Lucene search
K

652 matches found

Cvelist
Cvelist
added 2026/04/03 8:27 p.m.22 views

CVE-2026-22664 prompts.chat SSRF via Fal.ai Media Status Polling

prompts.chat prior to commit 30a8f04 contains a server-side request forgery vulnerability in the Fal.ai media status polling feature that allows authenticated users to perform arbitrary outbound requests by supplying attacker-controlled URLs in the token parameter. Attackers can exploit the lack ...

7.7CVSS0.00301EPSS
Exploits1References3
CVE
CVE
added 2026/04/03 8:27 p.m.27 views

CVE-2026-22664

The CVE-2026-22664 issue affects prompts.chat with an SSRF in Fal.ai media status polling prior to commit 30a8f04. Authenticated users can supply attacker-controlled URLs in the token parameter to trigger arbitrary outbound requests, potentially exposing the FAL_API_KEY in the Authorization heade...

7.7CVSS5.3AI score0.00301EPSS
Exploits1References3Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/03 7:5 p.m.7 views

Malicious code in strapi-plugin-nordica-recon (npm)

strapi-plugin-nordica-recon is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/03 7:4 p.m.8 views

Malicious code in strapi-plugin-nordica-tools (npm)

strapi-plugin-nordica-tools is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network...

6AI score
Exploits0References2
EUVD
EUVD
added 2026/04/03 6:31 p.m.4 views

EUVD-2026-18746

In the Linux kernel, the following vulnerability has been resolved: iouring/poll: fix multishot recv missing EOF on wakeup race When a socket send and shutdown happen back-to-back, both fire wake-ups before the receiver's taskwork has a chance to run. The first wake gets poll ownership pollrefs=1...

5.8AI score0.00022EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/03 12:0 a.m.9 views

PT-2026-30228

prompts.chat prior to commit 30a8f04 contains a server-side request forgery vulnerability in Fal.ai media status polling that allows authenticated users to perform arbitrary outbound requests by supplying attacker-controlled URLs in the token parameter. Attackers can exploit the lack of URL...

7.7CVSS6AI score0.00301EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/04/03 12:0 a.m.11 views

prompts.chat 代码问题漏洞

prompts.chat is an open-source AI prompt library developed by Fatih Kadir Akın. Versions of prompts.chat prior to 30a8f04 contained code vulnerabilities; these vulnerabilities stemmed from a lack of URL validation during Fal.ai’s media status polling, which could lead to server-side request...

7.7CVSS5.9AI score0.00301EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/04/03 12:0 a.m.9 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from multiple polling processes with competing conditions, potentially leading to the loss of EOF even...

5.8AI score0.00022EPSS
Exploits0References3
CVE
CVE
added 2026/03/27 7:43 p.m.17 views

CVE-2026-33654

Summary of CVE-2026-33654 : nanobot (personal AI assistant) contains an indirect prompt injection vulnerability in the email channel processing module (nanobot/channels/email.py) prior to version 0.1.6. An unauthenticated remote attacker can send a malicious email to the bot’s monitored address, ...

9.8CVSS6.1AI score0.00489EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/27 7:43 p.m.2 views

CVE-2026-33654 Zero-Click Indirect Prompt Injection and Authentication Bypass via Email Polling

nanobot is a personal AI assistant. Prior to version 0.1.6, an indirect prompt injection vulnerability exists in the email channel processing module nanobot/channels/email.py, allowing a remote, unauthenticated attacker to execute arbitrary LLM instructions and subsequently, system tools without...

9.3CVSS6.1AI score0.00489EPSS
Exploits1References1
OSV
OSV
added 2026/03/27 7:43 p.m.3 views

CVE-2026-33654 Zero-Click Indirect Prompt Injection and Authentication Bypass via Email Polling

nanobot is a personal AI assistant. Prior to version 0.1.6, an indirect prompt injection vulnerability exists in the email channel processing module nanobot/channels/email.py, allowing a remote, unauthenticated attacker to execute arbitrary LLM instructions and subsequently, system tools without...

9.3CVSS6.1AI score0.00489EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/03/19 12:27 a.m.7 views

SUSE CVE-2026-23253

In the Linux kernel, the following vulnerability has been resolved: media: dvb-core: fix wrong reinitialization of ringbuffer on reopen dvbdvropen calls dvbringbufferinit when a new reader opens the DVR device. dvbringbufferinit calls initwaitqueuehead, which reinitializes the waitqueue list head...

5.5CVSS5.8AI score0.00129EPSS
Exploits0References16
Tenable Nessus
Tenable Nessus
added 2026/03/04 12:0 a.m.4 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005430)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005430 advisory. In the Linux kernel, the following vulnerability has been resolved: cachefiles: add missing lock protection when polling Add missing lock protection in poll routine...

5.5CVSS6.7AI score0.00165EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/03/04 12:0 a.m.5 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005498)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005498 advisory. In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: disable napi on driver removal A warning on driver removal started occurring after...

5.5CVSS6.7AI score0.00167EPSS
Exploits0References4
F5 Networks
F5 Networks
added 2026/02/03 7:48 p.m.12 views

K000159873: Linux kernel vulnerability CVE-2025-39881

Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: kernfs: Fix UAF in polling when open file is released A use-after-free UAF vulnerability was identified in the PSI Pressure Stall Information monitoring mechanism: BUG: KASAN: slab-use-after-free in...

7.8CVSS5.2AI score0.0014EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.6 views

MiracleLinux 7 : 389-ds-base-1.3.6.1-26.el7 (AXSA:2018-2535:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2018-2535:01 advisory. A stack buffer overflow flaw was found in the way 389-ds-base handled certain LDAP search filters. A remote, unauthenticated attacker could potentially use...

7.5CVSS7.4AI score0.04093EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/02 6:37 p.m.5 views

CVE-2025-68620

Signal K Server is a server application that runs on a central hub in a boat. Versions prior to 2.19.0 expose two features that can be chained together to steal JWT authentication tokens without any prior authentication. The attack combines WebSocket-based request enumeration with unauthenticated...

9.1CVSS7.2AI score0.00492EPSS
Exploits1References1
EUVD
EUVD
added 2026/01/02 3:28 p.m.4 views

EUVD-2025-206136

Signal K Server vulnerable to JWT Token Theft via WebSocket Enumeration and Unauthenticated Polling...

9.1CVSS6.4AI score0.00492EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/01/02 3:28 p.m.7 views

Signal K Server vulnerable to JWT Token Theft via WebSocket Enumeration and Unauthenticated Polling

SignalK Server exposes two features that can be chained together to steal JWT authentication tokens without any prior authentication. The attack combines WebSocket-based request enumeration with unauthenticated polling of access request status. Unauthenticated WebSocket Request Enumeration: When ...

9.1CVSS6.9AI score0.00492EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/01/02 3:28 p.m.3 views

GHSA-FQ56-HVG6-WVM5 Signal K Server vulnerable to JWT Token Theft via WebSocket Enumeration and Unauthenticated Polling

SignalK Server exposes two features that can be chained together to steal JWT authentication tokens without any prior authentication. The attack combines WebSocket-based request enumeration with unauthenticated polling of access request status. Unauthenticated WebSocket Request Enumeration: When ...

9.1CVSS6.9AI score0.00492EPSS
Exploits1References5
Rows per page
Query Builder