CVE-2026-1345

IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 could allow an unauthenticated user to execute arbitrary commands as lowe...

CVE-2026-1345

CVE-2026-1345 is a concrete IBM vulnerability affecting IBM Verify Identity Access Container (11.0–11.0.2) and IBM Security Verify Access Container (10.0–10.0.9.1). The issue allows an unauthenticated attacker to execute arbitrary commands as a lower-privilege user due to improper validation of u...

CVE-2026-20160 Cisco Smart Software Manager On-Prem Arbitrary Command Execution Vulnerability

A vulnerability in Cisco Smart Software Manager On-Prem SSM On-Prem could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected SSM On-Prem host. This vulnerability is due to the unintentional exposure of an internal service. An...

CVE-2026-20096 Cisco Integrated Management Controller Command Injection Vulnerability

A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with admin-level privileges to perform command injection attacks on an affected system and execute arbitrary commands as the root user. This vulnerability is due to improper validation...

EUVD-2026-17903

ByteDance Deer-Flow versions prior to commit 92c7a20 contain a sandbox escape vulnerability in bash tool handling that allows attackers to execute arbitrary commands on the host system by bypassing regex-based validation using shell features such as directory changes and relative paths. Attackers...

CVE-2026-34430

ByteDance DeerFlow versions prior to commit 92c7a20 contain a sandbox escape vulnerability in bash tool handling that allows attackers to execute arbitrary commands on the host system by bypassing regex-based validation using shell features such as directory changes and relative paths. Attackers...

PT-2026-29827

CHAMP: Description Summary The ollamaStartupProbeScript function in internal/modelcontroller/engine ollama.go constructs a shell command string using fmt.Sprintf with unsanitized model URL components ref, modelParam. This shell command is executed via bash -c as a Kubernetes startup probe. An...

Debian dsa-6188 : golang-github-canonical-lxd-dev - security update

The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6188 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6188-1 [email protected]...

PT-2026-29600

IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 could allow an unauthenticated user to execute arbitrary commands as lowe...

CVE-2026-30310

In its design for automatic terminal command execution, Sixth offers two options: Execute safe commands and Execute all commands. The description for the former states that commands determined by the model to be safe will be automatically executed, whereas if the model judges a command to be...

CVE-2026-30306

In its design for automatic terminal command execution, SakaDev offers two options: Execute safe commands and execute all commands. The description for the former states that commands determined by the model to be safe will be automatically executed, whereas if the model judges a command to be...

Tokfinity InfCode Terminal 安全漏洞

Tokfinity InfCode Terminal is a terminal tool application developed by Tokfinity, which offers command-line operations and remote connection management capabilities. There is a security vulnerability in Tokfinity InfCode Terminal, caused by defects in the command filtering mechanism, which may le...

Unspecified Vulnerability in HCL Aftermarket DPC (CNVD-2026-15837)

HCL Aftermarket DPC is a digital spare parts and aftermarket management platform for HCL India. A security vulnerability exists in HCL Aftermarket DPC, which can be exploited by an attacker to execute arbitrary commands or inject harmful content based on the way the web application handles split...

Sixth 安全漏洞

Sixth is an artificial intelligence code assistant developed by the Nigerian company Sixth. There is a security vulnerability in Sixth, which stems from its design, making it susceptible to prompt injection attacks, potentially leading to arbitrary command execution...

CVE-2026-30310

In its design for automatic terminal command execution, Sixth offers two options: Execute safe commands and Execute all commands. The description for the former states that commands determined by the model to be safe will be automatically executed, whereas if the model judges a command to be...

CVE-2026-30310

The CVE concerns the Sixth terminal command execution design, where two options exist: execute safe commands automatically or require user approval for potentially dangerous ones. The flaw is susceptible to prompt-injection: an attacker can wrap a malicious command in a generic template and misle...

TRENDnet TEW-713RE 命令注入漏洞

The TRENDnet TEW-713RE is a wireless network range extender from TRENDnet. The TRENDnet TEW-713RE suffers from a command injection vulnerability that originates from a misuse of the parameter dest in the file /goform/addRouting, which can be exploited by an attacker to cause arbitrary command...

CVE-2026-30308

In its design for automatic terminal command execution, HAI Build Code Generator offers two options: Execute safe commands and Execute all commands. The description for the former states that commands determined by the model to be safe will be automatically executed, whereas if the model judges a...

CVE-2026-30306

In its design for automatic terminal command execution, SakaDev offers two options: Execute safe commands and execute all commands. The description for the former states that commands determined by the model to be safe will be automatically executed, whereas if the model judges a command to be...

MLflow Command Injection vulnerability

A command injection vulnerability exists in MLflow's model serving container initialization code, specifically in the installmodeldependenciestoenv function. When deploying a model with envmanager=LOCAL, MLflow reads dependency specifications from the model artifact's pythonenv.yaml file and...