External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path via the adapterConfig.instructionsFilePath configuration field, which is processed by the server during agent execution. An attacker can access sensitive files on the host filesystem by supplying...

External Control of File Name or Path

Overview @paperclipai/ui is a Prebuilt Paperclip board UI assets. Affected versions of this package are vulnerable to External Control of File Name or Path via the adapterConfig.instructionsFilePath configuration field, which is processed by the server during agent execution. An attacker can acce...

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path via the adapterConfig.instructionsFilePath configuration field, which is processed by the server during agent execution. An attacker can access sensitive files on the host filesystem by supplying...

Paperclip: Arbitrary File Read via Agent-Controlled adapterConfig.instructionsFilePath

Summary Paperclip contains an arbitrary file read vulnerability that allows an attacker with an Agent API key to read files from the Paperclip server host filesystem. The vulnerability occurs because agents are allowed to modify their own adapterConfig through the /agents/:id API endpoint. The...

GHSA-3PW3-V88X-XJ24 Paperclip: Arbitrary File Read via Agent-Controlled adapterConfig.instructionsFilePath

Summary Paperclip contains an arbitrary file read vulnerability that allows an attacker with an Agent API key to read files from the Paperclip server host filesystem. The vulnerability occurs because agents are allowed to modify their own adapterConfig through the /agents/:id API endpoint. The...

Linux Chmod

Runs chmod on the specified file with specified mode. Module Options msf use payload/linux/loongarch64/chmod msf payloadchmod show actions ...actions... msf payloadchmod set ACTION msf payloadchmod show options ...show and set options... msf payloadchmod run frozenstringliteral: true This module...

EUVD-2026-23266

SourceCodester Payroll Management and Information System v1.0 is vulnerable to SQL Injection in the file /payroll/viewemployee.php...

CVE-2026-37341

SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/managecategory.php...

PT-2026-33337

Name of the Vulnerable Software and Affected Versions SourceCodester Payroll Management and Information System version 1.0 Description SQL Injection exists in the file '/payroll/view employee.php'. Recommendations Update SourceCodester Payroll Management and Information System to a version newer...

PT-2026-33326

Name of the Vulnerable Software and Affected Versions SourceCodester Simple Music Cloud Community System version 1.0 Description An issue exists in the file '/music/view music.php' that allows for SQL Injection, a technique where malicious SQL statements are inserted into entry fields for...

Server-side Request Forgery (SSRF)

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Server-side Request Forgery SSRF through the plugin/LiveLinks/proxy.php process. An attacker can access internal services or sensitive endpoints by exploiting a DN...

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path in the POST /Videos/itemId/Subtitles endpoint due to insufficient validation of the Format field, which allows path traversal via the file extension and enables arbitrary file write. An attacker can...

CVE-2026-37601

SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to SQL Injection in the file /scheduler/admin/appointments/manage_appointment.php. The CVE notes a database-query flaw exploitable via that PHP endpoint, but no specific impact, affected version ranges beyond v1.0, or concrete...

PT-2026-32634

CVE-2026-37593 SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh attendance/admin/view att.php. https://t.co/c4uhTDec9s...

EUVD-2026-21854

A vulnerability was determined in code-projects Simple ChatBox up to 1.0. This affects an unknown part of the file /chatbox/insert.php of the component Endpoint. Executing a manipulation of the argument msg can lead to sql injection. It is possible to launch the attack remotely. The exploit has...

CVE-2026-6148 code-projects Vehicle Showroom Management System MonthTotalReportUpdateFunction.php sql injection

A vulnerability was detected in code-projects Vehicle Showroom Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /util/MonthTotalReportUpdateFunction.php. Performing a manipulation of the argument BRANCHID results in sql injection. The attack is possibl...

CVE-2026-6143

The vulnerability CVE-2026-6143 affects farion1231 cc-switch up to version 3.12.3. It targets the file src-tauri/src/proxy/server.rs in the ProxyServer component, enabling a permissive cross-domain policy with untrusted domains. This is a remote-attack vector, with the exploit publicly released. ...

CVE-2026-36952

Sourcecodester Online Thesis Archiving System v1.0 is vulnerable to SQL injection in the file /otas/admin/curriculum/managecurriculum.php...

PT-2026-32489

Name of the Vulnerable Software and Affected Versions Totolink A7100RU version 7.4cu.2313 b20191024 Description A security issue in the CGI Handler component allows for remote OS command injection. The problem exists in the setPasswordCfg function within the '/cgi-bin/cstecgi.cgi' file. An...

TOTOLINK A7100RU 操作系统命令注入漏洞

The TOTOLINK A7100RU is a wireless router produced by TOTOLINK, a Chinese company. The Totolink A7100RU 7.4cu.2313b20191024 version has a vulnerability related to operating system command injection. This vulnerability stems from incorrect handling of the parameter “command” in the file...