This page collects WhisperX intelligence signals tagged #CWE-78. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A critical security audit of the PraisonAI codebase has revealed 29 unaddressed shell injection vulnerabilities, classified as CWE-78, posing a direct risk of arbitrary command execution. These high-risk flaws persist despite a recent security push that successfully patched other issues, indicating a deliberate deferra...
A high-severity security vulnerability has been flagged in a project's test suite, exposing a potential shell injection risk. The automated security scanner Bandit identified a `subprocess.Popen` call configured with `shell=True` in the file `tests/unit_tests/fixtures/bash_mock.py` at line 27. This pattern, classified ...
A high-severity security vulnerability has been flagged in a key automation script, exposing the codebase to potential shell injection attacks. The automated scanner `bandit` identified the use of `subprocess.Popen` with `shell=True` in the file `scripts/cypress_run.py` at line 83. This coding pattern, classified under...
A high-severity security vulnerability has been flagged in a GitHub project's environment-checking script. The automated security scanner Bandit identified a `subprocess.Popen` call with `shell=True` in the file `scripts/check-env.py` at line 50. This coding pattern, classified under CWE-78 (Improper Neutralization of ...
A high-severity security vulnerability has been flagged in the project's release automation code. The automated security scanner `bandit` identified a `B605` rule violation—'Start Process With A Shell'—on line 281 of the `RELEASING/changelog.py` file. This class of vulnerability, categorized under CWE-78 (Improper Neut...
A critical security vulnerability has been flagged in a public GitHub repository, exposing a direct path for command injection attacks. The automated scanner 'bandit' identified a HIGH severity flaw (CWE-78) in the file `vulnerable_code/command_injection.py`. The issue stems from the dangerous use of `subprocess.call()...
A high-severity security vulnerability has been flagged within a project's test suite, exposing a potential command injection vector. The automated security scanner Bandit identified a `subprocess.Popen` call configured with `shell=True` in the file `tests/unit_tests/fixtures/bash_mock.py` at line 27. This pattern, cla...
A high-severity security vulnerability has been flagged in a key automation script, exposing a potential command injection attack vector. The automated security scanner Bandit identified the issue as rule B602 (CWE-78) within the file `scripts/cypress_run.py` at line 83. The core of the vulnerability is the use of `sub...
A high-severity security vulnerability has been flagged in the project's release automation code. The automated security scanner Bandit identified a 'Start Process With A Shell' flaw (Rule B605) on line 281 of the `RELEASING/changelog.py` file. This class of vulnerability, categorized under CWE-78, indicates a potentia...
A high-severity security vulnerability has been flagged in a key automation script, exposing the codebase to potential shell injection attacks. The scanner identified a `subprocess.Popen` call configured with `shell=True` in the file `scripts/cypress_run.py` at line 83. This configuration is a known security anti-patte...
A critical security flaw has been flagged in the Apache Superset codebase, exposing a potential command injection vulnerability. The automated security scanner 'bandit' identified a HIGH severity issue (CWE-78) in a file named `command_injection.py`. The vulnerability stems from the unsafe use of `os.system()` with uns...
A high-severity security flaw has been flagged within the Apache Superset project's codebase, exposing a potential command injection vulnerability. The automated security scanner Bandit identified a critical issue in the file `command_injection.py` at line 22, where a `subprocess.call()` function is executed with `shel...
A high-severity security flaw has been flagged within the Apache Superset codebase, exposing a potential command injection vulnerability. The automated security scanner 'bandit' identified a critical instance where the Python subprocess module is invoked with the dangerous `shell=True` parameter. This configuration all...
A critical security vulnerability in a Python application's `app.py` file allows remote attackers to execute arbitrary system commands on the host server. The flaw, classified as OS Command Injection (CWE-78), is located in the `search` function at line 120, where unsanitized user input is directly interpolated into a ...
A critical security regression has been identified in the staging environment at commit 36240c75, involving the deleteViaEphemeral function. The vulnerability, catalogued as F1502 under CWE-78 (OS Command Injection), stems from shell string concatenation in the deletion logic. The affected code constructs the command a...
A serious OS command injection flaw has been identified and patched in workspace-server, potentially allowing malicious actors to delete files outside the intended `/configs` volume directory. The vulnerability, designated F1085 and classified as CWE-78, stems from how the `deleteViaEphemeral` function constructs shell...
A critical scope vulnerability has been identified in the `deleteViaEphemeral` utility function, classified under F1085 and mapped to CWE-78 and CWE-22. The flaw causes the function to delete the entire `/configs` volume mount rather than scoped individual files, representing a severe data destruction risk for any syst...
A critical security vulnerability tracked as CVE-2026-42454 has been disclosed in Termix-SSH, affecting all versions prior to 2.1.0. The flaw enables authenticated users to execute arbitrary operating system commands through the containerId parameter, creating a direct pathway to remote code execution on managed server...
A critical OS command injection vulnerability has been identified in pgAdmin 4, the widely-used open-source administration platform for PostgreSQL databases. Tracked as CVE-2026-7816 and assigned a CVSS score of 8.8 (High), the flaw resides in the Import/Export query export functionality, where user-supplied input is c...