137 matches found
Backstage 代码问题漏洞
Backstage is an open-source application developed by Backstage. It serves as an open platform for building developer portals. Versions of Backstage prior to 1.14.3 contained code-related vulnerabilities. These vulnerabilities stemmed from defects in the configuration allowlist, which could allow...
EUVD-2026-8882
Unitree Go2 firmware versions 1.1.7 through 1.1.11, when used with the Unitree Go2 Android application com.unitree.doggo2, are vulnerable to remote code execution due to missing integrity protection and validation of user-created programmes. The Android application stores programs in a local SQLi...
CVE-2026-27510
CVE-2026-27510 affects Unitree Go2 firmware 1.1.7–1.1.11 with the Go2 Android app (com.unitree.doggo2). The issue is remote code execution due to missing integrity protection and validation of user-created programs. The Android app stores programs in a local SQLite database (unitree_go2.db, table...
Remote Code Execution (RCE)
agpt Platform is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper validation in block execution endpoints that allow execution of disabled blocks by UUID without checking the disabled flag, which allows an authenticated attacker to execute the BlockInstallationBlock,...
CVE-2026-26216
Crawl4AI versions prior to 0.8.0 contain a remote code execution vulnerability in the Docker API deployment. The /crawl endpoint accepts a hooks parameter containing Python code that is executed using exec. The import builtin was included in the allowed builtins, allowing unauthenticated remote...
CVE-2026-25153 @backstage/plugin-techdocs-node vulnerable to arbitrary code execution via MkDocs hooks
Backstage is an open framework for building developer portals, and @backstage/plugin-techdocs-node provides common node.js functionalities for TechDocs. In versions of @backstage/plugin-techdocs-node prior to 1.13.11 and 1.14.1, when TechDocs is configured with runIn: local, a malicious actor who...
CVE-2026-0766
Open WebUI loadtoolmodulebyid Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open WebUI. Authentication is required to exploit this vulnerability. The specific flaw exists within the...
CVE-2026-0768
Langflow code Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the code...
CVE-2026-0769 Langflow eval_custom_component_code Eval Injection Remote Code Execution Vulnerability
Langflow evalcustomcomponentcode Eval Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...
CVE-2026-0769
Langflow evalcustomcomponentcode Eval Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...
CVE-2026-0768 Langflow code Code Injection Remote Code Execution Vulnerability
Langflow code Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Langflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the code...
CVE-2026-0766 Open WebUI load_tool_module_by_id Command Injection Remote Code Execution Vulnerability
Open WebUI loadtoolmodulebyid Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open WebUI. Authentication is required to exploit this vulnerability. The specific flaw exists within the...
CVE-2026-0766 Open WebUI load_tool_module_by_id Command Injection Remote Code Execution Vulnerability
Open WebUI loadtoolmodulebyid Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open WebUI. Authentication is required to exploit this vulnerability. The specific flaw exists within the...
PT-2026-3396
Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.14 n8n versions prior to 2.3.5 n8n versions prior to 2.4.2 Description An issue exists in n8n that allows an attacker to bypass the python-task-executor sandbox restrictions. This bypass is achieved through the use ...
Security Bulletin: Vulnerability in Jinja2 affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2024-56326, CVE-2024-56201]
Summary The Jinja2 package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVEs CVE-2024-56326, CVE-2024-56201 Vulnerability Details CVEID:CVE-2024-56326 DESCRIPTION: Jinja is an extensible templating engine. Prior to 3.1.5, An oversig...
EUVD-2020-2744
Malware in sbrugna...
EUVD-2017-2447
Malware in sbrugna...
EUVD-2005-2484
Malware in sbrugna...
EUVD-2007-1250
Malware in sbrugna...
EUVD-2014-0047
Malware in sbrugna...