Title: HummerRisk <=1.5.0 Command Injection Description: HummerRisk version <=1.5.0 contains a critical immediate command injection vulnerability in its cloud task dry-run functionality. Attackers with permissions to execute dry-run tasks can inject arbitrary operating system commands through the fileName parameter, which is used directly in command construction without validation and executed immediately upon request. Source:  User: Ana10gy (UID 93358) Submission: 02/13/2026 09:39 AM (11 days ago) Moderation: 02/23/2026 07:51 PM (10 days later) Status: Accepted VulDB entry: 347416 [HummerRisk up to 1.5.0 Cloud Task Dry-run CloudTaskService.java CommandUtils.commonExecCmdWithResult fileName command injection] Points: 19