EUVD-2025-210298

GitHub Copilot 1.372.0 allows filesystem access outside of a workspace folder without user approval via a file-handler URI parameter to fetchwebpage. Therefore, exfiltration could occur if there is indirect prompt injection...

PT-2026-51293

Name of the Vulnerable Software and Affected Versions MISP affected versions not specified Description Multiple core controllers and model capture paths accept client-controlled request fields, including primary keys id and ownership or scope foreign keys such as event id, org id, user id, sharin...

PT-2026-51375

Name of the Vulnerable Software and Affected Versions Dell Wyse Management Suite WMS versions prior to 2605 Description An improper neutralization of special elements used in an SQL command, known as SQL Injection, allows a low privileged attacker with remote access to potentially gain unauthoriz...

PT-2026-51283

Name of the Vulnerable Software and Affected Versions Apache NiFi versions 1.2.0 through 2.9.0 Description Improper escaping of database table names in the CaptureChangeMySQL Processor allows for the injection of SQL commands through crafted naming. This issue affects installations utilizing the...

CVE-2026-12822 langflow-ai langflow Bundle URL Loader code injection

A vulnerability was identified in langflow-ai langflow up to 1.9.3. This affects an unknown function of the component Bundle URL Loader. The manipulation leads to code injection. The attack needs to be performed locally. The vendor was contacted early about this disclosure but did not respond in...

CVE-2026-12822

Langflow AI (langflow) up to v1.9.3 is affected by CVE-2026-12822 due to a vulnerability in the Bundle URL Loader component leading to local code injection. The attack requires local access; the exact vulnerable function is unspecified. Vendor did not respond to disclosure. CVSS data indicate a M...

CVE-2026-12822

A vulnerability was identified in langflow-ai langflow up to 1.9.3. This affects an unknown function of the component Bundle URL Loader. The manipulation leads to code injection. The attack needs to be performed locally. The vendor was contacted early about this disclosure but did not respond in...

CVE-2026-12814

A flaw has been found in Comfast CF-WR631AX V3 up to 2.7.0.8. This issue affects the function system of the file /cgi-bin/mbox-config?section=pingconfig of the component API Endpoint. This manipulation of the argument destination causes os command injection. The attack is possible to be carried o...

CVE-2026-12812

A security vulnerability has been detected in Radware Cyber Controller up to 10.11.0. This affects an unknown part of the component HTML Report Generation. The manipulation leads to HTML injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be...

CVE-2026-12815

A vulnerability has been found in coollabsio coolify 4.0.0. Impacted is an unknown function of the component Image Name Handler. Such manipulation leads to os command injection. The attack may be performed from remote. The vendor was contacted early about this disclosure but did not respond in an...

CVE-2026-12815

CVE-2026-12815 affects coollabsio coolify 4.0.0, specifically the Image Name Handler component. The vulnerability is an os command injection caused by manipulation in the image name processing, with a remote attack vector and low-privilege conditions. The CVSS metrics indicate network access, low...

CVE-2026-12815 coollabsio coolify Image Name os command injection

A vulnerability has been found in coollabsio coolify 4.0.0. Impacted is an unknown function of the component Image Name Handler. Such manipulation leads to os command injection. The attack may be performed from remote. The vendor was contacted early about this disclosure but did not respond in an...

CVE-2026-12814

A flaw has been found in Comfast CF-WR631AX V3 up to 2.7.0.8. This issue affects the function system of the file /cgi-bin/mbox-config?section=pingconfig of the component API Endpoint. This manipulation of the argument destination causes os command injection. The attack is possible to be carried o...

CVE-2026-12814 Comfast CF-WR631AX V3 API Endpoint mbox-config system os command injection

A flaw has been found in Comfast CF-WR631AX V3 up to 2.7.0.8. This issue affects the function system of the file /cgi-bin/mbox-config?section=pingconfig of the component API Endpoint. This manipulation of the argument destination causes os command injection. The attack is possible to be carried o...

CVE-2026-12814

CVE-2026-12814 affects Comfast CF-WR631AX V3 up to version 2.7.0.8. The vulnerability is located in the API Endpoint component, specifically the file path /cgi-bin/mbox-config?section=ping_config, where manipulation of the destination argument leads to an OS command injection. The issue can be ex...

CVE-2026-12810

A security flaw has been discovered in Edimax BR-6478AC V2 1.23. Affected by this vulnerability is the function mp of the file /goform/mp of the component POST Request Handler. Performing a manipulation of the argument command results in command injection. The attack may be initiated remotely. Th...

CVE-2026-12809

A vulnerability was identified in Edimax BR-6478AC V2 1.23. Affected is the function wiz5in1redirect of the file /goform/wiz5in1redirect of the component POST Request Handler. Such manipulation of the argument newpass leads to command injection. The attack can be launched remotely. The exploit is...

CVE-2026-12812

Radware Cyber Controller (up to 10.11.0) is affected in the HTML Report Generation component, with HTML injection due to the underlying issue. The vulnerability allows remote exploitation, and the exploit has been publicly disclosed. No remediation details are provided in the documents. Affected ...

CVE-2026-12812 Radware Cyber Controller HTML Report Generation HTML injection

A security vulnerability has been detected in Radware Cyber Controller up to 10.11.0. This affects an unknown part of the component HTML Report Generation. The manipulation leads to HTML injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be...

CVE-2026-12810 Edimax BR-6478AC V2 POST Request mp command injection

A security flaw has been discovered in Edimax BR-6478AC V2 1.23. Affected by this vulnerability is the function mp of the file /goform/mp of the component POST Request Handler. Performing a manipulation of the argument command results in command injection. The attack may be initiated remotely. Th...