Python Notebook MCP 路径遍历漏洞

Python Notebook MCP is an interactive tool developed by Usama Khatab, allowing AI assistants to operate Jupyter notebooks. Python Notebook MCP has a path traversal vulnerability, which stems from issues with the functions createnotebook/readnotebook/editcell/addcell in the file server.py,...

Arbitrary Argument Injection

Overview archivebox is a The self-hosted internet archive. Affected versions of this package are vulnerable to Arbitrary Argument Injection via the AddView class. An attacker can execute arbitrary code on the server by submitting specially crafted configuration overrides to the /add/ endpoint,...

ArchiveBox Vulnerable to RCE via unvalidated per-crawl config overrides in AddView

The /add/ endpoint AddView in core/views.py accepts a config JSON field that gets merged into the crawl config without validation. This config is exported as environment variables when archive plugins run, allowing injection of arbitrary tool arguments to achieve RCE. When PUBLICADDVIEW=True comm...

GHSA-3H23-7824-PJ8R ArchiveBox Vulnerable to RCE via unvalidated per-crawl config overrides in AddView

The /add/ endpoint AddView in core/views.py accepts a config JSON field that gets merged into the crawl config without validation. This config is exported as environment variables when archive plugins run, allowing injection of arbitrary tool arguments to achieve RCE. When PUBLICADDVIEW=True comm...

CVE-2026-7410

A vulnerability has been found in SourceCodester Pizzafy Ecommerce System 1.0. This vulnerability affects unknown code of the file /admin/ajax.php?action=addtocart. The manipulation of the argument pid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to...

CVE-2026-4658

The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the className, classHook, and blockId attributes in the Add to Cart block essential-blocks/add-to-cart in all versions up to, and including, 6.0.4. This...

CVE-2026-41923

WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 contains an OS command injection vulnerability in the internet.cgi binary that allows unauthenticated remote attackers to execute arbitrary shell commands by injecting malicious input into the gateway POST parameter. Attackers can exploit...

EUVD-2026-27120

WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 contains an OS command injection vulnerability in the internet.cgi binary that allows unauthenticated remote attackers to execute arbitrary shell commands by injecting malicious input into the gateway POST parameter. Attackers can exploit...

CVE-2026-41923 WDR201A WiFi Extender OS Command Injection via internet.cgi

WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 contains an OS command injection vulnerability in the internet.cgi binary that allows unauthenticated remote attackers to execute arbitrary shell commands by injecting malicious input into the gateway POST parameter. Attackers can exploit...

CVE-2026-41923 WDR201A WiFi Extender OS Command Injection via internet.cgi

WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 contains an OS command injection vulnerability in the internet.cgi binary that allows unauthenticated remote attackers to execute arbitrary shell commands by injecting malicious input into the gateway POST parameter. Attackers can exploit...

CVE-2026-41923

CVE-2026-41923 affects the WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02). The vulnerability is an OS command injection in the internet.cgi binary that allows unauthenticated remote attackers to execute arbitrary shell commands by injecting malicious input into the gateway POST parameter....

EUVD-2025-209616

Buffer Overflow vulnerability exists in Assimp versions up to 6.0.2 in the FBX Importer. The vulnerability occurs in aiMaterial::AddBinaryProperty, where a property key string from a crafted FBX file is copied into a fixed-size heap buffer using strcpy without runtime length validation...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: clk: imx: scu: fix memleak on platformdeviceadd fails No error handling is performed when platformdeviceadd fails. Error processing should be added before returning from the function, and the return value has been modified...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ASoC: DPCM: Do not pick up BE without a substream When DPCM attempts to establish valid BE connections using dpcmaddpaths, it does not check whether the selected BE actually supports the given stream direction. As a result, when ...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: mtd: Fixed a device name leak when registering a device in addmtddevice. There is a kmemleak when registering a device fails: Unreferenced object 0xffff888101aab550 size 8: Command "insmod", PID 3922, jiffies 4295277753 age...

Astra Linux – Vulnerability in Linux 5.10

A use-after-free flaw was discovered in the addpartition function in the block/partitions/core.c file within the Linux kernel. A local attacker with user privileges could cause a denial of service on the system. The issue arises due to the lack of code cleanup when the deviceadd function fails...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: mmc: mxcmmc: Fix the return value check in mmcaddhost. mmcaddhost may return an error. If we ignore its return value, the memory allocated by mmcallochost will be leaked, leading to a kernel crash due to the removal of devices...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: btrfs: fixed a situation where a double free of the qgroup record occurred after attempting to add a delayed ref head failed. In the previous code, it was possible for a double kfree scenario to occur when calling...

Astra Linux – Vulnerability in exim4

Exim 4 before 4.94.2 allowed integer overflow to lead to a buffer overflow in the receiveaddrecipient function, through an email message with fifty million recipients. NOTE: Remote exploitation might be difficult due to resource consumption...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: mmc: via-sdmmc: fixed the return value check in mmcaddhost The mmcaddhost function may return an error. If we ignore its return value, it will cause two issues: 1. The memory allocated in the mmcallochost function may be leake...