48 matches found
Copilot Chat (Microsoft Edge) Information Disclosure Vulnerability
Improper neutralization of special elements in output used by a downstream component 'injection' in Copilot Chat Microsoft Edge allows an unauthorized attacker to disclose information over a network...
CVE-2026-42838
Improper neutralization of special elements in output used by a downstream component 'injection' in Microsoft Edge Chromium-based allows an unauthorized attacker to elevate privileges over a network...
EUVD-2026-29691
Improper neutralization of special elements in output used by a downstream component 'injection' in GitHub Copilot and Visual Studio allows an unauthorized attacker to bypass a security feature over a network...
PT-2026-40244
Improper neutralization of special elements in output used by a downstream component 'injection' in GitHub Copilot and Visual Studio allows an unauthorized attacker to bypass a security feature over a network...
EUVD-2026-28446
Improper neutralization of special elements in output used by a downstream component 'injection' in M365 Copilot allows an unauthorized attacker to disclose information over a network...
Improper Output Handling
Apache Log4j Core is vulnerable to Improper Output Handling. The vulnerability is due to XmlLayout failing to sanitize characters forbidden by the XML 1.0 specification, allowing log messages or MDC values to produce malformed XML or trigger exceptions during logging, which can lead to dropped or...
CVE-2026-22180
OpenClaw versions prior to 2026.3.2 contain a path-confinement bypass vulnerability in browser output handling that allows writes outside intended root directories. Attackers can exploit insufficient canonical path-boundary validation in file write operations to escape root-bound restrictions and...
CVE-2026-22180
OpenClaw versions prior to 2026.3.2 contain a path-confinement bypass vulnerability in browser output handling that allows writes outside intended root directories. Attackers can exploit insufficient canonical path-boundary validation in file write operations to escape root-bound restrictions and...
EUVD-2026-12726
OpenClaw versions prior to 2026.3.2 contain a path-confinement bypass vulnerability in browser output handling that allows writes outside intended root directories. Attackers can exploit insufficient canonical path-boundary validation in file write operations to escape root-bound restrictions and...
Time-of-check Time-of-use (TOCTOU) Race Condition
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition via improper validation of file paths in browser output handling. An attacker can write files outside of intended directory boundaries by...
Siemens RUGGEDCOM ROX II Improper Neutralization of Special Elements in Output Used By a Downstream Component (CVE-2024-56839)
Code injection can be achieved when the affected device is using VRF Virtual Routing and Forwarding. An attacker could leverage this scenario to execute arbitrary code as root user. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...
CVE-2025-36159
IBM Concert 1.0.0 through 2.0.0 could allow a local user to forge log files to impersonate other users or hide their identity due to improper neutralization of output...
Siemens SIMATIC S7-1500 Improper Neutralization of Special Elements in Output Used by a Downstream Component (CVE-2020-8177)
curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...
Siemens SIMATIC S7-1500 Improper Neutralization of Special Elements in Output Used by a Downstream Component (CVE-2020-26116)
http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request. This plugin...
Siemens SIMATIC S7-1500 Improper Neutralization of Special Elements in Output Used by a Downstream Component (CVE-2019-18348)
An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n specifically in the host component of a URL follow...
EulerOS 2.0 SP12 : kernel (EulerOS-SA-2025-2361)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : tracing: Add downwritetraceeventsem when adding trace eventCVE-2025-38539 tipc: fix null-ptr-deref when acquiring remote ip of ethernet...
EUVD-2024-36532
Malicious code in bioql PyPI...
CVE-2025-52654
HCL MyXalytics v6.6 is affected by an HTML Injection. This issue occurs when untrusted input is included in the output without proper handling, potentially allowing unauthorized content injection and manipulation...
OESA-2025-1618 python-django security update
A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: A vulnerability, which was classified as problematic, was found in Django up to 4.2.21/5.1.9/5.2.1 Content Management System.CWE is classifying the issue as CWE-117. The product does n...
ATAG: AI-Agent Application Threat Assessment with Attack Graphs
Evaluating the security of multi-agent systems MASs powered by large language models LLMs is challenging, primarily because of the systems' complex internal dynamics and the evolving nature of LLM vulnerabilities. Traditional attack graph AG methods often lack the specific capabilities to model...