CVE-2026-22038

CVE-2026-22038 affects AutoGPT prior to platform-beta-v0.6.46. The vulnerability arises when Stagehand blocks log API keys and authentication secrets in plaintext via logger.info() in StagehandObserveBlock, StagehandActBlock, and StagehandExtractBlock, where api_key.get_secret_value() is logged. ...

Bypassing AI Control Protocols Via Agent-As-A-Proxy Attacks

As AI agents automate critical workloads, they remain vulnerable to indirect prompt injection IPI attacks. Current defenses rely on monitoring protocols that jointly evaluate an agent's Chain-of-Thought CoT and tool-use actions to ensure alignment with user intent. We demonstrate that these...

BIT-PYTHON-MIN-2007-4559

Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence in filenames in a TAR archive, a related issue to CVE-2001-1267...

BIT-PYTHON-2007-4559

Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence in filenames in a TAR archive, a related issue to CVE-2001-1267...

PT-2026-5854

PhpIX 2012 Professional contains a SQL injection vulnerability in the 'id' parameter of product detail.php that allows remote attackers to manipulate database queries. Attackers can inject malicious SQL code through the 'id' parameter to potentially extract or modify database information...

CVE-2026-1767

A flaw was found in the GNOME localsearch previously known as tracker-miners MP3 Extractor tracker-extract-mp3 component. A remote attacker could exploit this heap buffer overflow vulnerability by providing a specially crafted MP3 file containing malformed ID3 tags. This incorrect length...

CVE-2026-1766

A flaw was found in GNOME localsearch previously known as tracker-miners MP3 Extractor, specifically within the tracker-extract-mp3 component. This heap buffer overflow vulnerability occurs when processing specially crafted MP3 files containing malformed ID3v2.3 COMM Comment tags. An attacker cou...

GNOME localsearch 安全漏洞

GNOME localsearch is a file search engine developed under the GNOME open-source framework. GNOME localsearch has a security vulnerability, which stems from a buffer overflow issue during the processing of specially crafted MP3 files by the tracker-extract-mp3 module. This vulnerability could lead...

mtkclient

🚀 mtkclient - Easily Flash and Repair Mediatek Devices !Dow...

Directory Traversal

Overview apple/container is an A tool for creating and running Linux containers using lightweight virtual machines on a Mac. It is written in Swift, and optimized for Apple silicon. Affected versions of this package are vulnerable to Directory Traversal via the extractContents function. An attack...

Medium: libtiff

Issue Overview: LibTIFF 4.4.0 has an out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c:3604, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit cfbb883b. CVE-2022-3598...

MiracleLinux 9 : tcpdump-4.99.0-9.el9 (AXSA:2024-8003:03)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-8003:03 advisory. tcpslice: use-after-free in extractslice CVE-2021-41043 Tenable has extracted the preceding description block directly from the MiracleLinux security advisor...

MiracleLinux 7 : icoutils-0.31.3-1.el7 (AXSA:2017-1531:01)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2017-1531:01 advisory. The icoutils are a set of programs for extracting and converting images in Microsoft Windows icon and cursor files. These files usually have the...

Directory Traversal

Overview guarddog is a GuardDog is a CLI tool to Identify malicious PyPI packages Affected versions of this package are vulnerable to Directory Traversal via the safeextract function. An attacker can overwrite arbitrary files and potentially execute code by crafting a malicious archive with path...

GHSA-XG9W-VG3G-6M68 GuardDog Path Traversal Vulnerability Leads to Arbitrary File Overwrite and RCE

Summary A path traversal vulnerability exists in GuardDog's safeextract function that allows malicious PyPI packages to write arbitrary files outside the intended extraction directory, leading to Arbitrary File Overwrite and Remote Code Execution on systems running GuardDog. CWE: CWE-22 Improper...

CVE-2026-22871 GuardDog Path Traversal Vulnerability Leads to Arbitrary File Overwrite and RCE

GuardDog is a CLI tool to identify malicious PyPI packages. Prior to 2.7.1, there is a path traversal vulnerability exists in GuardDog's safeextract function that allows malicious PyPI packages to write arbitrary files outside the intended extraction directory, leading to Arbitrary File Overwrite...

EUVD-2026-2012

GuardDog is a CLI tool to identify malicious PyPI packages. Prior to 2.7.1, there is a path traversal vulnerability exists in GuardDog's safeextract function that allows malicious PyPI packages to write arbitrary files outside the intended extraction directory, leading to Arbitrary File Overwrite...

CVE-2026-22871 GuardDog Path Traversal Vulnerability Leads to Arbitrary File Overwrite and RCE

GuardDog is a CLI tool to identify malicious PyPI packages. Prior to 2.7.1, there is a path traversal vulnerability exists in GuardDog's safeextract function that allows malicious PyPI packages to write arbitrary files outside the intended extraction directory, leading to Arbitrary File Overwrite...

CVE-2026-22871

GuardDog has a path traversal vulnerability in its safe_extract() implementation (guarddog/utils/archives.py) that allows a PyPI package to write files outside the extraction directory, enabling Arbitrary File Overwrite and Remote Code Execution. Affected before version 2.7.1; the issue stems fro...

CVE-2026-22870 GuardDog Zip Bomb Vulnerability in safe_extract() Allows DoS

GuardDog is a CLI tool to identify malicious PyPI packages. Prior to 2.7.1, GuardDog's safeextract function does not validate decompressed file sizes when extracting ZIP archives wheels, eggs, allowing attackers to cause denial of service through zip bombs. A malicious package can consume gigabyt...