📄 Horilla 1.3 Remote Command Execution

Horilla versions 1.3 and below suffer from a remote command execution vulnerability. Exploit Title: Horilla v1.3 - RCE Date: 2025-05-29 Exploit Author: Raghad Abdallah Al-syouf Version: = 1.3 Tested on: Ubuntu / Docker CVE: CVE-2025-48868 Description: This script exploits the authenticated RCE...

📄 ZSH 5.9 Remote Command Execution

ZSH version 5.9 proof of concept remote command execution exploit. Exploit ZSH 5.9 - RCE Date: 30-12-2025 Exploit Author: sinanadilrana import pexpect import sys import time def debugprintmsg: printf"DEBUG msg" def returntogdbgdb, maxattempts=3, timeout=3: """More reliable function to return to G...

📄 Jumbo Website Manager Shell Upload

Proof of concept exploit that demonstrates a remote shell upload vulnerability in Jumbo Website Manage version 1.3.7. Exploit Title: Jumbo Website Manager - Remote Code Execution Application: Jumbo Website Manager Version: v1.3.7 Bugs: RCE Technology: PHP Vendor URL:...

Critical: cockpit: Unauthenticated remote code execution due to SSH command-line argument injection

Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELinux troubleshooting, interactive command-line sessions, and more. Security Fixes: cockpit: ws: be more explicit when handling hostnames on cli...

SUSE CVE-2026-40024

The Sleuth Kit through 4.14.0 contains a path traversal vulnerability in tskrecover that allows an attacker to write files to arbitrary locations outside the intended recovery directory via crafted filenames or directory paths with path traversal sequences in a filesystem image. An attacker can...

CVE-2026-40153

PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, the executecommand function in shelltools.py calls os.path.expandvars on every command argument at line 64, manually re-implementing shell-level environment variable expansion despite using shell=False line 88 for security. This...

CVE-2026-40149

PraisonAI is a multi-agent teams system. Prior to 4.5.128, the gateway's /api/approval/allow-list endpoint permits unauthenticated modification of the tool approval allowlist when no authtoken is configured the default. By adding dangerous tool names e.g., shellexec, filewrite to the allowlist, a...

CVE-2026-40111

PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, he memory hooks executor in praisonaiagents passes a user-controlled command string directly to subprocess.run with shell=True at src/praisonai-agents/praisonaiagents/memory/hooks.py. No sanitization is performed and shell...

CVE-2026-33791 Junos OS and Junos OS Evolved: Execution of crafted CLI commands allows for arbitrary shell injection as root

An OS Command Injection vulnerability in the CLI processing of Juniper Networks Junos OS and Junos OS Evolved allows a local, high-privileged attacker executing specific, crafted CLI commands to inject arbitrary shell commands as root, leading to a complete compromise of the system. Certain 'set...

CVE-2026-33791

CVE-2026-33791 affects Junos OS and Junos OS Evolved. The vulnerability lies in the CLI processing of certain crafted set system commands, where arguments are not properly sanitized, enabling an attacker with local, high privileges to inject arbitrary shell commands that execute as root. This can...

JLSEC-2026-67

ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9...

JLSEC-2026-70

In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or...

CVE-2025-13914 Apstra: SSH host key validation vulnerability for managed devices

A Key Exchange without Entity Authentication vulnerability in the SSH implementation of Juniper Networks Apstra allows a unauthenticated, MITM attacker to impersonate managed devices. Due to insufficient SSH host key validation an attacker can perform a machine-in-the-middle attack on the SSH...

CVE-2025-13914

CVE-2025-13914 concerns Juniper Networks Apstra SSH host key validation, described as a Key Exchange without Entity Authentication vulnerability. The issue enables an unauthenticated attacker to perform a man-in-the-middle attack on SSH connections from Apstra to managed devices, allowing imperso...

CVE-2026-40153

PraisonAIAgents is affected by CVE-2026-40153: prior to 1.5.128, execute_command in shell_tools.py expands environment variables via os.path.expandvars() for all command arguments, despite shell=False, enabling exfiltration of secrets (DB credentials, API keys, cloud keys). The approval UI also s...

CVE-2026-40153

PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, the executecommand function in shelltools.py calls os.path.expandvars on every command argument at line 64, manually re-implementing shell-level environment variable expansion despite using shell=False line 88 for security. This...

CVE-2026-40153 PraisonAIAgents Affected by Environment Variable Secret Exfiltration via os.path.expandvars() Bypassing shell=False in Shell Tool

PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, the executecommand function in shelltools.py calls os.path.expandvars on every command argument at line 64, manually re-implementing shell-level environment variable expansion despite using shell=False line 88 for security. This...

CVE-2026-40153 PraisonAIAgents Affected by Environment Variable Secret Exfiltration via os.path.expandvars() Bypassing shell=False in Shell Tool

PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, the executecommand function in shelltools.py calls os.path.expandvars on every command argument at line 64, manually re-implementing shell-level environment variable expansion despite using shell=False line 88 for security. This...

CVE-2026-21915 JSI Virtual Lightweight Collector: Shell escape allows privilege escalation to root

A Permissive List of Allowed Input vulnerability in the CLI of Juniper Networks Support Insights JSI Virtual Lightweight Collector vLWC allows a local, high privileged attacker to escalate their privileges to root. The CLI menu accepts input without carefully validating it, which allows for shell...

CVE-2026-21915 JSI Virtual Lightweight Collector: Shell escape allows privilege escalation to root

A Permissive List of Allowed Input vulnerability in the CLI of Juniper Networks Support Insights JSI Virtual Lightweight Collector vLWC allows a local, high privileged attacker to escalate their privileges to root. The CLI menu accepts input without carefully validating it, which allows for shell...