2 matches found
CVE-2026-40111
PraisonAIAgents memory/hooks.py allows OS command injection via a user-controlled string passed to subprocess.run() with shell=True before 1.5.128. No sanitization occurs, shell metacharacters are interpreted by /bin/sh, enabling execution of arbitrary commands. Two attack surfaces exist: pre_run...
UBUNTU-CVE-2019-20388
xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak...