771 matches found
Measuring AI Security: Separating Signal from Panic
The conversation around AI security is full of anxiety. Every week, new headlines warn of jailbreaks, prompt injection, agents gone rogue, and the rise of LLM-enabled cybercrime. It’s easy to come away with the impression that AI is fundamentally uncontrollable and dangerous, and therefore...
CVE-2026-21228 Azure Local Remote Code Execution Vulnerability
...
CVE-2026-21228
CVE-2026-21228 affects Azure Local and is due to improper certificate validation. The TALOS update describes an attacker intercepting unsecured communication between the configurator and target systems, tampering responses to trigger command injection with administrative privileges and potentiall...
Windows Hyper-V Remote Code Execution Vulnerability
Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally...
Out-of-Bounds
Overview Affected versions of this package are vulnerable to Out-of-Bounds via the apriltagdetectordetect function. An attacker can cause memory corruption by providing crafted input to this function during local execution. Remediation A fix was pushed into the master branch but not yet published...
CVE-2026-25593
CVE-2026-25593 affects OpenClaw (personal AI assistant). Before 2026.1.20, an unauthenticated local client could use the Gateway WebSocket API to write config via config.apply and set unsafe cliPath values, which were later used for command discovery and allowed command injection as the gateway u...
CVE-2019-25293
CVE-2019-25293 affects BlueStacks App Player 2.4.44.62.57. The issue is an unquoted service path in the BstHdLogRotatorSvc service, allowing a local attacker to replace the unquoted path (C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe) with a malicious executable to achieve arbitrary ...
CVE-2026-20987
Improper input validation in GalaxyDiagnostics prior to version 3.5.050 allows local privileged attackers to execute privileged commands...
TexasSoft CyberPlanet 代码问题漏洞
TexasSoft CyberPlanet is an internet cafe billing and client management software developed by the Indian company TexasSoft. Version 6.4.131 of TexasSoft CyberPlanet contains a code vulnerability. This vulnerability stems from a service path in the CCSrvProxy service that lacks quotes, which may...
EUVD-2026-5362
OpenClaw is a personal AI assistant. Prior to version 2026.1.29, there is an OS command injection vulnerability via the Project Root Path in sshNodeCommand. The sshNodeCommand function constructed a shell script without properly escaping the user-supplied project path in an error message. When th...
Exploit for CVE-2026-25130
CVE-2026-25130 – Cybersecurity AI CAI Framework Argument Inj...
PT-2026-5851
Adaware Web Companion 4.9.2159 contains an unquoted service path vulnerability in the WCAssistantService that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with LocalSystem privileges...
GHSA-Q284-4PVR-M585 OpenClaw/Clawdbot has OS Command Injection via Project Root Path in sshNodeCommand
Two related vulnerabilities existed in the macOS application's SSH remote connection handling CommandResolver.swift: Details The sshNodeCommand function constructed a shell script without properly escaping the user-supplied project path in an error message. When the cd command failed, the unescap...
CVE-2020-37048
Iskysoft Application Framework Service 2.4.3.241 is affected by an unquoted service path vulnerability (IsAppService). The vulnerability arises from an unquoted service executable path in the service configuration, enabling local attackers to insert a malicious executable that runs with the servi...
SUSE CVE-2025-15536
A weakness has been identified in BYVoid OpenCC up to 1.1.9. This vulnerability affects the function opencc::MaxMatchSegmentation of the file src/MaxMatchSegmentation.cpp. This manipulation causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been made...
MiracleLinux 7 : okular-4.10.5-9.el7 (AXSA:2020-696:02)
The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2020-696:02 advisory. okular: local binary execution via specially crafted PDF files CVE-2020-9359 Tenable has extracted the preceding description block directly from the...
Linux Distros Unpatched Vulnerability : CVE-2025-15536
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A weakness has been identified in BYVoid OpenCC up to 1.1.9. This vulnerability affects the function opencc::MaxMatchSegmentation of the file...
Open Chinese Convert has Out-of-bounds Write
A weakness has been identified in BYVoid OpenCC up to 1.1.9. This vulnerability affects the function opencc::MaxMatchSegmentation of the file src/MaxMatchSegmentation.cpp. This manipulation causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been made...
GHSA-5PR6-CRVP-2J9F Open Chinese Convert has Out-of-bounds Write
A weakness has been identified in BYVoid OpenCC up to 1.1.9. This vulnerability affects the function opencc::MaxMatchSegmentation of the file src/MaxMatchSegmentation.cpp. This manipulation causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been made...
CVE-2025-15536
A weakness has been identified in BYVoid OpenCC up to 1.1.9. This vulnerability affects the function opencc::MaxMatchSegmentation of the file src/MaxMatchSegmentation.cpp. This manipulation causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been made...