CVE-2026-41645 Nuclei: Environment variable disclosure via Response-Derived DSL Expressions

Nuclei is a vulnerability scanner built on a simple YAML-based DSL. From version 3.0.0 to before version 3.8.0, a vulnerability in Nuclei's expression evaluation engine makes it possible for a malicious target server to inject and execute supported DSL expressions. This happens when HTTP response...

Arbitrary Code Injection

Overview org.apache.atlas:atlas-repository is an Apache Atlas Repository Module Affected versions of this package are vulnerable to Arbitrary Code Injection in the DSL search endpoint. An attacker can execute arbitrary code by placing malicious Gremlin traversal logic within grammar-allowed...

CVE-2026-40563

Description: Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Atlas Apache Atlas exposes a DSL search endpoint that accepts user-supplied query strings. Attacker can alter Gremlin traversal logic within grammar-allowed characters to access unintended data Affect...

GHSA-JM34-66CF-QPVR Nuclei: Environment variable disclosure via Response-Derived DSL Expressions

A vulnerability in Nuclei's expression evaluation engine makes it possible for a malicious target server to inject and execute supported DSL expressions. This happens when HTTP response data containing helper/function syntax gets reused by multi-step templates. If the -env-vars / -ev option is...

Nuclei 安全漏洞

Nuclei is a fast-customizable vulnerability scanner based on simple YAML, open-sourced by ProjectDiscovery. Versions of Nuclei prior to 3.8.0 have security vulnerabilities, which stem from DSL expression injection and may affect the use of multi-step templates...

sinatra

This is the official repository for the Sinatra web framework. It is a DSL Domain Specific Language for web development, allowing developers to create web applications in a concise and elegant way. The repository contains the core code for Sinatra, as well as various plugins and extensions. The...

Can One Safety Loop Guard Them All? Agentic Guard Rails for Federated Computing

We propose Guardian-FC, a novel two-layer framework for privacy preserving federated computing that unifies safety enforcement across diverse privacy preserving mechanisms, including cryptographic back-ends like fully homomorphic encryption FHE and multiparty computation MPC, as well as statistic...

Towards a DSL for Hybrid Secure Computation

Fully homomorphic encryption FHE and trusted execution environments TEE are two approaches to provide confidentiality during data processing. Each approach has its own strengths and weaknesses. In certain scenarios, computations can be carried out in a hybrid environment, using both FHE and TEE...

Ai.Txt: a Domain-Specific Language for Guiding AI Interactions with the Internet

We introduce ai.txt, a novel domain-specific language DSL designed to explicitly regulate interactions between AI models, agents, and web content, addressing critical limitations of the widely adopted robots.txt standard. As AI increasingly engages with online materials for tasks such as training...

IMChecker

This repository is an offensive tool for API misuse detection, specifically designed to identify API misuse bugs in C programs. The tool is called IMChecker, and it uses a constraint-directed static analysis technique powered by a domain-specific language DSL for specifying API usage constraints...

Memory Corruption Vulnerability in DView 2.6.2 Configuration Software at Dalian Polytechnic Computer Control Engineering Co.

DView2.6.2 is a Windows-based data monitoring system software development platform for industrial automation, including DXP data interaction platform software and DHMI HMI configuration software, integrating device management, variable management, communication scheduling, HMI development, Web...

Synchronize Your DNS to Multiple Providers: DNSControl

Synchronize Your DNS to Multiple Providers DNSControl is a system for maintaining DNS zones. It has two parts: a domain specific language DSL for describing DNS zones plus software that processes the DSL and pushes the resulting zones to DNS providers such as Route53, CloudFlare, and Gandi. It ca...