12 matches found
CVE-2026-44641
Microsoft APM is an open-source, community-driven dependency manager for AI agents. Prior to 0.8.12, Microsoft APM normalizes marketplace plugins by copying plugin components referenced in plugin.json into .apm/. The manifest fields agents, skills, commands, and hooks are attacker-controlled, but...
CVE-2026-44641
CVE-2026-44641 affects Microsoft APM. Before version 0.8.12, the plugin-loading flow copies components listed in plugin.json into the .apm/ directory and does not validate that manifest paths (agents, skills, commands, hooks) stay inside the plugin root. An attacker can supply absolute or ../ tra...
CVE-2024-44641
PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection via the oldpass parameter in change-password.php...
EUVD-2025-44641
Malicious code in vina-keripik65-sukiwir npm...
CVE-2022-44641
In Linaro Automated Validation Architecture LAVA before 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion, leading to excessive use of memory on the server and a Denial of Service...
Debian dla-3276 : lava - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3276 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3276-1 [email protected] https://www.debian.org/lts/security/...
Debian: Security Advisory (DSA-5318-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DSA-5318-1 : lava - security update
The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5318 advisory. Igor Ponomarev discovered that LAVA, a continuous integration system for deploying operating systems onto physical and virtual hardware for running tests, was suspectible ...
[SECURITY] [DSA 5318-1] lava security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5318-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 13, 2023 https://www.debian.org/security/faq -...
CVE-2022-44641
In Linaro Automated Validation Architecture LAVA before 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion, leading to excessive use of memory on the server and a Denial of Service...
CVE-2022-44641
Summary: CVE-2022-44641 concerns LAVA (Linaro Automated Validation Architecture) where a user with valid credentials can submit crafted XMLRPC requests that trigger recursive XML entity expansion, causing memory exhaustion on the server and resulting in a Denial of Service. Impact and scope: The ...
CVE-2022-44641
In Linaro Automated Validation Architecture LAVA before 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion, leading to excessive use of memory on the server and a Denial of Service...