`Program<System>` accepts arbitrary executable programs

Affected versions of anchor-lang did not properly validate accounts declared as Program. The generic Program validation path used Pubkey::default as a sentinel to decide whether any executable program should be accepted. Since the system program id is also the default pubkey, Program was treated...

RUSTSEC-2026-0144 `Program<System>` accepts arbitrary executable programs

Affected versions of anchor-lang did not properly validate accounts declared as Program. The generic Program validation path used Pubkey::default as a sentinel to decide whether any executable program should be accepted. Since the system program id is also the default pubkey, Program was treated...

CVE-2025-59094

A local privilege escalation vulnerability has been identified in the Kaba exos 9300 System management application d9sysdef.exe. Within this application it is possible to specify an arbitrary executable as well as the weekday and start time, when the specified executable should be run with SYSTEM...

SQL injection vulnerability in the background of WoSmart's small program system

WoSmart list store mall small program a key to create and publish small programs, data can be controlled, support for OEM settings. WoSmith small program system background there are SQL injection vulnerabilities, attackers can use the vulnerability to obtain sensitive information in the database...