SUSE-SU-2026:21106-1 Security update for cockpit

This update for cockpit fixes the following issues: Changes in cockpit: - CVE-2026-4631: Avoid ssh command injection that could be used to cause remote code execution bsc1261829...

Exploit for Code Injection in Flowiseai Flowise

CVE-2025-59528 - FlowiseAI CustomMCP Remote Code Execution...

vim: Vim: Arbitrary code execution via command injection in glob() function

A flaw was found in Vim. By including a newline character in a pattern passed to Vim's glob function, an attacker may be able to execute arbitrary shell commands. This command injection vulnerability allows for arbitrary code execution, depending on the user's shell settings...

curl: Argument Injection via curl Short-Flag Grouping

This report details how the curl -os command facilitates an Argument Injection vulnerability in applications that wrap the curl command-line tool. The specific command curl -os /etc/passwd --url http://example.com demonstrates a subtle but dangerous behavior. Because -s silent follows -o output,...

CVE-2026-29955

The /registercrd endpoint in KubePlus 4.14 in the kubeconfiggenerator component is vulnerable to command injection. The component uses subprocess.Popen with shell=True parameter to execute shell commands, and the user-supplied chartName parameter is directly concatenated into the command string...

PT-2026-32490

Name of the Vulnerable Software and Affected Versions KubePlus version 4.14 Description The '/registercrd' endpoint in the kubeconfiggenerator component is susceptible to command injection. The issue occurs because the component utilizes the subprocess.Popen function with the shell=True parameter...

CVE-2026-29955

The /registercrd endpoint in KubePlus 4.14 in the kubeconfiggenerator component is vulnerable to command injection. The component uses subprocess.Popen with shell=True parameter to execute shell commands, and the user-supplied chartName parameter is directly concatenated into the command string...

PT-2026-32535

Name of the Vulnerable Software and Affected Versions UniFi Play PowerAmp versions prior to 1.0.38 UniFi Play Audio Port versions prior to 1.1.9 Description Improper Access Control in the UniFi Play network allows a malicious actor with network access to enable SSH, which can lead to unauthorized...

Exploit for Path Traversal in Gogs

CVE-2025-8110-Authenticated-Remote-Code-Execution-on-Gogs-v0.1...

Exploit for Path Traversal in Gogs

Gogs RCE Exploit CVE-2025-8110 !Pythonhttps://img.shield...

RHSA-2026:7383 Red Hat Security Advisory: cockpit: Unauthenticated remote code execution due to SSH command-line argument injection

Bulletin has no description...

RHSA-2026:7382 Red Hat Security Advisory: cockpit: Unauthenticated remote code execution due to SSH command-line argument injection

Bulletin has no description...

RHSA-2026:7381 Red Hat Security Advisory: cockpit: Unauthenticated remote code execution due to SSH command-line argument injection

Bulletin has no description...

SUSE CVE-2026-4631

Cockpit's remote login feature passes user-supplied hostnames and usernames from the web interface to the SSH client without validation or sanitization. An attacker with network access to the Cockpit web service can craft a single HTTP request to the login endpoint that injects malicious SSH...

Command Injection

PraisonAIAgents is vulnerable to Command Injection. The vulnerability is due to passing user-controlled command strings directly to subprocess.run with shell=True without sanitization, which allows an attacker to execute arbitrary system commands through crafted inputs or malicious hook...

Missing Authentication For Critical Function

marimo is vulnerable to Missing Authentication For Critical Function. The vulnerability is due to missing authentication validation in the /terminal/ws WebSocket endpoint, which allows an attacker to establish a shell and execute arbitrary system commands without authentication...

phpseclib has a variable-time HMAC comparison in SSH2::get_binary_packet() using != instead of hash_equals()

phpseclib SSH2: Variable-time comparison in HMAC verification Summary phpseclib\Net\SSH2::getbinarypacket uses PHP's != operator to compare a received SSH packet HMAC against the locally computed HMAC. != on equal-length binary strings in PHP uses memcmp, which short-circuits on the first differi...

GHSA-VC46-VW85-3WVM PraisonAI has critical RCE via `type: job` workflow YAML

praisonai workflow run loads untrusted YAML and if type: job executes steps through JobWorkflowExecutor in jobworkflow.py. This supports: - run: → shell command execution via subprocess.run - script: → inline Python execution via exec - python: → arbitrary Python script execution A malicious YAML...

PraisonAI has critical RCE via `type: job` workflow YAML

praisonai workflow run loads untrusted YAML and if type: job executes steps through JobWorkflowExecutor in jobworkflow.py. This supports: - run: → shell command execution via subprocess.run - script: → inline Python execution via exec - python: → arbitrary Python script execution A malicious YAML...

GHSA-FFP3-3562-8CV3 PraisonAI: Coarse-Grained Tool Approval Cache Bypasses Per-Invocation Consent for Shell Commands

Summary The approval system in PraisonAI Agents caches tool approval decisions by tool name only, not by invocation arguments. Once a user approves executecommand for any command e.g., ls -la, all subsequent executecommand calls in that execution context bypass the approval prompt entirely...