CVE-2026-34937

PraisonAI is a multi-agent teams system. Prior to version 1.5.90, runpython in praisonai constructs a shell command string by interpolating user-controlled code into python3 -c "" and passing it to subprocess.run..., shell=True. The escaping logic only handles \ and ", leaving $ and backtick...

CVE-2025-33122 IBM i privilege escalation

IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 could allow a user to gain elevated privileges due to an unqualified library call in IBM Advanced Job Scheduler for i. A malicious actor could cause user-controlled code to run with administrator privilege...

CVE-2025-33108

IBM Backup, Recovery and Media Services for i 7.4 and 7.5 could allow a user with the capability to compile or restore a program to gain elevated privileges due to a library unqualified call made by a BRMS program. A malicious actor could cause user-controlled code to run with component access to...

CVE-2024-55898 IBM i privilege escalation

IBM i 7.2, 7.3, 7.4, and 7.5 could allow a user with the capability to compile or restore a program to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege...

IBM System Management for i Code Issue Vulnerability

IBM System Management for i is a management system from International Business Machines IBM. A code issue vulnerability exists in IBM System Management for i versions 7.2, 7.3, and 7.4, which can be exploited by an attacker to cause user-controlled code to run with administrator privileges...

CVE-2024-25050

CVE-2024-25050 affects IBM i versions 7.2–7.5 and IBM Rational Development Studio for i versions 7.2–7.5. The root cause is an unqualified library call in the networking and compiler infrastructure, allowing a local user to execute user-controlled code with elevated (administrator) privileges. Im...