652 matches found
CVE-2026-22664 prompts.chat SSRF via Fal.ai Media Status Polling
prompts.chat prior to commit 30a8f04 contains a server-side request forgery vulnerability in the Fal.ai media status polling feature that allows authenticated users to perform arbitrary outbound requests by supplying attacker-controlled URLs in the token parameter. Attackers can exploit the lack ...
CVE-2026-22664
The CVE-2026-22664 issue affects prompts.chat with an SSRF in Fal.ai media status polling prior to commit 30a8f04. Authenticated users can supply attacker-controlled URLs in the token parameter to trigger arbitrary outbound requests, potentially exposing the FAL_API_KEY in the Authorization heade...
Malicious code in strapi-plugin-nordica-recon (npm)
strapi-plugin-nordica-recon is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network...
Malicious code in strapi-plugin-nordica-tools (npm)
strapi-plugin-nordica-tools is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network...
EUVD-2026-18746
In the Linux kernel, the following vulnerability has been resolved: iouring/poll: fix multishot recv missing EOF on wakeup race When a socket send and shutdown happen back-to-back, both fire wake-ups before the receiver's taskwork has a chance to run. The first wake gets poll ownership pollrefs=1...
PT-2026-30228
prompts.chat prior to commit 30a8f04 contains a server-side request forgery vulnerability in Fal.ai media status polling that allows authenticated users to perform arbitrary outbound requests by supplying attacker-controlled URLs in the token parameter. Attackers can exploit the lack of URL...
prompts.chat 代码问题漏洞
prompts.chat is an open-source AI prompt library developed by Fatih Kadir Akın. Versions of prompts.chat prior to 30a8f04 contained code vulnerabilities; these vulnerabilities stemmed from a lack of URL validation during Fal.ai’s media status polling, which could lead to server-side request...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from multiple polling processes with competing conditions, potentially leading to the loss of EOF even...
CVE-2026-33654
Summary of CVE-2026-33654 : nanobot (personal AI assistant) contains an indirect prompt injection vulnerability in the email channel processing module (nanobot/channels/email.py) prior to version 0.1.6. An unauthenticated remote attacker can send a malicious email to the bot’s monitored address, ...
CVE-2026-33654 Zero-Click Indirect Prompt Injection and Authentication Bypass via Email Polling
nanobot is a personal AI assistant. Prior to version 0.1.6, an indirect prompt injection vulnerability exists in the email channel processing module nanobot/channels/email.py, allowing a remote, unauthenticated attacker to execute arbitrary LLM instructions and subsequently, system tools without...
CVE-2026-33654 Zero-Click Indirect Prompt Injection and Authentication Bypass via Email Polling
nanobot is a personal AI assistant. Prior to version 0.1.6, an indirect prompt injection vulnerability exists in the email channel processing module nanobot/channels/email.py, allowing a remote, unauthenticated attacker to execute arbitrary LLM instructions and subsequently, system tools without...
SUSE CVE-2026-23253
In the Linux kernel, the following vulnerability has been resolved: media: dvb-core: fix wrong reinitialization of ringbuffer on reopen dvbdvropen calls dvbringbufferinit when a new reader opens the DVR device. dvbringbufferinit calls initwaitqueuehead, which reinitializes the waitqueue list head...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005430)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005430 advisory. In the Linux kernel, the following vulnerability has been resolved: cachefiles: add missing lock protection when polling Add missing lock protection in poll routine...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005498)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005498 advisory. In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: disable napi on driver removal A warning on driver removal started occurring after...
K000159873: Linux kernel vulnerability CVE-2025-39881
Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: kernfs: Fix UAF in polling when open file is released A use-after-free UAF vulnerability was identified in the PSI Pressure Stall Information monitoring mechanism: BUG: KASAN: slab-use-after-free in...
MiracleLinux 7 : 389-ds-base-1.3.6.1-26.el7 (AXSA:2018-2535:01)
The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2018-2535:01 advisory. A stack buffer overflow flaw was found in the way 389-ds-base handled certain LDAP search filters. A remote, unauthenticated attacker could potentially use...
CVE-2025-68620
Signal K Server is a server application that runs on a central hub in a boat. Versions prior to 2.19.0 expose two features that can be chained together to steal JWT authentication tokens without any prior authentication. The attack combines WebSocket-based request enumeration with unauthenticated...
EUVD-2025-206136
Signal K Server vulnerable to JWT Token Theft via WebSocket Enumeration and Unauthenticated Polling...
Signal K Server vulnerable to JWT Token Theft via WebSocket Enumeration and Unauthenticated Polling
SignalK Server exposes two features that can be chained together to steal JWT authentication tokens without any prior authentication. The attack combines WebSocket-based request enumeration with unauthenticated polling of access request status. Unauthenticated WebSocket Request Enumeration: When ...
GHSA-FQ56-HVG6-WVM5 Signal K Server vulnerable to JWT Token Theft via WebSocket Enumeration and Unauthenticated Polling
SignalK Server exposes two features that can be chained together to steal JWT authentication tokens without any prior authentication. The attack combines WebSocket-based request enumeration with unauthenticated polling of access request status. Unauthenticated WebSocket Request Enumeration: When ...