CVE-2026-30898 Apache Airflow: Bad example of BashOperator shell injection via dag_run.conf

An example of BashOperator in Airflow documentation suggested a way of passing dagrun.conf in the way that could cause unsanitized user input to be used to escalate privileges of UI user to allow execute code on worker. Users should review if any of their own DAGs have adopted this incorrect advi...

CVE-2026-30898 Apache Airflow: Bad example of BashOperator shell injection via dag_run.conf

An example of BashOperator in Airflow documentation suggested a way of passing dagrun.conf in the way that could cause unsanitized user input to be used to escalate privileges of UI user to allow execute code on worker. Users should review if any of their own DAGs have adopted this incorrect advi...

CVE-2026-30898

CVE-2026-30898 concerns Apache Airflow where BashOperator usage documented in DAGs could pass dag_run.conf unsafely, enabling UI user privileges to execute code on workers. The issue arises from an example that could escalate privileges via shell injection-like behavior. The connected OSV entry c...

CVE-2026-35582 Emissary has an OS Command Injection via Unvalidated IN_FILE_ENDING / OUT_FILE_ENDING in Executrix

Emissary is a P2P based data-driven workflow engine. In versions 8.42.0 and below, Executrix.getCommand is vulnerable to OS command injection because it interpolates temporary file paths into a /bin/sh -c shell command string without any escaping or input validation. The INFILEENDING and...

EUVD-2026-23502

Dolibarr: OS Command Injection RCE via MAINODTASPDF configuration...

Updated cockpit-338 packages fix security vulnerability

Unauthenticated remote code execution due to ssh command-line argument injection. CVE-2026-4631...

AlmaLinux 9 : cockpitUnauthenticated remote code execution due to SSH command-line argument injection (Critical) (ALSA-2026:7384)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:7384 advisory. cockpit: ws: be more explicit when handling hostnames on cli CVE-2026-4631 Tenable has extracted the preceding description block directly from the AlmaLinux securi...

SUSE CVE-2026-35580

Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, GitHub Actions workflow files contained shell injection points where user-controlled workflowdispatch inputs were interpolated directly into shell commands via $ expression syntax. An attacker with repository write access could...

CVE-2026-40111

PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, he memory hooks executor in praisonaiagents passes a user-controlled command string directly to subprocess.run with shell=True at src/praisonai-agents/praisonaiagents/memory/hooks.py. No sanitization is performed and shell...

RHSA-2026:7382 Red Hat Security Advisory: cockpit: Unauthenticated remote code execution due to SSH command-line argument injection

Bulletin has no description...

EUVD-2026-21152

PraisonAIAgents has an OS Command Injection via shell=True in Memory Hooks Executor memory/hooks.py...

Critical: cockpit: Unauthenticated remote code execution due to SSH command-line argument injection

Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELinux troubleshooting, interactive command-line sessions, and more. Security Fixes: cockpit: ws: be more explicit when handling hostnames on cli...

CVE-2026-33791 Junos OS and Junos OS Evolved: Execution of crafted CLI commands allows for arbitrary shell injection as root

An OS Command Injection vulnerability in the CLI processing of Juniper Networks Junos OS and Junos OS Evolved allows a local, high-privileged attacker executing specific, crafted CLI commands to inject arbitrary shell commands as root, leading to a complete compromise of the system. Certain 'set...

CVE-2026-33791

CVE-2026-33791 affects Junos OS and Junos OS Evolved. The vulnerability lies in the CLI processing of certain crafted set system commands, where arguments are not properly sanitized, enabling an attacker with local, high privileges to inject arbitrary shell commands that execute as root. This can...

CVE-2026-21915 JSI Virtual Lightweight Collector: Shell escape allows privilege escalation to root

A Permissive List of Allowed Input vulnerability in the CLI of Juniper Networks Support Insights JSI Virtual Lightweight Collector vLWC allows a local, high privileged attacker to escalate their privileges to root. The CLI menu accepts input without carefully validating it, which allows for shell...

CVE-2026-21915 JSI Virtual Lightweight Collector: Shell escape allows privilege escalation to root

A Permissive List of Allowed Input vulnerability in the CLI of Juniper Networks Support Insights JSI Virtual Lightweight Collector vLWC allows a local, high privileged attacker to escalate their privileges to root. The CLI menu accepts input without carefully validating it, which allows for shell...

CVE-2026-40088

PraisonAI is a multi-agent teams system. Prior to 4.5.121, the executecommand function and workflow shell execution are exposed to user-controlled input via agent workflows, YAML definitions, and LLM-generated tool calls, allowing attackers to inject arbitrary shell commands through shell...

PT-2026-31780

Name of the Vulnerable Software and Affected Versions PraisonAIAgents versions prior to 1.5.128 Description PraisonAIAgents is a multi-agent teams system. The memory hooks executor in PraisonAIAgents passes a user-controlled command string directly to subprocess.run with shell=True at...

CVE-2026-35581

Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, the Executrix utility class constructed shell commands by concatenating configuration-derived values — including the PLACENAME parameter — with insufficient sanitization. Only spaces were replaced with underscores, allowing she...

EUVD-2026-19728

Emissary has GitHub Actions Shell Injection via Workflow Inputs...