2324 matches found
CubeCart 代码注入漏洞
CubeCart is an open-source e-commerce software developed by CubeCart. Versions of CubeCart prior to 6.7.0 had a code injection vulnerability. This vulnerability stemmed from insecure server-side template injections in multiple modules. The application evaluated user input directly through the...
SAP Commerce Cloud 安全漏洞
SAP Commerce Cloud is a cloud-based e-commerce platform developed by SAP, a German company. This platform supports sales management, marketing management, order management, and operational management. There is a security vulnerability in SAP Commerce Cloud, which stems from improper configuration...
nnU-Net 安全漏洞
nnU-Net is an automatic adaptation dataset semantic segmentation framework developed by MIC-DKFZ. Versions of nnU-Net prior to 2.4.1 contained a security vulnerability. This vulnerability stemmed from the Issue Triage workflow, which allowed attackers to control content injection into the Claude...
Brave CMS 跨站脚本漏洞
Brave CMS is a blog and news content management system developed by Razvan Zamfir, based on Laravel. Brave CMS has a cross-site scripting vulnerability, which arises from the CKEditor rich text editor storing and rendering input content without escaping, potentially allowing for arbitrary...
Brave CMS 跨站脚本漏洞
Brave CMS is a blog and news content management system developed by Razvan Zamfir, based on Laravel. Brave CMS has a cross-site scripting vulnerability, which stems from the fact that the message text entered in the contact form was not escaped properly, potentially allowing for arbitrary tag...
open-notebook 安全漏洞
Open-Notebook is a privacy-oriented multi-model AI note-taking tool developed by Luis Novo. Version 1.8.3 of Open-Notebook contains a security vulnerability. This vulnerability stems from a lack of input validation, which may allow users to execute Python code and operating system commands on...
Netty 注入漏洞
Netty is a non-blocking I/O client-server framework from the Netty community. It is primarily used for developing Java network applications, such as protocol servers and clients. Versions of Netty prior to 4.2.13.Final and 4.1.133.Final contained an injection vulnerability. This vulnerability...
SecureMCP: A Policy-Enforced LLM Data Access Framework for AIoT Systems Via Model Context Protocol
The deployment of Large Language Model LLM-generated SQL queries in Artificial Intelligence of Things AIoT systems introduces critical security risks, as prompt injection attacks can manipulate LLMs into producing unauthorized queries that expose sensitive data or execute destructive operations...
Gray-Box Poisoning of Continuous Malware Ingestion Pipelines
Modern malware detection pipelines rely on continuous data ingestion and machine learning to counter the high volume of novel threats. This work investigates a realistic gray-box poisoning threat model targeting these pipelines. Using the secmlmalware framework, we generate problem-space...
CVE-2026-42435
OpenClaw versions from 2026.2.22 before 2026.4.12 contain an insufficient shell-wrapper detection vulnerability allowing attackers to inject environment variable assignments at the argv level. Attackers can bypass exec preflight handling to manipulate high-risk shell variables like SHELLOPTS and...
opencms 安全漏洞
OpenCms is a CMS system developed by Fumiao as an individual developer. OpenCms v20 and earlier versions had security vulnerabilities, which stemmed from insecure XML parsing in the Admin Import DB function. The manifest.xml file provided by users in .zip files could lead to XML external entity...
PT-2026-35782
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.2 Description An improper access control issue exists in the iOS A2UI bridge, which incorrectly treats generic local-network pages as trusted origins. This allows attackers to inject unauthorized agent.request...
Beghelli Sicuro24 SicuroWeb 安全漏洞
Beghelli Sicuro24 SicuroWeb is a remote security monitoring and alarm management platform provided by the Italian company Beghelli. There are security vulnerabilities in Beghelli Sicuro24 SicuroWeb. These vulnerabilities stem from the inclusion of AngularJS 1.5.2, which contains known sandbox...
SQLi
SQL Injection: An Elite Bug Bounty Hunter's Field Manual SQL...
FreeScout 安全漏洞
FreeScout is a lightweight and powerful free open-source help desk and shared inbox built using PHP Laravel framework by FreeScout Inc. Versions of FreeScout prior to 1.8.213 contained security vulnerabilities. These vulnerabilities stemmed from the Helper::stripDangerousTags function not removin...
CVE-2026-34424
Smart Slider 3 Pro version 3.5.1.35 for WordPress and Joomla contains a multi-stage remote access toolkit injected through a compromised update system that allows unauthenticated attackers to execute arbitrary code and commands. Attackers can trigger pre-authentication remote shell execution via...
OSGeo MapServer 安全漏洞
OSGeo MapServer is an open-source geospatial data publishing and map rendering service developed by OSGeo. Prior to OSGeo MapServer 8.0, there were security vulnerabilities; these vulnerabilities stemmed from dynamic link library injections, which could allow attackers to execute arbitrary code...
CVE-2026-5208
CVE-2026-5208 affects CoolerControl/coolercontrold prior to version 4.0.0. The issue is OS command injection in alert names, allowing authenticated, local attackers to execute arbitrary code as root. The vulnerability arises from improper handling of alert-name input, enabling injection into a sh...
Red Hat Enterprise Linux 10 代码问题漏洞
Red Hat Enterprise Linux 10 is a Linux operating system designed for enterprise users by the American company Red Hat. Red Hat Enterprise Linux 10 has code-related vulnerabilities, which stem from specially crafted malicious archive files. These vulnerabilities may lead to hidden file injections...
Your Agent Is More Brittle Than You Think: Uncovering Indirect Injection Vulnerabilities in Agentic LLMs
The rapid deployment of open-source frameworks has significantly advanced the development of modern multi-agent systems. However, expanded action spaces, including uncontrolled privilege exposure and hidden inter-system interactions, pose severe security challenges. Specifically, Indirect Prompt...