45064 matches found
EUVD-2026-40172
luci-proto-openvpn through 0.11.1, fixed in commit e4ff45e, contains a command injection vulnerability in the generateKey ubus method where the clmeta parameter is interpolated into a shell command without proper escaping or quoting. An authenticated LuCI user with OpenVPN protocol configuration...
CVE-2026-12856
A flaw was found in the vscode-java extension, which provides Java language support for Visual Studio Code. The extension incorrectly trusts all Markdown content in JavaDoc hovers, allowing a malicious Java file to include hidden commands. If a user clicks a specially crafted link within a JavaDo...
CVE-2026-12856
A flaw was found in the vscode-java extension, which provides Java language support for Visual Studio Code. The extension incorrectly trusts all Markdown content in JavaDoc hovers, allowing a malicious Java file to include hidden commands. If a user clicks a specially crafted link within a JavaDo...
PYSEC-2026-418 MLflow: Improper Origin Validation in MLflow Assistant /ajax-api Endpoints Enables Browser-Mediated Local Command Execution
In MLflow version 3.9.0, the MLflow Assistant feature introduced improper origin validation in its /ajax-api endpoints. This vulnerability allows a remote attacker to exploit cross-origin requests from a malicious webpage to interact with the MLflow Assistant running on a victim's local machine. ...
PYSEC-2026-330 EPyT-Flow vulnerable to unsafe JSON deserialization (__type__)
Impact EPyT-Flow’s REST API parses attacker-controlled JSON request bodies using a custom deserializer myloadfromjson that supports a type field. When type is present, the deserializer dynamically imports an attacker-specified module/class and instantiates it with attacker-supplied arguments. Thi...
PYSEC-2026-483 PraisonAI vulnerable to sandbox escape via `print.__self__` builtins module leak in `execute_code` (subprocess mode)
Summary executecode in praisonaiagents/tools/pythontools.py v1.6.37, subprocess sandbox mode can be fully bypassed using print.self to retrieve the real Python builtins module, from which import can be extracted via vars and runtime string construction. This achieves arbitrary OS command executio...
PYSEC-2026-484 PraisonAI: Python Sandbox Escape via str Subclass startswith() Override in execute_code
Summary executecode in praisonai-agents runs attacker-controlled Python inside a three-layer sandbox that can be fully bypassed by passing a str subclass with an overridden startswith method to the safegetattr wrapper, achieving arbitrary OS command execution on the host. Details pythontools.py:2...
PYSEC-2026-487 PraisonAIAgents has an OS Command Injection via shell=True in Memory Hooks Executor (memory/hooks.py)
Summary The memory hooks executor in praisonaiagents passes a user-controlled command string directly to subprocess.run with shell=True at src/praisonai-agents/praisonaiagents/memory/hooks.py lines 303 to 305. No sanitization, no shlex.quote, no character filter, and no allowlist check exists...
PYSEC-2026-471 PraisonAI: OS Command Injection in MCPHandler.parse_mcp_command()
Summary The --mcp CLI argument is passed directly to shlex.split and forwarded through the call chain to anyio.openprocess with no validation, allowlist check, or sanitization at any hop, allowing arbitrary OS command execution as the process user. Details cli/features/mcp.py:61 source -...
PYSEC-2026-422 MLFlow Path Traversal Vulnerability
A malicious user could use this issue to get command execution on the vulnerable machine and get access to data & models information...
PYSEC-2026-417 Remote Code Execution due to Full Controled File Write in mlflow
The mlflow web server includes tools for tracking experiments, packaging code into reproducible runs, and sharing and deploying models. As this vulnerability allows to write / overwrite any file on the file system, it gives a lot of ways to archive code execution like overwriting /home//.bashrc. ...
PYSEC-2026-352 H2O.ai H2O vulnerable to deserialization attacks via a JDBC Connection URL
H2O.ai H2O through 3.46.0.4 allows attackers to arbitrarily set the JDBC URL, leading to deserialization attacks, file reads, and command execution. Exploitation can occur when an attacker has access to post to the ImportSQLTable URI with a JSON document containing a connectionurl property with a...
PYSEC-2026-310 changedetection.io has a Server Side Template Injection using Jinja2 which allows Remote Command Execution
Summary A Server Side Template Injection in changedetection.io caused by usage of unsafe functions of Jinja2 allows Remote Command Execution on the server host. Details changedetection.io version: 0.45.20 docker images REPOSITORY TAG IMAGE ID CREATED SIZE dgtlmoon/changedetection.io latest...
PYSEC-2026-450 pgadmin4 has a Meta-Command Filter Command Execution
The PLAIN restore meta-command filter introduced in pgAdmin as part of the fix for CVE-2025-12762 does not detect meta-commands when a SQL file begins with a UTF-8 Byte Order Mark EF BB BF or other special byte sequences. The implemented filter uses the function hasmetacommands, which scans raw...
PYSEC-2026-409 mcp-kubernetes-server has an OS Command Injection vulnerability
feiskyer/mcp-kubernetes-server through 0.1.11 allows OS command injection via the /mcp/kubectl endpoint. The handler constructs a shell command with user-supplied arguments and executes it with subprocess using shell=True, enabling injection through shell metacharacters e.g., ;, &&, $, even when...
PYSEC-2026-281 Improper Neutralization of Argument Delimiters in a Decompiling Package Process in APKLeaks
APKLeaks prior to v2.0.4 allows remote authenticated attackers to execute arbitrary OS commands via package name inside the application manifest. Impact An authenticated attacker could include arguments that allow unintended commands or code to be executed, allow sensitive data to be read or...
Important: Red Hat Security Advisory: vim security update
An update for vim is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...
TerraMaster TOS - Unauthenticated Remote Command Execution
TerraMaster TOS = 4.2.06 is susceptible to a remote code execution vulnerability which could allow remote unauthenticated attackers to inject OS commands via /include/makecvs.php via the Event parameter. id: CVE-2020-28188 info: name: TerraMaster TOS - Unauthenticated Remote Command Execution...
SPIP - Remote Command Execution
SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1. id: CVE-2023-27372 info: name: SPIP - Remote Command Execution author: DhiyaneshDK,nuts7 severity: critical description: ...
PT-2026-53737
Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.471 Description An authenticated command injection issue exists in the Destination Network Management functionality. Users with destination management permissions can execute arbitrary commands as root on...