GHSA-9QHQ-V63V-FV3J PraisonAI has an incomplete fix for CVE-2026-34935 - OS Command Injection

Summary The fix for PraisonAI's MCP command handling does not add a command allowlist or argument validation to parsemcpcommand, allowing arbitrary executables like bash, python, or /bin/sh with inline code execution flags to pass through to subprocess execution. Affected Package - Ecosystem: PyP...

Lack of sufficient checks in public API

The following functions in the anon-vec crate are unsound due to insufficient checks on their arguments:: - AnonVec::getref - AnonVec::getmut - AnonVec::removeget The crate was built as a learning project and is not being maintained...

PT-2024-14256 · Unknown · Trusted Firmware-M

Name of the Vulnerable Software and Affected Versions: Trusted Firmware-M versions through 2.0.0 Description: An issue was discovered in the logging subsystem of Trusted Firmware-M, where the lack of argument verification allows attackers to read sensitive data via the login function...

PT-2023-2617 · Myscada · Myscada Mypro

Name of the Vulnerable Software and Affected Versions: mySCADA myPRO versions 8.26.0 and prior Description: The issue is related to insufficient checking of arguments passed to a command, allowing an authenticated user to inject arbitrary operating system commands. This could enable a remote...

PT-2023-2616 · Myscada · Myscada Mypro

Name of the Vulnerable Software and Affected Versions: mySCADA myPRO versions 8.26.0 and prior Description: The issue is related to insufficient checking of arguments passed to a command, allowing a remote attacker to execute arbitrary code in the operating system. An authenticated user could...

USN-4001-2 libseccomp vulnerability

USN-4001-1 fixed a vulnerability in libseccomp. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Jann Horn discovered that libseccomp did not correctly generate 64-bit syscall argument comparisons with arithmetic operators LT, GT, LE, GE. An attacker...