PT-2026-45092

A vulnerability was identified in Open5GS up to 2.7.7. This affects an unknown part in the library lib/sbi/nnrf-handler.c of the component Shared NF-profile Parser. Such manipulation leads to denial of service. The attack can be launched remotely. The exploit is publicly available and might be...

CVE-2026-4957 OpenBMB XAgent API Key function_handler.py FunctionHandler.handle_tool_call log file

A flaw has been found in OpenBMB XAgent 1.0.0. The impacted element is the function FunctionHandler.handletoolcall of the file XAgent/functionhandler.py of the component API Key Handler. This manipulation of the argument apikey causes sensitive information in log files. The attack may be initiate...

CVE-2026-4957 OpenBMB XAgent API Key function_handler.py FunctionHandler.handle_tool_call log file

A flaw has been found in OpenBMB XAgent 1.0.0. The impacted element is the function FunctionHandler.handletoolcall of the file XAgent/functionhandler.py of the component API Key Handler. This manipulation of the argument apikey causes sensitive information in log files. The attack may be initiate...

XAgent 日志信息泄露漏洞

XAgent is an open-source, experimental large language model-driven autonomous agent developed by OpenBMB. Version XAgent 1.0.0 contains a vulnerability related to log information leakage, which stems from incorrect handling of the parameter apikey in the file XAgent/functionhandler.py. This could...

PT-2026-28683

A flaw has been found in OpenBMB XAgent 1.0.0. The impacted element is the function FunctionHandler.handle tool call of the file XAgent/function handler.py of the component API Key Handler. This manipulation of the argument api key causes sensitive information in log files. The attack may be...

CVE-2025-68387

Improper neutralization of input during web page generation 'Cross-site Scripting' CWE-79 allows an unauthenticated user to embed a malicious script in content that will be served to web browsers causing cross-site scripting XSS CAPEC-63 via a vulnerability a function handler in the Vega AST...

CVE-2025-68387

CVE-2025-68387 corresponds to Kibana, where an unauthenticated user can exploit an XSS flaw caused by improper input neutralization during web page generation in a function handler of the Vega AST evaluator . Several feeds (NVD, Red Hat, OSV, BIT-KIBANA, SNYK) describe the issue consistently and ...

CVE-2023-29805

WFS-SR03 v1.0.3 was discovered to contain a command injection vulnerability via the prostorcanceltranshandlerpart19 function...

Design/Logic Flaw

G DATA InternetSecurity 2007 does not properly validate certain parameters to System Service Descriptor Table SSDT function handlers, which allows local users to cause a denial of service crash and possibly gain privileges via the 1 NtCreateKey and 2 NtOpenProcess kernel SSDT hooks...