CVE-2026-40024

The Sleuth Kit through 4.14.0 contains a path traversal vulnerability in tskrecover that allows an attacker to write files to arbitrary locations outside the intended recovery directory via crafted filenames or directory paths with path traversal sequences in a filesystem image. An attacker can...

EUVD-2024-33808

The SuevaFree Essential Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'counter' shortcode in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

WordPress WP Directory Kit plugin <= 1.5.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Martín Martín in WordPress Plugin WP Directory Kit versions = 1.5.0...

CVE-2026-39479

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Brainstorm Force OttoKit suretriggers allows Blind SQL Injection.This issue affects OttoKit: from n/a through = 1.1.20...

PT-2026-31462

The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in the APFS filesystem keybag parser where the wrapped key parser class follows attacker-controlled length fields without bounds checking, causing heap reads past the allocated buffer. An attacker can craft a malicious APF...

The Sleuth Kit 缓冲区错误漏洞

The Sleuth Kit TSK is a set of data forensics tools developed by Brian Carrier individually. This tool can analyze file systems such as FAT, NTFS, and UFS, and provide detailed information about those file systems. The Sleuth Kit versions 4.14.0 and earlier contained a buffer error vulnerability...

The Sleuth Kit（TSK） 缓冲区错误漏洞

The Sleuth Kit TSK is a set of data forensics tools developed by Brian Carrier individually. This tool can analyze file systems such as FAT, NTFS, and UFS, and provide detailed information about those file systems. The Sleuth Kit TSK versions 4.14.0 and earlier contained a buffer error...

PT-2026-31461

The Sleuth Kit through 4.14.0 contains a path traversal vulnerability in tsk recover that allows an attacker to write files to arbitrary locations outside the intended recovery directory via crafted filenames or directory paths with path traversal sequences in a filesystem image. An attacker can...

PT-2026-31463

The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in the ISO9660 filesystem parser where the parse susp function trusts len id, len des, and len src fields from the disk image to memcpy data into a stack buffer without verifying that the source data falls within the parse...

The Sleuth Kit（TSK） 路径遍历漏洞

The Sleuth Kit TSK is a set of data forensics tools developed by Brian Carrier individually. This tool can analyze file systems such as FAT, NTFS, and UFS, and provide detailed information about those file systems. The Sleuth Kit TSK versions 4.14.0 and earlier contained a path traversal...

CVE-2026-35020

Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in the command lookup helper and deep-link terminal launcher that allows local attackers to execute arbitrary commands by manipulating the TERMINAL environment variable. Attackers can inject shell...

CVE-2026-35568

The CVE-2026-35568 entry corresponds to a DNS rebinding vulnerability in the MCP Java SDK (official Java SDK for Model Context Protocol servers/clients). Prior to version 1.0.0, the java-sdk did not validate the Origin header, enabling an attacker-controlled webpage on local or adjacent networks ...

EUVD-2026-19954

Java-SDK has a DNS Rebinding Vulnerability...

GHSA-8JXR-PR72-R468 Java-SDK has a DNS Rebinding Vulnerability

Summary The java-sdk contains a DNS rebinding vulnerability. This vulnerability allows an attacker to access a locally or network-private java-sdk MCP server via a victims browser that is either local, or network adjacent. This allows an attacker to make any tool call to the server as if they wer...

Malicious Package

Overview license-utils-kit is a malicious package. This package is the part of North Korea’s Contagious Interview Campaign and contains malicious payload, weaponised to steal credentials, wallets, and enable remote access to affected systems. The package attempts to mimic a legitimate package and...

EUVD-2026-19440

Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in the prompt editor invocation utility that allows attackers to execute arbitrary commands by crafting malicious file paths. Attackers can inject shell metacharacters such as $ or backtick expressions in...

CVE-2026-35020

CVE-2026-35020 entry is rejected/not used by the CNA.

PT-2026-30706

Name of the Vulnerable Software and Affected Versions Anthropic Claude Code CLI and Claude Agent SDK affected versions not specified Description Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection issue in the command lookup helper and deep-link terminal launcher. Local...

Gardyn Home Kit Cloud API和Gardyn Mobile Application 信任管理问题漏洞

Gardyn Home Kit Cloud API and Gardyn Mobile Application are products of the American company Gardyn. Gardyn Home Kit Cloud API is an indoor hydroponic cultivation system. Gardyn Mobile Application is a mobile control application. There are security vulnerabilities in Gardyn Home Kit Cloud API and...

VulnCheck KEV: CVE-2025-13920

The WP Directory Kit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.9 via the wdkpublicaction AJAX handler. This makes it possible for unauthenticated attackers to extract email addresses for users with Directory Kit-specific user...