CVE-2026-6621 1024bit extend-deep index.js prototype pollution

A vulnerability was determined in 1024bit extend-deep up to 0.1.6. The impacted element is an unknown function of the file index.js. This manipulation of the argument proto causes improperly controlled modification of object prototype attributes. Remote exploitation of the attack is possible. The...

CVE-2026-6621 1024bit extend-deep index.js prototype pollution

A vulnerability was determined in 1024bit extend-deep up to 0.1.6. The impacted element is an unknown function of the file index.js. This manipulation of the argument proto causes improperly controlled modification of object prototype attributes. Remote exploitation of the attack is possible. The...

CVE-2026-33654

nanobot is a personal AI assistant. Prior to version 0.1.6, an indirect prompt injection vulnerability exists in the email channel processing module nanobot/channels/email.py, allowing a remote, unauthenticated attacker to execute arbitrary LLM instructions and subsequently, system tools without...

CVE-2026-33654

nanobot is a personal AI assistant. Prior to version 0.1.6, an indirect prompt injection vulnerability exists in the email channel processing module nanobot/channels/email.py, allowing a remote, unauthenticated attacker to execute arbitrary LLM instructions and subsequently, system tools without...

CVE-2026-33654

Summary of CVE-2026-33654 : nanobot (personal AI assistant) contains an indirect prompt injection vulnerability in the email channel processing module (nanobot/channels/email.py) prior to version 0.1.6. An unauthenticated remote attacker can send a malicious email to the bot’s monitored address, ...

CVE-2026-33654 Zero-Click Indirect Prompt Injection and Authentication Bypass via Email Polling

nanobot is a personal AI assistant. Prior to version 0.1.6, an indirect prompt injection vulnerability exists in the email channel processing module nanobot/channels/email.py, allowing a remote, unauthenticated attacker to execute arbitrary LLM instructions and subsequently, system tools without...

CVE-2026-33654

nanobot is a personal AI assistant. Prior to version 0.1.6, an indirect prompt injection vulnerability exists in the email channel processing module nanobot/channels/email.py, allowing a remote, unauthenticated attacker to execute arbitrary LLM instructions and subsequently, system tools without...

CVE-2026-33654 Zero-Click Indirect Prompt Injection and Authentication Bypass via Email Polling

nanobot is a personal AI assistant. Prior to version 0.1.6, an indirect prompt injection vulnerability exists in the email channel processing module nanobot/channels/email.py, allowing a remote, unauthenticated attacker to execute arbitrary LLM instructions and subsequently, system tools without...

EUVD-2026-16777

nanobot is a personal AI assistant. Prior to version 0.1.6, an indirect prompt injection vulnerability exists in the email channel processing module nanobot/channels/email.py, allowing a remote, unauthenticated attacker to execute arbitrary LLM instructions and subsequently, system tools without...

PT-2026-28507

Name of the Vulnerable Software and Affected Versions nanobot versions prior to 0.1.6 Description An indirect prompt injection exists in the email channel processing module nanobot/channels/email.py. This allows a remote, unauthenticated attacker to execute arbitrary Large Language Model LLM...

CVE-2026-33140 PySpector: Stored XSS in PySpector HTML Report Generation leads to Javascript Code Execution

PySpector is a static analysis security testing SAST Framework engineered for modern Python development workflows. PySpector versions 0.1.6 and prior are affected by a stored Cross-Site Scripting XSS vulnerability in the HTML report generator. When PySpector scans a Python file containing...

CVE-2026-33140

PySpector is a static analysis security testing SAST Framework engineered for modern Python development workflows. PySpector versions 0.1.6 and prior are affected by a stored Cross-Site Scripting XSS vulnerability in the HTML report generator. When PySpector scans a Python file containing...

CVE-2026-33139 PySpector: Plugin Sandbox Bypass leads to Arbitrary Code Execution

PySpector is a static analysis security testing SAST Framework engineered for modern Python development workflows. PySpector versions 0.1.6 and prior are affected by a security validation bypass in the plugin system. The validateplugincode function in pluginsystem.py, performs static AST analysis...

graph-generator-lib (>=0.1.0 <=0.1.10), libunftp (>=0.6.0 <=0.6.1) +7 more potentially affected by unknown CVE via tokio-compat (=0.1.6)

tokio-compat CARGO version =0.1.6 is affected by a known vulnerability. The following packages have a transitive dependency on tokio-compat and may be impacted: - graph-generator-lib =0.1.0, =0.6.0, =0.1.0, =0.1.3 - parity-runtime =0.1.2 - price-info =1.12.0 - rudolfs =0.2.11 - sccache =0.2.15 -...

PySpector 跨站脚本漏洞

PySpector is a high-performance Python static security analysis framework developed by Tommaso Bona. Versions of PySpector 0.1.6 and earlier contained a cross-site scripting vulnerability. This vulnerability stemmed from a storage-based cross-site scripting mechanism in the HTML report generator,...

Stored XSS in PySpector HTML Report Generation leads to Javascript Code Execution

Summary PySpector versions = 0.1.6 are affected by a stored Cross-Site Scripting XSS vulnerability in the HTML report generator. When PySpector scans a Python file containing JavaScript payloads i.e. inside a string passed to eval , the flagged code snippet is interpolated into the HTML report...

GHSA-2GMV-2R3V-JXJ2 Stored XSS in PySpector HTML Report Generation leads to Javascript Code Execution

Summary PySpector versions = 0.1.6 are affected by a stored Cross-Site Scripting XSS vulnerability in the HTML report generator. When PySpector scans a Python file containing JavaScript payloads i.e. inside a string passed to eval , the flagged code snippet is interpolated into the HTML report...

PT-2026-26196

Name of the Vulnerable Software and Affected Versions PySpector versions 0.1.6 and prior Description PySpector, a static analysis security testing framework for Python development, is affected by a security validation bypass in its plugin system. The validate plugin code function in plugin...

EUVD-2026-8862

An issue in fastCMS before v.0.1.6 allows a local attacker to execute arbitrary code via the PluginController.java component...

CVE-2026-26682

An issue in fastCMS before v.0.1.6 allows a local attacker to execute arbitrary code via the PluginController.java component...