SuperAGI 安全漏洞

SuperAGI is an open-source infrastructure application developed by SuperAGI. It is used to build components, tools, frameworks, and models to achieve open-source AGI. Versions of SuperAGI 0.0.14 and earlier contain security vulnerabilities. These vulnerabilities stem from improper handling of...

CVE-2026-29643

XiangShan Open-source high-performance RISC-V processor commit edb1dfaf7d290ae99724594507dc46c2c2125384 2024-11-28 contains an improper exceptional-condition handling flaw in its CSR subsystem NewCSR. On affected versions, certain sequences of CSR operations targeting non-existent/custom CSR...

CVE-2026-29643

The CVE relates to XiangShan’s CSR subsystem (NewCSR) in an open‑source RISC‑V processor. The flaw is an improper exceptional‑condition handling when CSR operations target non‑existent/custom CSR addresses, which may trigger an illegal‑instruction exception but fail to reliably transfer control t...

CVE-2026-6580

A security vulnerability has been detected in liangliangyy DjangoBlog up to 2.1.0.0. Affected is an unknown function of the file owntracks/views.py of the component Amap API Call Handler. Such manipulation of the argument key leads to use of hard-coded cryptographic key . The attack may be launch...

EUVD-2026-23707

A vulnerability was determined in liangliangyy DjangoBlog up to 2.1.0.0. The affected element is the function CommandHandler of the file servermanager/api/commonapi.py of the component WeChat Bot Interface. Executing a manipulation of the argument Source can lead to command injection. It is...

CVE-2026-6578

A security flaw has been discovered in liangliangyy DjangoBlog up to 2.1.0.0. This affects an unknown function of the file djangoblog/settings.py of the component Setting Handler. The manipulation of the argument SECRETKEY results in hard-coded credentials. The attack can be launched remotely. Th...

CVE-2026-6578

Summary: CVE-2026-6578 affects the DjangoBlog app by liangliangyy up to version 2.1.0.0. The issue is located in djangoblog/settings.py (Setting Handler) where manipulating the SECRET_KEY leads to hard-coded credentials. It is possible to launch an attack remotely with high complexity, and the ex...

CVE-2026-6576 liangliangyy DjangoBlog WeChat Bot commonapi.py CommandHandler command injection

A vulnerability was determined in liangliangyy DjangoBlog up to 2.1.0.0. The affected element is the function CommandHandler of the file servermanager/api/commonapi.py of the component WeChat Bot Interface. Executing a manipulation of the argument Source can lead to command injection. It is...

CVE-2026-6576

A vulnerability was determined in liangliangyy DjangoBlog up to 2.1.0.0. The affected element is the function CommandHandler of the file servermanager/api/commonapi.py of the component WeChat Bot Interface. Executing a manipulation of the argument Source can lead to command injection. It is...

CVE-2026-6576

CVE-2026-6576 affects liangliangyy DjangoBlog (up to version 2.1.0.0) via the WeChat Bot Interface, specifically the servermanager/api/commonapi.py CommandHandler. The root cause is a vulnerability allowing manipulation of the Source argument to achieve command injection, with remote exploitation...

CVE-2026-6568

A vulnerability was determined in kodcloud KodExplorer up to 4.52. This affects the function share.class.php::initShareOld of the file /app/controller/share.class.php of the component Public Share Handler. This manipulation of the argument path causes path traversal. The attack can be initiated...

CVE-2026-6568

A vulnerability was determined in kodcloud KodExplorer up to 4.52. This affects the function share.class.php::initShareOld of the file /app/controller/share.class.php of the component Public Share Handler. This manipulation of the argument path causes path traversal. The attack can be initiated...

PT-2026-33626

A vulnerability was determined in kodcloud KodExplorer up to 4.52. This affects the function share.class.php::initShareOld of the file /app/controller/share.class.php of the component Public Share Handler. This manipulation of the argument path causes path traversal. The attack can be initiated...

PT-2026-33648

A security flaw has been discovered in liangliangyy DjangoBlog up to 2.1.0.0. This affects an unknown function of the file djangoblog/settings.py of the component Setting Handler. The manipulation of the argument SECRET KEY results in hard-coded credentials. The attack can be launched remotely. T...

PT-2026-33641

A vulnerability was determined in liangliangyy DjangoBlog up to 2.1.0.0. The affected element is the function CommandHandler of the file servermanager/api/commonapi.py of the component WeChat Bot Interface. Executing a manipulation of the argument Source can lead to command injection. It is...

PT-2026-37213

Name of the Vulnerable Software and Affected Versions D-Link DI-8100 version 16.07.26A1 Description A buffer overflow can be triggered remotely in the HTTP Handler component. The issue exists within the sprintf function of the '/auto reboot.asp' endpoint, where manipulation of the enable/time...

PT-2026-37048

Name of the Vulnerable Software and Affected Versions D-Link DI-8100 version 16.07.26A1 Description A buffer overflow can be triggered remotely via the POST Parameter Handler component. The issue exists within the url rule asp function of the '/url rule.asp' endpoint. Recommendations At the momen...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the GitHub OAuth callback handler when the refreshInterval query parameter is embedded verbatim into an error message and rendered unescaped into HTML. An attacker can execute arbitrary JavaScript in the...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the GitHub OAuth callback handler when the refreshInterval query parameter is embedded verbatim into an error message and rendered unescaped into HTML. An attacker can execute arbitrary JavaScript in the...

CVE-2026-40304

zrok is software for sharing web services, files, and network resources. Prior to version 2.0.1, the unaccess handler controller/unaccess.go contains a logical error in its ownership guard: when a frontend record has environmentid = NULL the marker for admin-created global frontends, the conditio...