CVE-2026-46643 Snappy: Binary path is never shell-escaped due to an inverted is_executable check

Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Prior to version 1.7.1, on POSIX, escapeshellarg‘/usr/bin/wkhtmltopdf’ returns the literal string ‘/usr/bin/wkhtmltopdf’ with the single-quote characters included. isexecutable then looks for a file...

CVE-2026-46643

CVE-2026-46643 affects KnLplabs Snappy (knplabs/knp-snappy) on POSIX, where escapeshellarg('/usr/bin/wkhtmltopdf') may still leave $command unescaped due to a faulty is_executable check. This allows command execution when the binary path is influenced by user input or environment data, as the saf...

Astra Linux – Vulnerability in Gegl

The loadcache function in GEGL before version 0.4.34 allows shell expansion when a pathname in a constructed command line is not escaped or filtered. This issue arises due to the use of the system library function for executing the ImageMagick convert fallback in magick-load. NOTE: GEGL versions...

PT-2026-5742

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.1.29 Description OpenClaw is a personal AI assistant with an OS command injection issue. The sshNodeCommand function improperly escapes user-supplied project paths, leading to potential arbitrary command executi...

Litestar has potential log injection in exception logging

Summary Litestar does not escape url paths when logging exceptions. This makes logger vulnerable to CRLF injection if logging level is configured to debug or logexceptions is set to "always", which allows attackers to inject newlines and forge log entries. Details Litestar directly formats unquot...

GHSA-674P-XV2X-RF3G Litestar has potential log injection in exception logging

Summary Litestar does not escape url paths when logging exceptions. This makes logger vulnerable to CRLF injection if logging level is configured to debug or logexceptions is set to "always", which allows attackers to inject newlines and forge log entries. Details Litestar directly formats unquot...

Django 安全漏洞

Django is a set of open source web application frameworks based on the Python language from the Django Foundation. The framework includes an object-oriented mapper, view system, template system, and more. A security vulnerability exists in Django versions prior to 5.2.2, prior to 5.1.10, and prio...

GHSA-WR3J-PWJ9-HQQ6 Path traversal in webpack-dev-middleware

Summary The webpack-dev-middleware middleware does not validate the supplied URL address sufficiently before returning the local file. It is possible to access any file on the developer's machine. Details The middleware can either work with the physical filesystem when reading the files or it can...

SUSE CVE-2021-45463

loadcache in GEGL before 0.4.34 allows shell expansion when a pathname in a constructed command line is not escaped or filtered. This is caused by use of the system library function for execution of the ImageMagick convert fallback in magick-load. NOTE: GEGL releases before 0.4.34 are used in GIM...

DEBIAN-CVE-2021-45463

loadcache in GEGL before 0.4.34 allows shell expansion when a pathname in a constructed command line is not escaped or filtered. This is caused by use of the system library function for execution of the ImageMagick convert fallback in magick-load. NOTE: GEGL releases before 0.4.34 are used in GIM...

UBUNTU-CVE-2021-45463

loadcache in GEGL before 0.4.34 allows shell expansion when a pathname in a constructed command line is not escaped or filtered. This is caused by use of the system library function for execution of the ImageMagick convert fallback in magick-load. NOTE: GEGL releases before 0.4.34 are used in GIM...

CVE-2020-23151

rConfig 3.9.5 allows command injection by sending a crafted GET request to lib/ajaxHandlers/ajaxArchiveFiles.php since the path parameter is passed directly to the exec function without being escaped...

rConfig 操作系统命令注入漏洞

rConfig is an open source network configuration management utility program. An operating system command injection vulnerability exists in rConfig version 3.9.5, which stems from the rConfig path parameter being passed directly to the exec function without being escaped. The vulnerability can be...

Cross-site Scripting (XSS)

Overview iobroker.web is a Web server on the base of Node.js and express to read the files from ioBroker DB. Affected versions of this package are vulnerable to Cross-site Scripting XSS. Characters in the GET url path are not properly escaped and can be reflected in the server response. Details...