by sending...

CVE-2025-55671

Uncontrolled search path element issue exists in TkEasyGUI versions prior to v1.0.22. If this vulnerability is exploited, arbitrary code may be executed with the privilege of running the program...

CVE-2025-55037

TkEasyGUI (Python) has an OS command injection vulnerability (CVE-2025-55037) affecting versions prior to v1.0.22. The issue arises from improper neutralization of special elements used in OS commands, enabling a remote unauthenticated attacker to execute arbitrary commands when messages are cons...

CVE-2025-55037

Improper neutralization of special elements used in an OS command 'OS Command Injection' issue exists in TkEasyGUI versions prior to v1.0.22. If this vulnerability is exploited, an arbitrary OS command may be executed by a remote unauthenticated attacker if the settings are configured to construc...

PT-2025-36112

Name of the Vulnerable Software and Affected Versions: TkEasyGUI versions prior to 1.0.22 Description: An uncontrolled search path element issue exists that may lead to arbitrary code execution with the privileges of the running program. Recommendations: Update TkEasyGUI to version 1.0.22 or late...

TkEasyGUI 代码问题漏洞

TkEasyGUI is a GUI library in Python by the individual developer kujirahand. A code issue vulnerability exists in TkEasyGUI versions prior to 1.0.22, which stems from improper control of the search path element and could allow execution of arbitrary code with program run privileges...

PT-2025-36111

Name of the Vulnerable Software and Affected Versions: TkEasyGUI versions prior to 1.0.22 Description: An OS Command Injection issue exists in TkEasyGUI. If exploited, an unauthenticated remote attacker may execute arbitrary OS commands if the settings are configured to construct messages from...

TkEasyGUI 操作系统命令注入漏洞

TkEasyGUI is a GUI library in Python by the individual developer kujirahand. An operating system command injection vulnerability exists in TkEasyGUI versions prior to 1.0.22, which stems from improper neutralization of a special element and could allow a remote, unauthenticated attacker to execut...