Mechanize is an open-source ruby library that makes automated web interaction easy. In Mechanize from version 2.0.0 and before version 2.7.7 there is a command injection vulnerability. Affected versio...

OS Command Injection in GitHub repository jgraph/drawio prior to 21.5.0.

yt-dlp is a youtube-dl fork with additional features and fixes. The patch that addressed CVE-2023-40581 attempted to prevent RCE when using `--exec` with `%q` by replacing double quotes with two doubl...

Litestar is an Asynchronous Server Gateway Interface (ASGI) framework. In versions 2.10.0 and prior, Litestar's `docs-preview.yml` workflow is vulnerable to Environment Variable injection which may le...

OS Command Injection vulnerability in Revolution Pi version 2022-07-28-revpi-buster from KUNBUS GmbH. This vulnerability could allow an authenticated attacker to execute OS commands on the device via ...

AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow local users to execute arbitrary commands in a privileged context via an NfSen socket, aka AlienVault ID ENG-104863.