CVE-2026-31040

A vulnerability was identified in stata-mcp prior to v1.13.0 where insufficient validation of user-supplied Stata do-file content can lead to command execution...

Incorrect Default Permissions

Amendment This was deemed not a vulnerability. Overview ansible is a simple IT automation system. Affected versions of this package are vulnerable to Incorrect Default Permissions via excessive group-writable permissions on the /etc/passwd file during the build process. An attacker can gain full...

SUSE-SU-2026:1051-1 Security update for vim

This update for vim fixes the following issues: Update Vim to version 9.2.0110: - CVE-2025-53906: malicious zip archive may cause a path traversal in Vim's zip bsc1246602. - CVE-2026-26269: Netbeans specialKeys stack buffer overflow bsc1258229. - CVE-2026-28417: Fixed that a crafted URL parsed by...

Arbitrary Argument Injection

Overview Affected versions of this package are vulnerable to Arbitrary Argument Injection through the Runner.exec process. An attacker can execute arbitrary OS commands on the server by uploading or renaming a file with a crafted filename containing shell metacharacters, which are unsafely...

CVE-2026-31040

A vulnerability was identified in stata-mcp prior to v1.13.0 where insufficient validation of user-supplied Stata do-file content can lead to command execution...

VulnCheck KEV: CVE-2020-13851

Artica Pandora FMS 7.44 allows remote command execution via the events feature...

PT-2026-31408

Name of the Vulnerable Software and Affected Versions TP-Link Archer AX53 v1.0 versions prior to 1.7.1 Build 20260213 Description An OS command injection issue in the OpenVPN module allows an authenticated adjacent attacker to execute system commands. This occurs during the processing of a...

PT-2026-31717

Name of the Vulnerable Software and Affected Versions: PraisonAI versions prior to 4.5.121 Description: PraisonAI's workflow system and command execution tools are susceptible to command injection attacks because they pass user-controlled input directly to subprocess.run with shell=True. This...

CVE-2026-31040

A vulnerability was identified in stata-mcp prior to v1.13.0 where insufficient validation of user-supplied Stata do-file content can lead to command execution...

CVE-2026-31040

CVE-2026-31040 affects stata-mcp prior to v1.13.0, where insufficient validation of user-supplied Stata do-file content can lead to command execution. The vulnerability is documented across multiple sources (Red Hat, OSV, ENISA, CVE databases) with a fix in v1.13.0 and later. Affected component: ...

PT-2026-31323

Name of the Vulnerable Software and Affected Versions stata-mcp versions prior to 1.13.0 Description Insufficient validation of user-supplied Stata do-file content in stata-mcp can lead to command execution. Recommendations Update stata-mcp to version 1.13.0 or later...

SepineTam Stata-MCP 安全漏洞

SepineTam Stata-MCP is an extended statistical analysis tool from the SepineTam company. Versions of SepineTam Stata-MCP prior to v1.13.0 contained security vulnerabilities. These vulnerabilities stemmed from insufficient validation of the Stata do-file content provided to users, which could lead...

Juniper Junos OS Vulnerability (JSA107872)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA107872 advisory. - A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS on MX Series allows a local, authenticated user with low privileges to execute specific...

OpenTelemetry-Go 代码问题漏洞

OpenTelemetry-Go is an open-source developer toolkit developed by OpenTelemetry - CNCF. Versions of OpenTelemetry-Go from 1.15.0 to 1.42.0 have code vulnerabilities that stem from path hijacking, which may lead to command execution...

CVE-2026-5709

Unsanitized input in the FileBrowser API in AWS Research and Engineering Studio RES version 2024.10 through 2025.12.01 might allow a remote authenticated actor to execute arbitrary commands on the cluster-manager EC2 instance via crafted input when using the FileBrowser functionality. To remediat...

CVE-2026-35021

Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in the prompt editor invocation utility that allows attackers to execute arbitrary commands by crafting malicious file paths. Attackers can inject shell metacharacters such as $ or backtick expressions in...

vim: Vim: Arbitrary code execution via command injection in glob() function

A flaw was found in Vim. By including a newline character in a pattern passed to Vim's glob function, an attacker may be able to execute arbitrary shell commands. This command injection vulnerability allows for arbitrary code execution, depending on the user's shell settings...

CVE-2026-35518

FTLDNS pihole-FTL provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, the Pi-hole FTL engine contains a Remote Code Execution RCE vulnerability in the DNS CNAME records configuration parameter dns.cnameRecords. This vulnerability allows a...

EUVD-2026-19715

FTLDNS pihole-FTL provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, the Pi-hole FTL engine contains a Remote Code Execution RCE vulnerability in the DHCP hosts configuration parameter dhcp.hosts. This vulnerability allows an authenticat...

CVE-2026-35520 Pi-hole FTL affected by Remote Code Execution (RCE) via dhcp.leaseTime Newline Injection

FTLDNS pihole-FTL provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, the Pi-hole FTL engine contains a Remote Code Execution RCE vulnerability in the DHCP lease time configuration parameter dhcp.leaseTime. This vulnerability allows an...