CVE-2025-13687 DataStage on Cloud Pak for Data is vulnerable to arbitrary code injection due to runtime environment

IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the user-defined function component...

CVE-2025-13688 DataStage on Cloud Pak for Data is vulnerable to arbitrary code injection due to runtime environment

IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the wrapped command component...

CVE-2025-13688

DataStage on Cloud Pak for Data is affected by CVE-2025-13688. The IBM bulletin documents that an authenticated user could execute arbitrary commands with normal user privileges due to improper validation of user-supplied input through the wrapped command component. Affected versions are DataStag...

CVE-2024-55026

An issue in the resetpj.cgi endpoint of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized attackers to execute arbitrary commands via supplying a crafted GET request...

PT-2026-22818

IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input through the wrapped command component...

CVE-2024-55026

An issue in the resetpj.cgi endpoint of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized attackers to execute arbitrary commands via supplying a crafted GET request...

EUVD-2024-55465

An issue in the resetpj.cgi endpoint of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized attackers to execute arbitrary commands via supplying a crafted GET request...

CVE-2026-2256

A command injection vulnerability in ModelScope's ms-agent versions v1.6.0rc1 and earlier exists, allowing an attacker to execute arbitrary operating system commands through crafted prompt-derived input...

theshit's Improper Privilege Dropping Allows Local Privilege Escalation via Command Re-execution

Impact Vulnerability Type: Local Privilege Escalation LPE / Improper Privilege Management / Arbitrary Command Execution. The application automatically re-executes the previously failed command but does not properly drop elevated privileges during this process. When the tool is executed with sudo ...

USN-5376-6 git regression

USN-5376-4 fixed a regression in Git. This update provides the corresponding update for Ubuntu 18.04 LTS. We apologize for the inconvenience. Original advisory details: 俞晨东 discovered that Git incorrectly handled certain repository paths in platforms with multiple users support. An attacker could...

TP-Link Deco BE25 安全漏洞

The TP-Link Deco BE25 is a router produced by the TP-Link company. The TP-Link Deco BE25 v1.0, 1.1.1 Build 20250822, and earlier versions have security vulnerabilities. These vulnerabilities stem from improper handling of inputs in the management web interface, which may allow authenticated...

OpenClaw OS Command Injection Vulnerability (CNVD-2026-13372)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an operating system command injection vulnerability. The vulnerability stems from a keychain credential refresh shell command constructed on macOS failing to properly filter constructed command special...

Chamilo 操作系统命令注入漏洞

Chamilo is a learning management system open source by Chamilo. Chamilo import.php file exists operating system command injection vulnerability , the vulnerability stems from /plugin/vchamilo/views/import.php POST tomaindatabase parameter fails to correctly filter constructive commands special...

OpenClaw has an unspecified vulnerability (CNVD-2026-13375)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that stems from the fact that the confirmation dialog box for openclaw://agent deep links only displays the first 240 characters of the message but executes the full message,...

[SECURITY] [DSA 6153-1] lxd security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6153-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 01, 2026 https://www.debian.org/security/faq -...

USN-5376-5 git regression

USN-5376-4 fixed a regression in Git. The update introduced a regression when specifying configuration includes due to additional restrictions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: 俞晨东 discovered that Git incorrectly handled certain...

USN-5376-5: Git regression

USN-5376-4 fixed a regression in Git. The update introduced a regression when specifying configuration includes due to additional restrictions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: 俞晨东 discovered that Git incorrectly handled certain...

CVE-2026-27966

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.8.0, the CSV Agent node in Langflow hardcodes allowdangerouscode=True, which automatically exposes LangChain’s Python REPL tool pythonreplast. As a result, an attacker can execute arbitrary Python an...

CVE-2026-27498 n8n has Arbitrary Command Execution via File Write and Git Operations

n8n is an open source workflow automation platform. Prior to versions 2.2.0 and 1.123.8, an authenticated user with permission to create or modify workflows could chain the Read/Write Files from Disk node with git operations to achieve remote code execution. By writing to specific configuration...

CVE-2026-27498 n8n has Arbitrary Command Execution via File Write and Git Operations

n8n is an open source workflow automation platform. Prior to versions 2.2.0 and 1.123.8, an authenticated user with permission to create or modify workflows could chain the Read/Write Files from Disk node with git operations to achieve remote code execution. By writing to specific configuration...