GO-2026-4412 melange affected by potential host command execution via license-check YAML mode patch pipeline in chainguard.dev/melange

melange affected by potential host command execution via license-check YAML mode patch pipeline in chainguard.dev/melange...

Edimax EW-7438RPn-v3 Mini 操作系统命令注入漏洞

The Edimax EW-7438RPn-v3 Mini is a mini wireless signal extender produced by Edimax of Taiwan, China. Version 1.27 of the Edimax EW-7438RPn-v3 Mini has a vulnerability related to operating system command injection. This vulnerability stems from remote command execution at the /goform/mp endpoint,...

Edimax EW-7438RPn-v3 Mini 跨站请求伪造漏洞

The Edimax EW-7438RPn-v3 Mini is a mini wireless signal extender produced by Edimax of Taiwan. Version 1.27 of the Edimax EW-7438RPn-v3 Mini contains a cross-site request forgeing vulnerability. This vulnerability stems from cross-site request forgery, and it may lead to command execution...

pgAdmin 安全漏洞

pgAdmin is an open-source management and development platform for the open-source database PostgreSQL. Version 9.11 of pgAdmin has a security vulnerability, which stems from a possible bypass of recovery restrictions, potentially leading to command execution...

SmarterTools SmarterMail Missing Authentication for Critical Function Vulnerability

SmarterTools SmarterMail contains a missing authentication for critical function vulnerability in the ConnectToHub API method. This could allow the attacker to point the SmarterMail instance to a malicious HTTP server which serves the malicious OS command and could lead to command execution...

TeamViewer DEX Client Command Injection Vulnerability

TeamViewer DEX Client is a digital employee experience and endpoint management software from TeamViewer Germany. TeamViewer DEX Client suffers from a command injection vulnerability that can be exploited by an attacker to execute arbitrary commands on the system...

📄 OctoPrint 1.11.2 Remote Code Execution

OctoPrint versions 1.11.2 and below suffer from a remote code execution vulnerability via a malformed filename being used in an authenticated file upload. Exploit Title: OctoPrint 1.11.2 - File Upload Date: 2025-09-28 Exploit Author: prabhatverma.addada Vendor Homepage: https://octoprint.org...

PT-2026-6567

Pinger 1.0 contains a remote code execution vulnerability that allows attackers to inject shell commands through the ping and socket parameters. Attackers can exploit the unsanitized input in ping.php to write arbitrary PHP files and execute system commands by appending shell metacharacters...

PT-2026-6649

Name of the Vulnerable Software and Affected Versions enclave-vm versions prior to 2.10.1 @enclave-vm/core versions prior to 2.10.1 Description The security measures within enclave-vm are inadequate. The Abstract Syntax Tree AST sanitization can be circumvented using dynamic property accesses. Th...

PT-2026-6603

Name of the Vulnerable Software and Affected Versions pgAdmin version 9.11 Description pgAdmin version 9.11 is susceptible to a restriction bypass issue during restore operations when running in server mode and processing PLAIN-format dump files. An attacker with access to the pgAdmin web interfa...

EPyT-Flow vulnerable to unsafe JSON deserialization (__type__)

Impact EPyT-Flow’s REST API parses attacker-controlled JSON request bodies using a custom deserializer myloadfromjson that supports a type field. When type is present, the deserializer dynamically imports an attacker-specified module/class and instantiates it with attacker-supplied arguments. Thi...

CVE-2025-13375

IBM Common Cryptographic Architecture (CCA) versions affected: 7.5.52 and 8.4.82. The Red Hat/IBM bulletin and NVD entries indicate an unauthenticated user could execute arbitrary commands with elevated privileges on systems running these CCA releases. Affected platforms include IBM AIX, IBM i, I...

EUVD-2025-206777

IBM Common Cryptographic Architecture CCA 7.5.52 and 8.4.82 could allow an unauthenticated user to execute arbitrary commands with elevated privileges on the system...

CVE-2025-13375 IBM Common Cryptographic Architecture Arbitrary Command Execution

IBM Common Cryptographic Architecture CCA 7.5.52 and 8.4.82 could allow an unauthenticated user to execute arbitrary commands with elevated privileges on the system...

CVE-2026-25143 melange affected by potential host command execution via license-check YAML mode patch pipeline

melange allows users to build apk packages using declarative pipelines. From version 0.10.0 to before 0.40.3, an attacker who can influence inputs to the patch pipeline could execute arbitrary shell commands on the build host. The patch pipeline in pkg/build/pipelines/patch.yaml embeds...

CVE-2026-25143 melange affected by potential host command execution via license-check YAML mode patch pipeline

melange allows users to build apk packages using declarative pipelines. From version 0.10.0 to before 0.40.3, an attacker who can influence inputs to the patch pipeline could execute arbitrary shell commands on the build host. The patch pipeline in pkg/build/pipelines/patch.yaml embeds...

CVE-2026-24844

CVE-2026-24844 affects melange. Affected: melange pipeline building in versions 0.3.0–0.40.2 (before 0.40.3). Vulnerability: in pipelines that use ${{vars.}} or ${{inputs. }} substitutions in working-directory, an attacker who can provide build input values (but cannot modify pipeline definitions...

EUVD-2026-5372

melange allows users to build apk packages using declarative pipelines. From version 0.3.0 to before 0.40.3, an attacker who can provide build input values, but not modify pipeline definitions, could execute arbitrary shell commands if the pipeline uses $vars. or $inputs. substitutions in...

CVE-2026-25053

n8n is an open source workflow automation platform. Prior to versions 1.123.10 and 2.5.0, vulnerabilities in the Git node allowed authenticated users with permission to create or modify workflows to execute arbitrary system commands or read arbitrary files on the n8n host. This issue has been...

CVE-2026-25049

n8n is an open source workflow automation platform. Prior to versions 1.123.17 and 2.5.2, an authenticated user with permission to create or modify workflows could abuse crafted expressions in workflow parameters to trigger unintended system command execution on the host running n8n. This issue h...