Lucene search
K

295 matches found

EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42902

PraisonAI versions before 4.6.78 contain a code injection vulnerability in deploy/api.py where the agentsfile parameter is directly interpolated into an f-string without sanitization. Attackers can inject arbitrary Python code that executes when the generated server code runs via subprocess.Popen...

9.4CVSS6.2AI score0.00392EPSS
Exploits0References2
Cvelist
Cvelist
added 5 days ago29 views

CVE-2026-61444 PraisonAI before 4.6.78 Code Injection via f-string

PraisonAI versions before 4.6.78 contain a code injection vulnerability in deploy/api.py where the agentsfile parameter is directly interpolated into an f-string without sanitization. Attackers can inject arbitrary Python code that executes when the generated server code runs via subprocess.Popen...

9.4CVSS0.00392EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 5 days ago7 views

PT-2026-57196

Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 4.6.78 Description A code injection issue exists in the deploy/api.py file. The agents file parameter is directly interpolated into an f-string without proper sanitization. This interpolated string is used to genera...

9.4CVSS6.3AI score0.00392EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/06/29 6:16 p.m.6 views

CVE-2026-58000

luci-proto-openvpn through 0.11.1, fixed in commit e4ff45e, contains a command injection vulnerability in the generateKey ubus method where the clmeta parameter is interpolated into a shell command without proper escaping or quoting. An authenticated LuCI user with OpenVPN protocol configuration...

8.8CVSS6AI score0.01401EPSS
Exploits0References4
NVD
NVD
added 2026/06/25 7:16 p.m.10 views

CVE-2026-53925

Glances is an open-source system cross-platform monitoring tool. From 4.0.8 until 4.5.5, the securepopen function in glances/secure.py interprets file redirection, | pipe, and && command chaining operators in command strings. These operators are applied without any validation on the target file...

7.8CVSS0.00184EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/25 6:3 p.m.7 views

CVE-2026-53925

Glances is an open-source system cross-platform monitoring tool. From 4.0.8 until 4.5.5, the securepopen function in glances/secure.py interprets file redirection, | pipe, and && command chaining operators in command strings. These operators are applied without any validation on the target file...

7.8CVSS6.1AI score0.00184EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/25 6:3 p.m.4 views

CVE-2026-53925 Glances: Arbitrary file write and command execution via `secure_popen` redirection and chaining operators in AMP command configuration

Glances is an open-source system cross-platform monitoring tool. From 4.0.8 until 4.5.5, the securepopen function in glances/secure.py interprets file redirection, | pipe, and && command chaining operators in command strings. These operators are applied without any validation on the target file...

7.8CVSS6.1AI score0.00184EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/23 5:59 p.m.10 views

Glances has arbitrary file write and command execution via `secure_popen` redirection and chaining operators in AMP command configuration

Summary The securepopen function in glances/secure.py interprets file redirection, | pipe, and && command chaining operators in command strings. These operators are applied without any validation on the target file path, piped command, or chained command. When Application Monitoring Process AMP...

7.8CVSS6.3AI score0.00866EPSS
Exploits3References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:19 p.m.12 views

CVE-2026-49188

The aicmd utility executes with full root permissions. It pipes socket inputs directly to popen, paving the way for unauthenticated users to execute arbitrary root commands...

9.8CVSS5.8AI score0.00317EPSS
Exploits0References1
NVD
NVD
added 2026/06/04 6:16 a.m.16 views

CVE-2026-49188

The aicmd utility executes with full root permissions. It pipes socket inputs directly to popen, paving the way for unauthenticated users to execute arbitrary root commands...

9.8CVSS0.00317EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/04 4:8 a.m.9 views

CVE-2026-49188 Elevated Root Command Execution via ai_cmd Sockets

The aicmd utility executes with full root permissions. It pipes socket inputs directly to popen, paving the way for unauthenticated users to execute arbitrary root commands...

8.7CVSS6.1AI score0.00317EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/04 4:8 a.m.11 views

CVE-2026-49188

The aicmd utility executes with full root permissions. It pipes socket inputs directly to popen, paving the way for unauthenticated users to execute arbitrary root commands...

8.7CVSS6.1AI score0.00317EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/04 4:8 a.m.11 views

EUVD-2026-34205

The aicmd utility executes with full root permissions. It pipes socket inputs directly to popen, paving the way for unauthenticated users to execute arbitrary root commands...

9.8CVSS6.1AI score0.00317EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/04 4:8 a.m.42 views

CVE-2026-49188 Elevated Root Command Execution via ai_cmd Sockets

The aicmd utility executes with full root permissions. It pipes socket inputs directly to popen, paving the way for unauthenticated users to execute arbitrary root commands...

8.7CVSS0.00317EPSS
Exploits0References1
CVE
CVE
added 2026/06/04 4:8 a.m.26 views

CVE-2026-49188

CVE-2026-49188 affects a component where the ai_cmd utility runs with root privileges and pipes socket inputs directly to popen(), enabling unauthenticated users to execute arbitrary root commands. The available sources explicitly state elevated root command execution via ai_cmd sockets, with CVS...

9.8CVSS6.1AI score0.00317EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.10 views

Acer M6E 安全漏洞

The Acer M6E is a portable 5G mobile hotspot device from Acer, a company based in Taiwan, China. The Acer M6E has a security vulnerability. This vulnerability stems from the aicmd tool executing with full root access, and it involves direct passing of socket inputs to popen, which may allow...

9.8CVSS5.8AI score0.00317EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.15 views

PT-2026-46145

The ai cmd utility executes with full root permissions. It pipes socket inputs directly to popen, paving the way for unauthenticated users to execute arbitrary root commands...

8.7CVSS6.1AI score0.00317EPSS
Exploits0References2
NVD
NVD
added 2026/05/27 9:16 p.m.17 views

CVE-2026-44713

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, src/tmux.c reads the user's $TMUX environment variable, splits it on commas, and interpolates the socket-path component directly into a shell command passed to popen. Because the value is placed insi...

8.8CVSS0.00158EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 8:13 p.m.20 views

CVE-2026-44713

Pam_usb vulnerability: in versions prior to 0.8.7, src/tmux.c reads the TMUX environment variable, splits on commas, and interpolates the socket-path directly into a shell command passed to popen(), placing the value inside double quotes without sanitisation. This allows an attacker-controlled va...

8.8CVSS5.9AI score0.00158EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.7 views

pam_usb 安全漏洞

pamusb is a Linux hardware authentication tool developed by McDope’s individual developer, based on USB devices. Versions of pamusb prior to 0.8.7 contain security vulnerabilities. These vulnerabilities stem from the code in src/tmux.c, which reads the user’s $TMUX environment variable and insert...

8.8CVSS6AI score0.00158EPSS
Exploits0References2
Rows per page
Query Builder