3542 matches found
CVE-2026-32738
libheif (versions
libheif 缓冲区错误漏洞
LibHEIF is a open-source decoder and encoder for the ISO/IEC 23008-12:2017 HEIF file format developed by Struktur. Versions of LibHEIF prior to 1.21.2 contain a buffer error vulnerability. This vulnerability arises from setting samplesperchunk=0 in the stsc box, causing an unsigned integer...
crypto-utils-box (=0.0.6), knk (=0.1.11) +1 more potentially affected by unknown CVE via xmorse (=1.0.0)
xmorse NPM version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on xmorse and may be impacted: - crypto-utils-box =0.0.6 - knk =0.1.11 - vite-plugin-qwer =0.0.5, =0.0.7 Source cves: unknown CVE Source advisory: OSV:MAL-2026-4159...
VibeHacking
👾 Welcome to Vibe Hacking By BlackPC, Vine & Foxxino Inc...
Exploit for CVE-2024-34070
Exploit for CVE-2024-34070 Credit to froxlor for the vuln dis...
Babel: Jailbreaking Safety Attention Via Obfuscation Distribution Optimized Sampling
Despite rigorous safety alignment, Large Language Models LLMs remain vulnerable to jailbreak attacks. Existing black-box methods often rely on heuristic templates or exhaustive trials, lacking mechanistic interpretability and query efficiency. In this study, we investigate an intrinsic...
Exploit for Missing Authentication for Critical Function in Flowiseai Flowise
Silentium — HackTheBox Writeup Platform: HackTheBox...
Exploit for CVE-2026-42945
CVE-2026-42945 NGINX Rift - HTB-Ready Exploit Standalone ex...
CVE-2026-7661
The Bootstrap Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the box shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
SUSE CVE-2026-43337
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix NULL pointer dereference in dcn401inithw dcn401inithw assumes that updatebwboundingbox is valid when entering the update path. However, the existing condition: !fams2enable && updatebwboundingbox || freqchang...
Red-Teaming Agent Execution Contexts: Open-World Security Evaluation on OpenClaw
Agentic language-model systems increasingly rely on mutable execution contexts, including files, memory, tools, skills, and auxiliary artifacts, creating security risks beyond explicit user prompts. This paper presents DeepTrap, an automated framework for discovering contextual vulnerabilities in...
EUVD-2026-29421
The Bootstrap Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the box shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2026-7661
The Bootstrap Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the box shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2026-7661 Bootstrap Shortcode <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'box' Shortcode
The Bootstrap Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the box shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2026-7661
The Bootstrap Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the box shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2026-7661 Bootstrap Shortcode <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'box' Shortcode
The Bootstrap Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the box shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2026-7661
The WordPress Bootstrap Shortcode plugin (versions
WordPress plugin Bootstrap Shortcode 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added to a...
PT-2026-39976
The Bootstrap Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the box shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
Proteus: A Self-Evolving Red Team for Agent Skill Ecosystems
Agent skills extend LLM agents with reusable instructions, tool interfaces, and executable code, and users increasingly install third-party skills from marketplaces, repositories, and community channels. Because a skill exposes both executable behavior and context-setting documentation, its...