45 matches found
CVE-2026-41206
PySpector is a static analysis security testing SAST Framework engineered for modern Python development workflows. The plugin security validator in PySpector uses AST-based static analysis to prevent dangerous code from being loaded as plugins. Prior to version 0.1.8, the blocklist implemented in...
CVE-2026-44482
soundcloud-rpc is a SoundCloud Client with Discord Rich Presence, Dark Mode, Last.fm and AdBlock support. Prior to 0.1.8, a track title containing an HTML payload executed locally in the Electron app. This means attacker-controlled SoundCloud track metadata can lead to local command execution on...
7qb (=0.0.17), @4399ywkf/ui (=3.0.0-alpha.0) +576 more potentially affected by unknown CVE via @antv/algorithm (>=0.0.6 <=0.1.8-beta.6)
@antv/algorithm NPM version =0.0.6, =0.1.1, =0.1.2, =1.1.43, =5.0.48, =1.1.15, =1.0.5, =1.0.5, =1.0.5, =1.1.26, =0.2.11-dev-1, =0.1.0, =1.0.14, =2.6.7 and more Source cves: unknown CVE Source advisory: OSV:MAL-2026-3850...
CVE-2026-44482
soundcloud-rpc is a SoundCloud Client with Discord Rich Presence, Dark Mode, Last.fm and AdBlock support. Prior to 0.1.8, a track title containing an HTML payload executed locally in the Electron app. This means attacker-controlled SoundCloud track metadata can lead to local command execution on...
CVE-2026-44482 soundcloud-rpc: Remote Code Execution via XSS in Track Title
soundcloud-rpc is a SoundCloud Client with Discord Rich Presence, Dark Mode, Last.fm and AdBlock support. Prior to 0.1.8, a track title containing an HTML payload executed locally in the Electron app. This means attacker-controlled SoundCloud track metadata can lead to local command execution on...
CVE-2026-44482
CVE-2026-44482 affects the SoundCloud Client app (soundcloud-rpc) built on Electron. Before 0.1.8, a track title could contain an HTML payload that, via the preload API window.soundcloudAPI.sendTrackUpdate and IPC to the Electron main process, is rendered as raw HTML in privileged views with Node...
Incomplete List of Disallowed Inputs
Overview pyspector is an A high-performance, security-focused static analysis tool for Python, powered by Rust. Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs via the PluginSecurity.validateplugincode validation logic. An attacker can achieve arbitrary co...
CVE-2026-41206
PySpector is a static analysis security testing SAST Framework engineered for modern Python development workflows. The plugin security validator in PySpector uses AST-based static analysis to prevent dangerous code from being loaded as plugins. Prior to version 0.1.8, the blocklist implemented in...
CVE-2026-41206
Summary: CVE-2026-41206 affects PySpector, a Python SAST framework. The vulnerability lies in the plugin security validator’s static analysis in the function/class handling plugin loading via PluginSecurity.validate_plugin_code. Before version 0.1.8, the blocklist is incomplete and can be bypasse...
CVE-2026-41206
PySpector is a static analysis security testing SAST Framework engineered for modern Python development workflows. The plugin security validator in PySpector uses AST-based static analysis to prevent dangerous code from being loaded as plugins. Prior to version 0.1.8, the blocklist implemented in...
CVE-2026-41206 PySpector has a Plugin Code Execution Bypass via Incomplete Static Analysis in PluginSecurity.validate_plugin_code
PySpector is a static analysis security testing SAST Framework engineered for modern Python development workflows. The plugin security validator in PySpector uses AST-based static analysis to prevent dangerous code from being loaded as plugins. Prior to version 0.1.8, the blocklist implemented in...
EUVD-2026-25160
PySpector is a static analysis security testing SAST Framework engineered for modern Python development workflows. The plugin security validator in PySpector uses AST-based static analysis to prevent dangerous code from being loaded as plugins. Prior to version 0.1.8, the blocklist implemented in...
PT-2026-34599
PySpector is a static analysis security testing SAST Framework engineered for modern Python development workflows. The plugin security validator in PySpector uses AST-based static analysis to prevent dangerous code from being loaded as plugins. Prior to version 0.1.8, the blocklist implemented in...
PySpector 安全漏洞
PySpector is a high-performance Python static security analysis framework based on graphs, developed by Tommaso Bona. Versions of PySpector prior to 0.1.8 contained security vulnerabilities. These vulnerabilities stemmed from an incomplete blacklist of plugin security validators, which could allo...
CVE-2026-40576
excel-mcp-server is a Model Context Protocol server for Excel file manipulation. A path traversal vulnerability exists in excel-mcp-server versions up to and including 0.1.7. When running in SSE or Streamable-HTTP transport mode the documented way to use this server remotely, an unauthenticated...
CVE-2026-40576 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in excel-mcp-server
excel-mcp-server is a Model Context Protocol server for Excel file manipulation. A path traversal vulnerability exists in excel-mcp-server versions up to and including 0.1.7. When running in SSE or Streamable-HTTP transport mode the documented way to use this server remotely, an unauthenticated...
CVE-2026-40576
excel-mcp-server is a Model Context Protocol server for Excel file manipulation. A path traversal vulnerability exists in excel-mcp-server versions up to and including 0.1.7. When running in SSE or Streamable-HTTP transport mode the documented way to use this server remotely, an unauthenticated...
CVE-2026-5559
A vulnerability has been found in AntaresMugisho PyBlade 0.1.8-alpha/0.1.9-alpha. The affected element is the function issafeast of the file sandbox.py of the component AST Validation. Such manipulation leads to improper neutralization of special elements used in a template engine. The attack may...
PyBlade 安全漏洞
PyBlade is a lightweight and efficient Python template engine developed by Antares’ individual developers, supporting component-based development. Versions 0.1.8-alpha and 0.1.9-alpha of PyBlade contain security vulnerabilities, which stem from the improper handling of special elements within the...
Incomplete List of Disallowed Inputs
Overview fickling is an A static analyzer and interpreter for Python pickle data Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs in the islikelysafe, checksafety, --check-safety, alwayschecksafety and checksafety interfaces. An attacker can execute arbitra...