CVE-2026-53925 Glances: Arbitrary file write and command execution via `secure_popen` redirection and chaining operators in AMP command configuration

Glances is an open-source system cross-platform monitoring tool. From 4.0.8 until 4.5.5, the securepopen function in glances/secure.py interprets file redirection, | pipe, and && command chaining operators in command strings. These operators are applied without any validation on the target file...

KLA10572 Multiple vulnerabilities in Lenovo System Update

Multiple serious vulnerabilities have been found in Lenovo System Update. Malicious users can exploit these vulnerabilities to bypass security restrictions or gain privileges. Below is a complete list of vulnerabilities 1. Lack of command piping restrictions can be exploited locally via named pip...

Various FTP clients fail to account for pipe (|) characters in default file names

Overview Various FTP client implementations do not correctly handle files whose name begins with the "|" pipe character. Description Most FTP clients include a feature in which the remote filename is used as the local filename in a GET RETR operation. For example, many FTP clients support syntax...