CVE-2026-41411 Vim: Command injection via backtick expansion in tag filenames

Vim is an open source, command line text editor. Prior to 9.2.0357, A command injection vulnerability exists in Vim's tag file processing. When resolving a tag, the filename field from the tags file is passed through wildcard expansion to resolve environment variables and wildcards. If the filena...

CVE-2026-41411

Vim is an open source, command line text editor. Prior to 9.2.0357, A command injection vulnerability exists in Vim's tag file processing. When resolving a tag, the filename field from the tags file is passed through wildcard expansion to resolve environment variables and wildcards. If the filena...

EUVD-2026-25575

Vim is an open source, command line text editor. Prior to 9.2.0357, A command injection vulnerability exists in Vim's tag file processing. When resolving a tag, the filename field from the tags file is passed through wildcard expansion to resolve environment variables and wildcards. If the filena...

SUSE CVE-2026-40517

radare2 prior to 6.1.4 contains a command injection vulnerability in the PDB parser's printgvars function that allows attackers to execute arbitrary commands by crafting a malicious PDB file with newline characters in symbol names. Attackers can inject arbitrary radare2 commands through unsanitiz...

CVE-2026-29050

melange allows users to build apk packages using declarative pipelines. Starting in version 0.32.0 and prior to version 0.43.4, an attacker who can influence a melange configuration file — for example through pull-request-driven CI or build-as-a-service scenarios — could set pipeline.uses to a...

GHSA-98F2-W9H9-7FP9 melange has Path Traversal When Resolving External Pipelines via Unvalidated pipeline[].uses

Impact An attacker who can influence a melange configuration file — for example through pull-request-driven CI or build-as-a-service scenarios — could set pipeline.uses to a value containing ../ sequences or an absolute path. The Compiled.compilePipeline function in pkg/build/compile.go passed us...

CVE-2026-6885 BorG Technology Corporation｜Borg SPM 2007 - Arbitrary File Upload

Borg SPM 2007 Sales Ended in 2008 developed by BorG Technology Corporation has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...

EUVD-2026-25119

radare2 prior to 6.1.4 contains a command injection vulnerability in the PDB parser's printgvars function that allows attackers to execute arbitrary commands by crafting a malicious PDB file with newline characters in symbol names. Attackers can inject arbitrary radare2 commands through unsanitiz...

CVE-2026-40517 radare2 < 6.1.4 Command Injection via PDB Parser Symbol Names

radare2 prior to 6.1.4 contains a command injection vulnerability in the PDB parser's printgvars function that allows attackers to execute arbitrary commands by crafting a malicious PDB file with newline characters in symbol names. Attackers can inject arbitrary radare2 commands through unsanitiz...

EUVD-2026-24086

FreePBX api module version 17.0.8 and prior contain a command injection vulnerability in the initiateGqlAPIProcess function where GraphQL mutation input fields are passed directly to shellexec without sanitization or escaping. An authenticated user with a valid bearer token can send a GraphQL...

CVE-2026-40520

FreePBX api module version 17.0.8 and prior contain a command injection vulnerability in the initiateGqlAPIProcess function where GraphQL mutation input fields are passed directly to shellexec without sanitization or escaping. An authenticated user with a valid bearer token can send a GraphQL...

CVE-2026-40520

CVE-2026-40520 concerns the FreePBX API module (version 17.0.8 and earlier). The root cause is that the function initiateGqlAPIProcess() forwards GraphQL mutation input fields directly to shell_exec() without sanitization or escaping. An authenticated user with a valid bearer token can issue a Gr...

FreePBX api 操作系统命令注入漏洞

FreePBX API is an open-source plugin developed by FreePBX. Versions of the FreePBX API module prior to 17.0.8 contained a vulnerability related to operating system command injection. This vulnerability stemmed from the GraphQL mutation input fields in the initiateGqlAPIProcess function being pass...

PT-2026-33709

A vulnerability was determined in modelscope agentscope up to 1.0.18. Affected by this vulnerability is the function execute python code/execute shell command of the file src/AgentScope/tool/ coding/ python.py. This manipulation causes code injection. The attack is possible to be carried out...

CVE-2026-40527 radare2 Command Injection via DWARF Parameter Names

radare2 prior to commit bc5a890 contains a command injection vulnerability in the afsv/afsvj command path where crafted ELF binaries can embed malicious r2 command sequences as DWARF DWTAGformalparameter names. Attackers can craft a binary with shell commands in DWARF parameter names that execute...

PT-2026-33505

Name of the Vulnerable Software and Affected Versions xrdp versions prior to 0.10.6 Description An authenticated remote user can execute arbitrary commands on the server due to unsafe handling of the AlternateShell parameter in xrdp-sesman. When the AllowAlternateShell setting is enabled, the...

CVE-2026-40288 PraisonAI: Critical RCE via `type: job` workflow YAML

PraisonAI is a multi-agent teams system. In versions below 4.5.139 of PraisonAI and 1.5.140 of praisonaiagents, the workflow engine is vulnerable to arbitrary command and code execution through untrusted YAML files. When praisonai workflow run loads a YAML file with type: job, the...

CVE-2026-40288

PraisonAI and praisonaiagents prior to versions 4.5.139 and 1.5.140 are exposed to a critical RCE via untrusted workflow YAML. When a YAML file for type: job is loaded, the JobWorkflowExecutor (job_workflow.py) processes steps allowing run (subprocess.run), script (inline Python via exec), and py...

CVE-2026-40149

PraisonAI is a multi-agent teams system. Prior to 4.5.128, the gateway's /api/approval/allow-list endpoint permits unauthenticated modification of the tool approval allowlist when no authtoken is configured the default. By adding dangerous tool names e.g., shellexec, filewrite to the allowlist, a...

CVE-2026-40111 PraisonAIAgents has an OS Command Injection via shell=True in Memory Hooks Executor (memory/hooks.py)

PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, he memory hooks executor in praisonaiagents passes a user-controlled command string directly to subprocess.run with shell=True at src/praisonai-agents/praisonaiagents/memory/hooks.py. No sanitization is performed and shell...