PT-2026-51583

rtk filters and compresses command outputs before they reach your LLM context. Prior to 0.42.2, the permission splitter did not conservatively split or reject several shell constructs that Bash treats as command execution boundaries or nested execution. As a result, a command beginning with an...

PT-2026-51510

picklescan before 1.0.4 fails to block at least seven Python standard library modules including uuid, osx support, aix support, pyrepl.pager, and imaplib exposing eight functions that provide direct arbitrary command execution. Attackers can craft malicious pickle files importing these unblocked...

PT-2026-51507

Flowise before 3.1.2 contains multiple OS command injection vulnerabilities in the Custom MCP Server feature due to incomplete command-flag validation and a regex bypass in local file access restrictions. An attacker with a Flowise account of any role, or API access with view/update permissions f...

ROS-20260623-73-0011

The vulnerability in Python3 is related to the lack of measures taken to clean data at the control level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

ROS-20260623-73-0017

The vulnerability in Python3 is related to insufficient validation of data authenticity. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

ROS-20260623-73-0019

Vulnerability in Python 3.10 related to insufficient verification of data authenticity. Exploitation of this vulnerability may allow a remote attacker to execute arbitrary code...

ROS-20260623-73-0012

Vulnerability in Python 3.9 related to the lack of measures taken to clean data at the control level. Exploitation of this vulnerability allows a remote attacker to execute arbitrary commands...

ROS-20260623-73-0015

Vulnerability in Python 3.12 related to the lack of measures taken to clean data at the control level. Exploitation of this vulnerability allows a remote attacker to execute arbitrary commands...

ROS-20260623-73-0002

The vulnerability of the ASF plugin for the Gstreamer multimedia framework is related to insufficient data validation. Exploiting this vulnerability allows an attacker to execute arbitrary code...

GeoVision GV-VMS V20 GV-Cloud memory corruption vulnerability

Summary A memory corruption vulnerability exists in the GV-Cloud functionality of GV-VMS V20 versions: 20.0.2. A specially crafted network request can lead to a denial of service. An attacker can impersonate the legitimate server to trigger this vulnerability. Confirmed Vulnerable Versions The...

PT-2026-51572

In OpenStack Swift before 2.37.2, proxy-server does not strip internal update headers X-Container-Host, X-Container-Device, X-Delete-At-Host, X-Delete-At-Device from client requests before forwarding them to object-servers. An authenticated user with write access can inject these headers to...

Security Advisory 0142

Security Advisory 0142 PDF Date: June 23, 2026 Revision | Date | Changes ---|---|--- 1.0 | June 23, 2026 | Initial release The CVE-ID tracking this issue: CVE-2026-12546 CVSSv3.1 Base Score: 6.0 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L CVSSv4.0 Base Score: 5.1...

CVE-2026-52673

SQL Injection vulnerability in Cboard v.0.4.2 and before allows a remote attacker to execute arbitrary code via the getDimensionsValues component...

PT-2026-51528

SQL Injection vulnerability in Cboard v.0.4.2 and before allows a remote attacker to execute arbitrary code via the getDimensionsValues component...

PT-2026-51493

picklescan before 0.0.28 fails to detect malicious torch.jit.unsupported tensor ops.execWrapper function calls embedded in pickle files. Attackers can craft malicious pickle files that bypass picklescan detection and execute arbitrary code when loaded via pickle.load...

PT-2026-51491

picklescan before 0.0.29 fails to detect the profile.Profile.runctx function when analyzing pickle files, allowing attackers to embed undetected malicious code. Remote attackers can craft malicious pickle files using profile.Profile.runctx in the reduce method to achieve remote code execution whe...

PT-2026-51531

NanoClaw before 2.1.17 contains a privilege escalation vulnerability in the create agent delivery-action handler that performs privileged central-database writes without host-side authorization checks. Confined agent containers can invoke create agent to create arbitrary agent groups, container...

PT-2026-51494

picklescan before 0.0.29 fails to detect malicious pickle files using idlelib.autocomplete.AutoComplete.fetch completions in reduce methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when loaded by victims...

ROS-20260623-73-0028

Vulnerability in Python 3.13 related to the failure to address CRWL sequences. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

ROS-20260623-73-0026

Vulnerability in Python 3.11 related to the failure to address CRWL sequences. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...