CVE-2026-7711

A weakness has been identified in MindsDB up to 26.01. This impacts the function exec of the file mindsdb/integrations/handlers/byomhandler/procwrapper.py of the component Engine Handler. Executing a manipulation can lead to unrestricted upload. The attack can be executed remotely. The exploit ha...

PT-2026-26885

A security vulnerability has been detected in vanna-ai vanna up to 2.0.2. Affected is the function exec of the file /src/vanna/legacy. Such manipulation leads to injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early...

CVE-2023-40582

find-exec is a utility to discover available shell commands. Versions prior to 1.0.3 did not properly escape user input and are vulnerable to Command Injection via an attacker controlled parameter. As a result, attackers may run malicious shell commands in the context of the running process. This...

@abtnode/blocklet-services (>=1.16.6 <=1.17.12-beta-20260422-093007-b389a838), @abtnode/cli (>=1.0.0 <=1.16.34-beta-20241113-102431-65542b84) +445 more potentially affected by unknown CVE via shell-exec (>=1.0.2 <=1.1.2)

shell-exec NPM version =1.0.2, =1.16.6, =1.0.0, =1.16.6, =1.0.0, =0.3.35, =1.5.0, =0.0.0-beta.0, =0.0.0, =2.49.0, =1.0.0, =2.0.0-0, =2.0.0-0, =1.0.16, =1.0.0, =1.2.1, =1.3.16 and more Source cves: unknown CVE Source advisory: OSV:MAL-2025-191424...

@abtnode/blocklet-services (>=1.16.6 <=1.17.12-beta-20260422-093007-b389a838), @abtnode/cli (>=1.0.0 <=1.16.34-beta-20241113-102431-65542b84) +445 more potentially affected by unknown CVE via shell-exec (>=1.0.2 <=1.1.2)

shell-exec NPM version =1.0.2, =1.16.6, =1.0.0, =1.16.6, =1.0.0, =0.3.35, =1.5.0, =0.0.0-beta.0, =0.0.0, =2.49.0, =1.0.0, =2.0.0-0, =2.0.0-0, =1.0.16, =1.0.0, =1.2.1, =1.3.16 and more Source cves: unknown CVE Source advisory: SNYK:JS-SHELLEXEC-14103722...

EUVD-2005-4772

Malware in sbrugna...

Remote Code Execution (RCE)

Overview mcpadapt is an Adapt MCP servers to many agentic framework. Affected versions of this package are vulnerable to Remote Code Execution RCE due to unsanitized input in the SmolAgentsAdapter where untrusted MCP server responses are interpolated into a dynamic Python class via an exec call...

org.apache.hive.hcatalog:hive-hcatalog-core (=4.0.0-alpha-1), org.apache.hive.hcatalog:hive-hcatalog-pig-adapter (=4.0.0-alpha-1) +18 more potentially affected by CVE-2022-41137 via org.apache.hive:hive-exec (=4.0.0-alpha-1)

org.apache.hive:hive-exec MAVEN version =4.0.0-alpha-1 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.hive:hive-exec and may be impacted: - org.apache.hive.hcatalog:hive-hcatalog-core =4.0.0-alpha-1 -...

CVE-2024-50010

CVE-2024-50010 affects the Linux kernel’s exec path checks. The issue is a race in the path_noexec (and i_mode) checks that led to spurious WARN_ON warnings when noexec is toggled, rather than a real permission failure. The fix removes the redundant path_noexec WARN and updates commentary; no exp...

CVE-2024-50010 exec: don't WARN for racy path_noexec check

In the Linux kernel, the following vulnerability has been resolved: exec: don't WARN for racy pathnoexec check Both imode and noexec checks wrapped in WARNON stem from an artifact of the previous implementation. They used to legitimately check for the condition, but that got moved up in two...

PYSEC-2024-192

An issue was discovered in llamaindex before 0.10.38. download/integration.py includes an exec call for import clsname...

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

...

@gov.au/pancake (>=0.0.6 <=0.0.10), agile-alarm (>=0.0.1 <=0.0.2) +32 more potentially affected by CVE-2023-40582 via find-exec (>=0.0.3 <=1.0.2)

find-exec NPM version =0.0.3, =0.0.6, =0.0.1, =1.3.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =2.0.0, =0.1.0, =0.1.0, =1.4.0, =1.4.9 and more Source cves: CVE-2023-40582 Source advisory: OSV:GHSA-95RP-6GQP-6622...

[SECURITY] [DSA 5260-1] lava security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5260-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 23, 2022 https://www.debian.org/security/faq -...

(Pwn2Own) ConnMan received_data Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installation of ConnMan. Authentication is not required to exploit this vulnerability. The specific flaw exists within the receiveddata method. Crafted data in a HTTP response can trigger a write past the e...

Information Disclosure

shelljs is vulnerable to information disclosure. The vulnerability exists in ShellJS exec function of exec.js because the file permissions have not been locked down which allows an attacker to gain access to sensitive information of file system of the running scripts and crash application...

Veritas Backup Exec 安全漏洞

Veritas Technologies Veritas Backup Exec is a powerful suite of data backup and recovery tools from Veritas Technologies. With a web-based management console and an intuitive graphical user interface with easy-to-use wizards, the software simplifies installation and improves manageability...

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection. The injection point is located in line 45 in main entry of package in lib/process-promises.js. PoC var a =require"ts-process-promises"; a.exec"touch JHU",; Remediation There is no fixed version for ts-process-promises...

GHSA-426H-24VJ-QWXF Command Injection in npm-programmatic

All versions of npm-programmatic are vulnerable to Command Injection. The package fails to sanitize input rules and passes it directly to an exec call on the install, uninstall and list functions . This may allow attackers to execute arbitrary code in the system if the package name passed to the...

io.druid.extensions.contrib:druid-orc-extensions (>=0.10.0 <=0.12.3), org.apache.tajo:tajo-hive (>=0.11.2 <=0.11.3) potentially affected by CVE-2016-3083 via org.apache.hive:hive-exec (=2.0.0)

org.apache.hive:hive-exec MAVEN version =2.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.hive:hive-exec and may be impacted: - io.druid.extensions.contrib:druid-orc-extensions =0.10.0, =0.11.2, =0.11.3 Source cves: CVE-2016-3083 Source...