Exploit for OS Command Injection in Lfprojects Mlflow

Below is a structured, markdown-formatted vulnerability research...

Exploit for Code Injection in Agentfront Enclave

CVE-2026-27597 - version Remote Code Execution Quick Usage...

CVE-2025-15064

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user description field in all versions up to, and including, 2.11.1 due to insufficient input sanitization a...

WordPress plugin Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

[SECURITY] Fedora 44 Update: udisks2-2.11.1-1.fc44

The Udisks project provides a daemon, tools and libraries to access and manipulate disks, storage devices and technologies...

OPENSUSE-SU-2026:10332-1 python311-PyPDF2-2.11.1-7.1 on GA media

These are all security issues fixed in the python311-PyPDF2-2.11.1-7.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10321-1 python311-PyPDF2-2.11.1-6.1 on GA media

These are all security issues fixed in the python311-PyPDF2-2.11.1-6.1 package on the GA media of openSUSE Tumbleweed...

CVE-2026-30851

Caddy is an extensible server platform that uses TLS by default. From version 2.10.0 to before version 2.11.2, forwardauth copyheaders does not strip client-supplied headers, allowing identity injection and privilege escalation. This issue has been patched in version 2.11.2...

CVE-2026-30851

Caddy is an extensible server platform that uses TLS by default. From version 2.10.0 to before version 2.11.2, forwardauth copyheaders does not strip client-supplied headers, allowing identity injection and privilege escalation. This issue has been patched in version 2.11.2...

OPENSUSE-SU-2026:10284-1 python311-PyPDF2-2.11.1-5.1 on GA media

These are all security issues fixed in the python311-PyPDF2-2.11.1-5.1 package on the GA media of openSUSE Tumbleweed...

[SECURITY] Fedora 43 Update: udisks2-2.11.1-1.fc43

The Udisks project provides a daemon, tools and libraries to access and manipulate disks, storage devices and technologies...

BIT-AIRFLOW-2025-27555 Apache Airflow: Connection Secrets not masked in UI when Connection are added via Airflow cli

Airflow versions before 2.11.1 have a vulnerability that allows authenticated users with audit log access to see sensitive values in audit logs which they should not see. When sensitive connection parameters were set via airflow CLI, values of those variables appeared in the audit log and were...

CVE-2026-27597

Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to version 2.11.1, it is possible to escape the security boundraries set by @enclave-vm/core, which can be used to achieve remote code execution RCE. The issue has been fixed in version 2.11.1...

SUSE CVE-2026-27590

Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, Caddy's FastCGI path splitting logic computes the split index on a lowercased copy of the request path and then uses that byte index to slice the original path. This is unsafe for Unicode because...

Linux Distros Unpatched Vulnerability : CVE-2026-27586

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, two swallowed errors in ClientAuthentication.provision cause mTLS clie...

EUVD-2026-8617

@enclave-vm/core is vulnerable to Sandbox Escape...

CVE-2025-27555

Airflow versions before 2.11.1 have a vulnerability that allows authenticated users with audit log access to see sensitive values in audit logs which they should not see. When sensitive connection parameters were set via airflow CLI, values of those variables appeared in the audit log and were...

CVE-2026-27597

Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to version 2.11.1, it is possible to escape the security boundraries set by @enclave-vm/core, which can be used to achieve remote code execution RCE. The issue has been fixed in version 2.11.1...

CVE-2026-27597 @enclave-vm/core is vulnerable to Sandbox Escape

Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to version 2.11.1, it is possible to escape the security boundraries set by @enclave-vm/core, which can be used to achieve remote code execution RCE. The issue has been fixed in version 2.11.1...

CVE-2026-27597 @enclave-vm/core is vulnerable to Sandbox Escape

Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to version 2.11.1, it is possible to escape the security boundraries set by @enclave-vm/core, which can be used to achieve remote code execution RCE. The issue has been fixed in version 2.11.1...