GHSA-9QHQ-V63V-FV3J PraisonAI has an incomplete fix for CVE-2026-34935 - OS Command Injection

Summary The fix for PraisonAI's MCP command handling does not add a command allowlist or argument validation to parsemcpcommand, allowing arbitrary executables like bash, python, or /bin/sh with inline code execution flags to pass through to subprocess execution. Affected Package - Ecosystem: PyP...

Lack of sufficient checks in public API

The following functions in the anon-vec crate are unsound due to insufficient checks on their arguments:: - AnonVec::getref - AnonVec::getmut - AnonVec::removeget The crate was built as a learning project and is not being maintained...

PT-2024-14256 · Unknown · Trusted Firmware-M

Name of the Vulnerable Software and Affected Versions: Trusted Firmware-M versions through 2.0.0 Description: An issue was discovered in the logging subsystem of Trusted Firmware-M, where the lack of argument verification allows attackers to read sensitive data via the login function...

The vulnerability of Siemens SCALANCE and RUGGEDCOM industrial switches lies in the insufficient checking of arguments passed in commands, allowing attackers to execute arbitrary commands.

The vulnerability of Siemens SCALANCE and RUGGEDCOM industrial switches lies in insufficient verification of the arguments passed in the commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of software for managing data storage on Dell EMC PowerEdge MX Dell SmartFabric Storage systems is related to insufficient checking of arguments passed in commands, allowing an attacker to execute arbitrary commands.

The vulnerability is related to insufficient checking of arguments passed to the command. Exploitation of this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the printer web page module (ARM) of Honeywell PM43, which allows a intruder to execute arbitrary commands

The vulnerability of the printer web page module ARM of Honeywell PM43 is related to insufficient checking of arguments passed in commands. Exploiting this vulnerability can allow a remote attacker to execute arbitrary commands...

The vulnerability of the readVideoInfo method in the software tool for creating/distributing content with LG Simple Editor allows a perpetrator to escalate their privileges and execute arbitrary code.

The vulnerability of the readVideoInfo method in the LG Simple Editor software for creating and distributing content is related to insufficient checking of arguments passed in commands. Exploiting this vulnerability can allow an attacker to enhance their privileges and execute arbitrary code...

The vulnerability of the UploadFirmwareFile function in the microprogramming software for TOTOLINK X18 allows a hacker to execute arbitrary commands.

The vulnerability of the UploadFirmwareFile function in TOTOLINK X18 microprogrammed router software is related to insufficient checking of arguments passed in the command. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using the FileName parameter...

The vulnerability of the setTracerouteCfg function in the TOTOLINK X18 router microprogramming system allows a hacker to execute arbitrary commands.

The vulnerability of the setTracerouteCfg function in TOTOLINK X18 router microprogramming systems is related to insufficient checking of arguments passed in commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

PT-2023-2616 · Myscada · Myscada Mypro

Name of the Vulnerable Software and Affected Versions: mySCADA myPRO versions 8.26.0 and prior Description: The issue is related to insufficient checking of arguments passed to a command, allowing a remote attacker to execute arbitrary code in the operating system. An authenticated user could...

PT-2023-2617 · Myscada · Myscada Mypro

Name of the Vulnerable Software and Affected Versions: mySCADA myPRO versions 8.26.0 and prior Description: The issue is related to insufficient checking of arguments passed to a command, allowing an authenticated user to inject arbitrary operating system commands. This could enable a remote...

The vulnerability of the byte_4C0160 function in D-Link DSL-3782 router microprogramming software allows a hacker to enhance their privileges and execute arbitrary commands.

The vulnerability of the byte4C0160 function in D-Link DSL-3782 router microprogramming software is related to insufficient checking of arguments passed to certain CLI commands. Exploiting this vulnerability can allow an attacker to enhance their privileges and execute arbitrary commands...

The vulnerability of the File Server Cache service in the Teamcenter product lifecycle management system allows a hacker to execute arbitrary commands.

The vulnerability of the File Server Cache service in the Teamcenter product lifecycle management system is related to insufficient checking of arguments passed to commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...

The vulnerability of the “Main” function in TOTOLINK A3000RU router microprogramming software allows a intruder to execute arbitrary commands.

The vulnerability of the “Main” function in TOTOLINK A3000RU router microprogramming systems is related to insufficient checking of arguments passed in commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands through the QUERYSTRING parameter...

The vulnerabilities of the DIR846A1_FW100A43.bin and DIR846enFW100A53DLA-Retail.bin microprogramming systems of D-Link DIR-846 allow a hacker to execute arbitrary commands.

The vulnerability of the DIR846A1FW100A43.bin and DIR846enFW100A53DLA-Retail.bin microprogramming systems of D-Link DIR-846 routers is related to insufficient checking of arguments passed in commands. Exploiting this vulnerability can allow a remote attacker to execute arbitrary commands...

The vulnerabilities of the DIR846A1_FW100A43.bin and DIR846enFW100A53DLA-Retail.bin microprogramming systems of D-Link DIR-846 allow a hacker to execute arbitrary commands.

The vulnerability of the DIR846A1FW100A43.bin and DIR846enFW100A53DLA-Retail.bin microprogramming systems of D-Link DIR-846 routers is related to insufficient checking of arguments passed in commands. Exploiting this vulnerability can allow a malicious actor to execute arbitrary commands using a...

The vulnerability of the command-line interface (CLI) of Cisco Firepower Threat Defense (FTD) microprogramming system allows a attacker to execute arbitrary commands.

The vulnerability of the command-line interface CLI of Cisco Firepower Threat Defense FTD microprogramming systems lies in insufficient checking of command arguments. Exploiting this vulnerability allows an attacker to execute arbitrary commands...

The vulnerability of the user interface of the programmatically defined Cisco SD-WAN network allows a hacker to execute arbitrary commands with user privileges from the vmanage system within the vulnerable system.

The vulnerability of the programmable user interface in Cisco SD-WAN networks is related to insufficient checking of arguments passed in commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands with privileges as the vmanage user on the vulnerable system...

The vulnerability of the NGINX component of the SoftNAS Cloud storage solution allows a hacker to gain unauthorized access to the Webadmin interface.

The vulnerability of the NGINX component of the SoftNAS Cloud storage solution is related to insufficient checking of arguments passed in the command. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to the Webadmin interface...

The vulnerability of the command-line interface (CLI) of Cisco Enterprise NFV Infrastructure Software (NFVIS) allows a attacker to read and modify arbitrary files on a vulnerable device.

The vulnerability of the command-line interface CLI of Cisco Enterprise NFV Infrastructure Software NFVIS is related to insufficient checking of arguments passed to certain CLI commands. Exploiting this vulnerability allows an attacker to read and modify arbitrary files on the vulnerable device...