PT-2026-30721

dye is a portable and respectful color library for shell scripts. Prior to 1.1.1, certain dye template expressions would result in execution of arbitrary code. This issue was discovered and fixed by dye's author, and is not known to be exploited. This vulnerability is fixed in 1.1.1...

📄 Fuel CMS 1.4.1 Remote Command Execution

Fuel CMS version 1.4.1 unauthenticated remote command execution exploit that leverages an issue discovered back in 2018. !/usr/bin/python3 Exploit Title: Fuel CMS 1.4.1 - Remote Code Execution RCE via filter parameter Google Dork: intitle:"Welcome to Fuel CMS" inurl:/fuel/ Date: 2025-04-05 Exploi...

EUVD-2019-20107

Pegasus CMS 1.0 contains a remote code execution vulnerability in the extrafields.php plugin that allows unauthenticated attackers to execute arbitrary commands by exploiting unsafe eval functionality. Attackers can send POST requests to the submit.php endpoint with malicious PHP code in the acti...

CVE-2019-25687

Pegasus CMS 1.0 contains a remote code execution vulnerability in the extrafields.php plugin that allows unauthenticated attackers to execute arbitrary commands by exploiting unsafe eval functionality. Attackers can send POST requests to the submit.php endpoint with malicious PHP code in the acti...

CVE-2019-25671

VA MAX 8.3.4 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by injecting shell metacharacters into the mtueth0 parameter. Attackers can send POST requests to the changeip.php endpoint with malicious payload in the mtueth0 field to...

CVE-2019-25687

Pegasus CMS 1.0 is affected by a remote code execution vulnerability in the extra_fields.php plugin. The flaw arises from unsafe eval usage, allowing unauthenticated attackers to send malicious PHP code via the action parameter in POST requests to submit.php, achieving code execution and an inter...

CVE-2019-25671 VA MAX 8.3.4 Remote Code Execution via changeip.php

VA MAX 8.3.4 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by injecting shell metacharacters into the mtueth0 parameter. Attackers can send POST requests to the changeip.php endpoint with malicious payload in the mtueth0 field to...

actions-mkdocs: Command Injection via issue title in internal GitHub Actions workflow

Summary External input from github.event.issue.title is used unsafely in a shell command in .github/workflows/release-candidate.yaml, allowing command injection during workflow execution. Details In .github/workflows/release-candidate.yaml, the issue title is interpolated directly into a shell...

CVE-2026-34955

PraisonAI is a multi-agent teams system. Prior to version 4.5.97, SubprocessSandbox in all modes BASIC, STRICT, NETWORKISOLATED calls subprocess.run with shell=True and relies solely on string-pattern matching to block dangerous commands. The blocklist does not include sh or bash as standalone...

PT-2026-30388

Breaking CyberSecurity News For 2026.04.04 | Pithy Cyborg | Threats. Breaches. Intel. ➔ Google patched CVE-2026-5281, a use-after-free bug in Dawn WebGPU, marking the fourth Chrome zero-day exploited in the wild this year. Affected versions were updated to 146.0.7680.177/178 for Windows, macOS, a...

PT-2026-30336

Name of the Vulnerable Software and Affected Versions AVideo versions 26.0 and prior Description The plugin/CloneSite/client.log.php endpoint serves the clone operation log file without authentication. Other endpoints in the CloneSite plugin directory enforce User::isAdmin. The log contains...

Linux Distros Unpatched Vulnerability : CVE-2026-35386

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within a command line. This requires a scenario where the username on...

PraisonAI 操作系统命令注入漏洞

PraisonAI is a low-code multi-intelligent body collaboration framework. PraisonAI suffers from an operating system command injection vulnerability that stems from the fact that SubprocessSandbox relies on string pattern matching to block dangerous commands in all modes and the block list does not...

SUSE CVE-2026-35386

In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within a command line. This requires a scenario where the username on the command line is untrusted, and also requires a non-default configurations of % in sshconfig...

CVE-2026-34937

PraisonAI is a multi-agent teams system. Prior to version 1.5.90, runpython in praisonai constructs a shell command string by interpolating user-controlled code into python3 -c "" and passing it to subprocess.run..., shell=True. The escaping logic only handles \ and ", leaving $ and backtick...

CVE-2026-34955 PraisonAI: Sandbox Escape via shell=True and Bypassable Blocklist in SubprocessSandbox

PraisonAI is a multi-agent teams system. Prior to version 4.5.97, SubprocessSandbox in all modes BASIC, STRICT, NETWORKISOLATED calls subprocess.run with shell=True and relies solely on string-pattern matching to block dangerous commands. The blocklist does not include sh or bash as standalone...

CVE-2026-34955

CVE-2026-34955 relates to PraisonAI’s SubprocessSandbox (PraisonAI, version around 4.5.87 as shown in PoC) where all sandbox modes (BASIC, STRICT, NETWORK_ISOLATED) use subprocess.run() with shell=True and rely on a string-pattern blocklist. The policy does not block shell invocations like sh/bas...

CVE-2026-34955 PraisonAI: Sandbox Escape via shell=True and Bypassable Blocklist in SubprocessSandbox

PraisonAI is a multi-agent teams system. Prior to version 4.5.97, SubprocessSandbox in all modes BASIC, STRICT, NETWORKISOLATED calls subprocess.run with shell=True and relies solely on string-pattern matching to block dangerous commands. The blocklist does not include sh or bash as standalone...

CVE-2026-25212

An issue was discovered in Percona PMM before 3.7. Because an internal database user retains specific superuser privileges, an attacker with pmm-admin rights can abuse the "Add data source" feature to break out of the database context and execute shell commands on the underlying operating system...

CVE-2026-34937

Summary of CVE-2026-34937 : A GitHub advisory for PraisonAI exposes a shell injection in run_python() via unescaped $() substitution. The function builds a shell command string by interpolating user-controlled code into python3 -c "" and passes it to subprocess.run with shell=True. The escaping o...