176 matches found
EUVD-2026-41213
Craft CMS: Potential authenticated Remote Code Execution via referrer redirect...
CVE-2026-55794 Craft CMS: Potential authenticated Remote Code Execution via referrer redirect
Craft CMS is a content management system CMS. In versions 5.9.0 and above prior to 5.10.0, control panel users with the ability to edit entries can execute unsandboxed Twig code via the HTTP Referrer header, potentially leading to authenticated RCE. The issue happens when a user is saving entries...
CVE-2026-55794
Craft CMS
CVE-2026-55794 Craft CMS: Potential authenticated Remote Code Execution via referrer redirect
Craft CMS is a content management system CMS. In versions 5.9.0 and above prior to 5.10.0, control panel users with the ability to edit entries can execute unsandboxed Twig code via the HTTP Referrer header, potentially leading to authenticated RCE. The issue happens when a user is saving entries...
Flowise CSV Agent Prompt Injection RCE
This vulnerability allows remote attackers to execute arbitrary code on affected installations of FlowiseAI Flowise. Authentication is not required to exploit this vulnerability. The specific flaw exists within the run method of the CSVAgents class. The issue results from the lack of proper...
PT-2026-54862
Name of the Vulnerable Software and Affected Versions Craft CMS versions 5.9.0 through 5.9.x Description Control panel users with entry editing permissions can execute unsandboxed Twig code, which may lead to authenticated Remote Code Execution RCE. The issue occurs during the entry saving proces...
CVE-2026-58138 Orkes Conductor 3.21.21 < 3.30.2 Unauthenticated RCE via GraalVM Script Evaluators
Orkes Conductor 3.21.21 before 3.30.2 contains an unauthenticated remote code execution vulnerability that allows remote attackers to execute arbitrary OS commands by submitting inline workflow definitions containing malicious JavaScript or Python expressions to the workflow API endpoint prior to...
CVE-2026-55607 Claude Code: Sandbox Escape via Git Worktree Path Confusion Allows Unsandboxed Code Execution
Claude Code is an agentic coding tool. From 2.1.38 until 2.1.163, Claude Code's worktree handling allowed creation of worktrees named ".git" and navigation to worktrees outside the sandbox context, enabling git directory confusion attacks. By exploiting symlink manipulation and git fsmonitor...
CVE-2025-71336 Flowise - Unsandboxed Remote Code Execution via Custom MCP
Flowise before 3.0.6 affected versions 2.2.7-patch.1 and earlier contains an unsandboxed remote code execution vulnerability in the Custom MCP feature, which is designed to execute OS commands such as launching local MCP servers. Because Flowise's authentication and authorization model is minimal...
CVE-2025-71336 Flowise - Unsandboxed Remote Code Execution via Custom MCP
Flowise before 3.0.6 affected versions 2.2.7-patch.1 and earlier contains an unsandboxed remote code execution vulnerability in the Custom MCP feature, which is designed to execute OS commands such as launching local MCP servers. Because Flowise's authentication and authorization model is minimal...
CVE-2026-48721
Warp is an agentic development environment. From 0.2025.10.08.08.12.stable00 until 0.2026.05.06.15.42.stable01, Warp contains a command execution permission-check bypass in the default unsandboxed CLI agent profile. The CLI profile is non-interactive and relies on a command denylist as a safety...
CVE-2026-48721 Warp: Env-var prefixes can lead to denylisted command autoexecution
Warp is an agentic development environment. From 0.2025.10.08.08.12.stable00 until 0.2026.05.06.15.42.stable01, Warp contains a command execution permission-check bypass in the default unsandboxed CLI agent profile. The CLI profile is non-interactive and relies on a command denylist as a safety...
PT-2026-52028
Name of the Vulnerable Software and Affected Versions Warp versions 0.2025.10.08.08.12.stable 00 through 0.2026.05.06.15.42.stable 00 Description A command execution permission-check bypass exists in the default unsandboxed CLI agent profile. This profile is non-interactive and utilizes a command...
CVE-2026-47103 Python StateMachine 3.0.0 < 3.2.0 RCE via SCXML eval() Injection
Python StateMachine versions 3.0.0 before 3.2.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary code by supplying malicious SCXML documents containing crafted attributes evaluated unsafely. The SCXMLProcessor passes attacker-controlled expression strings...
CVE-2026-44209
A flaw was found in banks. This vulnerability, known as Server-Side Template Injection SSTI, allows a remote attacker to achieve Remote Code Execution RCE on the host system. This occurs when applications using banks pass user-supplied strings directly as template arguments to the Prompt function...
CVE-2026-4372
A critical remote code execution vulnerability exists in all versions of the HuggingFace transformers library prior to version 5.3.0. The vulnerability allows an attacker to craft a malicious config.json file containing the attnimplementationinternal field set to an attacker-controlled HuggingFac...
Yamcs Vulnerable to Server-Side Code Injection (RCE) via Janino Expression Engine in `JavaExprAlgorithmExecutionFactory`
Summary A Server-Side Code Injection vulnerability exists in the Yamcs algorithm evaluation engine org.yamcs.algorithms.JavaExprAlgorithmExecutionFactory. The application dynamically compiles and evaluates user-controlled algorithm text without enforcing a secure sandbox. An authenticated user wi...
CVE-2026-44209
Banks generates meaningful LLM prompts using a template language that makes sense. Prior to 2.4.2, banks uses jinja2.Environment unsandboxed to render prompt templates. Applications that pass user-supplied strings as the template argument to Prompt are vulnerable to Server-Side Template Injection...
CVE-2026-44209
Banks generates meaningful LLM prompts using a template language that makes sense. Prior to 2.4.2, banks uses jinja2.Environment unsandboxed to render prompt templates. Applications that pass user-supplied strings as the template argument to Prompt are vulnerable to Server-Side Template Injection...
CVE-2026-44209
Banks prompt templating (banks) is vulnerable prior to version 2.4.2 due to an unsandboxed jinja2.Environment() when rendering prompt templates. If applications pass user-supplied strings as the template argument to Prompt(), this SSTI can lead to Remote Code Execution on the host. The issue is f...