2305 matches found
CVE-2026-45539
Microsoft APM is an open-source, community-driven dependency manager for AI agents. From 0.5.4 to 0.12.4, two primitive integrators in apm-cli enumerate package files with bare Path.glob / Path.rglob calls and read each match with Path.readtext, transparently following symbolic links. A symlink...
CVE-2026-45539
Microsoft APM is an open-source, community-driven dependency manager for AI agents. From 0.5.4 to 0.12.4, two primitive integrators in apm-cli enumerate package files with bare Path.glob / Path.rglob calls and read each match with Path.readtext, transparently following symbolic links. A symlink...
EUVD-2026-29359
SQL injection vulnerability exists in @sap/hdi-deploy package, where SQL queries are dynamically constructed using user input without proper parameterization or prepared statements. Successful exploitation could allow the high privileged users to alter the SELECT statements impacting...
CVE-2026-40131
SQL injection vulnerability exists in @sap/hdi-deploy package, where SQL queries are dynamically constructed using user input without proper parameterization or prepared statements. Successful exploitation could allow the high privileged users to alter the SELECT statements impacting...
CVE-2026-40131 SQL Injection vulnerability in SAP HANA Deployment Infrastructure (HDI) deploy library
SQL injection vulnerability exists in @sap/hdi-deploy package, where SQL queries are dynamically constructed using user input without proper parameterization or prepared statements. Successful exploitation could allow the high privileged users to alter the SELECT statements impacting...
CVE-2026-40131
The CVE-2026-40131 entry concerns the SAP HDI deploy library (@sap/hdi-deploy). Affected component: SQL queries are dynamically constructed from user input without proper parameterization/prepared statements (root cause: lack of parameterization). Impact: confidentiality and availability of the a...
CVE-2026-40131 SQL Injection vulnerability in SAP HANA Deployment Infrastructure (HDI) deploy library
SQL injection vulnerability exists in @sap/hdi-deploy package, where SQL queries are dynamically constructed using user input without proper parameterization or prepared statements. Successful exploitation could allow the high privileged users to alter the SELECT statements impacting...
CVE-2026-40131
SQL injection vulnerability exists in @sap/hdi-deploy package, where SQL queries are dynamically constructed using user input without proper parameterization or prepared statements. Successful exploitation could allow the high privileged users to alter the SELECT statements impacting...
SAP HANA Deployment Infrastructure deploy library SQL注入漏洞
SAP HANA Deployment Infrastructure deploy library is a deployment support library developed by SAP, a German company, for the deployment and lifecycle management of SAP HANA applications. The SAP HANA Deployment Infrastructure deploy library contains a SQL injection vulnerability. This...
PT-2026-39924
SQL injection vulnerability exists in @sap/hdi-deploy package, where SQL queries are dynamically constructed using user input without proper parameterization or prepared statements. Successful exploitation could allow the high privileged users to alter the SELECT statements impacting...
PT-2026-39575
A vulnerability was detected in bettercap up to 2.41.5. Affected by this vulnerability is the function ippReadChunkedBody of the file modules/zerogod/zerogod ipp primitives.go of the component zerogod IPP Service. Performing a manipulation results in integer coercion error. The attack can be...
CVE-2026-6912 Privilege Escalation via Self-Writable Cognito Custom Attribute in AWS Ops Wheel
Improperly controlled modification of dynamically-determined object attributes in the Cognito User Pool configuration in AWS Ops Wheel before PR 165 allows remote authenticated users to escalate to deployment admin privileges and manage Cognito user accounts via a crafted UpdateUserAttributes API...
Malicious code in npm-doc-deploy (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8a8ae6448e13630c5243e98e1794e9b2f57b0e999d4c31687f0db0f1665496f9 The package npm-doc-deploy was found to contain malicious code. Source: ghsa-malware f7938c30cf6da645723648c4c43979c97d7c006933fb24ccab60154f1cc5d084...
cyber-punk
Cyber Punk Security Vulnerability Scanner A Claude Code plu...
PraisonAI 参数注入漏洞
PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI prior to 4.5.128 contained a parameter injection vulnerability. This vulnerability stemmed from the deploy.py script, which did not validate the values containing commas when constructin...
antgrid-server (>=0.0.2 <=0.0.3), kani-tts (=0.0.1) +3 more potentially affected by CVE-2026-24175 via nvidia-pytriton (=0.7.0)
nvidia-pytriton PYPI version =0.7.0 is affected by a known vulnerability. The following packages have a transitive dependency on nvidia-pytriton and may be impacted: - antgrid-server =0.0.2, =0.1.0, =0.1.0rc1, =0.1.0, =0.4.0 Source cves: CVE-2026-24175 Source advisory:...
antgrid-server (>=0.0.2 <=0.0.3), kani-tts (=0.0.1) +3 more potentially affected by CVE-2026-24173 via nvidia-pytriton (=0.7.0)
nvidia-pytriton PYPI version =0.7.0 is affected by a known vulnerability. The following packages have a transitive dependency on nvidia-pytriton and may be impacted: - antgrid-server =0.0.2, =0.1.0, =0.1.0rc1, =0.1.0, =0.4.0 Source cves: CVE-2026-24173 Source advisory:...
antgrid-server (>=0.0.2 <=0.0.3), kani-tts (=0.0.1) +3 more potentially affected by CVE-2026-24146 via nvidia-pytriton (=0.7.0)
nvidia-pytriton PYPI version =0.7.0 is affected by a known vulnerability. The following packages have a transitive dependency on nvidia-pytriton and may be impacted: - antgrid-server =0.0.2, =0.1.0, =0.1.0rc1, =0.1.0, =0.4.0 Source cves: CVE-2026-24146 Source advisory:...
CVE-2026-5602
A vulnerability was determined in Nor2-io heim-mcp up to 0.1.3. Impacted is the function registerTools of the file src/tools.ts of the component newheimapplication/deployheimapplication/deployheimapplicationtocloud. This manipulation causes os command injection. The attack requires local access...
CVE-2026-5602 Nor2-io heim-mcp new_heim_application tools.ts registerTools os command injection
A vulnerability was determined in Nor2-io heim-mcp up to 0.1.3. Impacted is the function registerTools of the file src/tools.ts of the component newheimapplication/deployheimapplication/deployheimapplicationtocloud. This manipulation causes os command injection. The attack requires local access...