60 matches found
CVE-2026-46618 Fission builder accepts arbitrary buildcmd strings from Environment.spec.builder.command, allowing the builder pod to invoke arbitrary executables
Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.23.0, before the round-1 security sweep, pkg/builder/builder.go passed Environment.spec.builder.command directly into exec.Command...
CVE-2026-46618 Fission builder accepts arbitrary buildcmd strings from Environment.spec.builder.command, allowing the builder pod to invoke arbitrary executables
Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.23.0, before the round-1 security sweep, pkg/builder/builder.go passed Environment.spec.builder.command directly into exec.Command...
CVE-2026-41497
PraisonAI is a multi-agent teams system. Prior to version 4.6.9, the fix for PraisonAI's MCP command handling does not add a command allowlist or argument validation to parsemcpcommand, allowing arbitrary executables like bash, python, or /bin/sh with inline code execution flags to pass through t...
CVE-2026-41497 Incomplete fix for CVE-2026-34935: Command Injection in MervinPraison/PraisonAI
PraisonAI is a multi-agent teams system. Prior to version 4.6.9, the fix for PraisonAI's MCP command handling does not add a command allowlist or argument validation to parsemcpcommand, allowing arbitrary executables like bash, python, or /bin/sh with inline code execution flags to pass through t...
PraisonAI 命令注入漏洞
PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI prior to 4.6.9 had a command injection vulnerability. This vulnerability stemmed from the lack of a command whitelist or parameter validation in the MCP command processing mechanism,...
EUVD-2026-14949
IDrive’s idservice.exe process runs with elevated privileges and regularly reads from several files under the C:\ProgramData\IDrive\ directory. The UTF16-LE encoded contents of these files are used as arguments for starting a process, but they can be edited by any standard user logged into the...
CVE-2026-1995
CVE-2026-1995 – IDrive for Windows privilege escalation : The id_service.exe process runs with SYSTEM privileges and reads UTF-16LE files under C:\ProgramData\IDrive. Any standard user can edit these files, enabling an attacker to overwrite or point the file contents to an arbitrary executable. T...
CVE-2026-2999
IDExpert Windows Logon Agent developed by Changing has a Remote Code Execution vulnerability, allowing unauthenticated remote attackers to force the system to download arbitrary executable files from a remote source and execute them...
CVE-2026-2999
IDExpert Windows Logon Agent developed by Changing has a Remote Code Execution vulnerability, allowing unauthenticated remote attackers to force the system to download arbitrary executable files from a remote source and execute them...
CVE-2026-2999 Changing|IDExpert Windows Logon Agent - Remote Code Execution
IDExpert Windows Logon Agent developed by Changing has a Remote Code Execution vulnerability, allowing unauthenticated remote attackers to force the system to download arbitrary executable files from a remote source and execute them...
CVE-2026-2999 Changing|IDExpert Windows Logon Agent - Remote Code Execution
IDExpert Windows Logon Agent developed by Changing has a Remote Code Execution vulnerability, allowing unauthenticated remote attackers to force the system to download arbitrary executable files from a remote source and execute them...
CVE-2026-2999
CVE-2026-2999 affects IDExpert Windows Logon Agent by Changing. Described vulnerability: unauthenticated remote RCE that enables forcing the system to download and execute arbitrary executables from a remote source. The provided documents do not specify affected versions, root cause details beyon...
Changing IDExpert Windows Logon Agent 安全漏洞
Changing IDExpert Windows Logon Agent is an identity authentication client software developed by Changing, a company based in Taiwan, China. This software is designed to enhance security during Windows login processes. Changing IDExpert Windows Logon Agent contains a security vulnerability that...
CVE-2026-1046
Mattermost Desktop App versions =6.0 6.2.0 5.2.13.0 fail to validate help links which allows a malicious Mattermost server to execute arbitrary executables on a user’s system via the user clicking on certain items in the Help menu Mattermost Advisory ID: MMSA-2026-00577...
PT-2026-8342
Name of the Vulnerable Software and Affected Versions Mattermost versions 5.2.13.0 and earlier, versions 6.0 and 6.2.0 and earlier Description The Mattermost Desktop App does not properly validate help links. This allows a malicious Mattermost server to execute arbitrary executables on a user’s...
FUXA 安全漏洞
FUXA is a web-based process visualization software developed by frangoteam. Versions 1.2.8 to 1.2.10 of FUXA have security vulnerabilities. These vulnerabilities stem from authorization bypasses, which may allow unverified remote attackers to create and modify arbitrary executables...
CVE-2025-54964
An issue was discovered in BAE SOCET GXP before 4.6.0.2. An attacker with the ability to interact with the GXP Job Service may inject arbitrary executables. If the Job Service is configured for local-only access, this may allow for privilege escalation in certain situations. If the Job Service is...
EUVD-2024-37257
Malicious code in bioql PyPI...
CVE-2025-56513
NiceHash QuickMiner 6.12.0 perform software updates over HTTP without validating digital signatures or hash checks. An attacker capable of intercepting or redirecting traffic to the update url and can hijack the update process and deliver arbitrary executables that are automatically executed,...
CVE-2025-56513
NiceHash QuickMiner 6.12.0 perform software updates over HTTP without validating digital signatures or hash checks. An attacker capable of intercepting or redirecting traffic to the update url and can hijack the update process and deliver arbitrary executables that are automatically executed,...