252502 matches found
Ivanti Endpoint Manager < 2024 SU6 Multiple Vulnerabilities
The version of Ivanti Endpoint Manager running on the remote host is prior to 2024 SU6. It is, therefore, affected by multiple vulnerabilities: - An exposed dangerous method on the Core Server of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to leak access...
PT-2026-41319
MCP Calculate Server is a mathematical calculation service based on MCP protocol and SymPy library. Prior to 0.1.1, the use of eval to evaluate mathematical expressions without proper input sanitization leads to remote code execution. This vulnerability is fixed in 0.1.1...
Exploit for Missing Authentication for Critical Function in Flowiseai Flowise
Silentium — HackTheBox Writeup Platform: HackTheBox...
GHSA-248R-7H7Q-CR24 vm2 Has a Sandbox Breakout Using Async Generator
Summary VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. Details It is possible to catch a host exception using the yield expression inside an async generator. When the...
vm2 Has a Sandbox Breakout Using Async Generator
Summary VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. Details It is possible to catch a host exception using the yield expression inside an async generator. When the...
Apache-Shiro-RememberMe-RCE
No d...
GHSA-72W5-PF8H-XFP4 DeepSeek TUI: task_create Insecure Defaults Enable RCE via Prompt Injection in Project Files
Summary The taskcreate tool spawns durable sub-agents that inherit two insecure defaults: - allowshell defaults to true config.rs:1499: self.allowshell.unwraportrue - autoapprove defaults to true taskmanager.rs:297: autoapprove: Sometrue When a user approves a taskcreate call which requires...
DeepSeek TUI: task_create Insecure Defaults Enable RCE via Prompt Injection in Project Files
Summary The taskcreate tool spawns durable sub-agents that inherit two insecure defaults: - allowshell defaults to true config.rs:1499: self.allowshell.unwraportrue - autoapprove defaults to true taskmanager.rs:297: autoapprove: Sometrue When a user approves a taskcreate call which requires...
NPM: DeepSeek TUI: run_tests Tool Enables RCE via Malicious Repository Without Approval
NPM: DeepSeek TUI: runtests Tool Enables RCE via Malicious Repository Without Approval vulnerability discovered by ? in WordPress Npm deepseek-tui versions = 0.3.0, 0.8.23...
DeepSeek TUI: run_tests Tool Enables RCE via Malicious Repository Without Approval
Summary The runtests tool executes cargo test in the workspace with ApprovalRequirement::Auto, meaning it runs without any user approval prompt. The source code explicitly states this design choice: rust fn approvalrequirement&self - ApprovalRequirement // Tests are encouraged, so avoid gating th...
GHSA-WX44-2Q6H-J6P8 DeepSeek TUI: run_tests Tool Enables RCE via Malicious Repository Without Approval
Summary The runtests tool executes cargo test in the workspace with ApprovalRequirement::Auto, meaning it runs without any user approval prompt. The source code explicitly states this design choice: rust fn approvalrequirement&self - ApprovalRequirement // Tests are encouraged, so avoid gating th...
CVE-2026-8581
Use after free in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-8555
Use after free in GTK in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...
CVE-2026-8558
Out of bounds write in Fonts in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...
CVE-2026-8549
Use after free in Media in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...
CVE-2026-8544
Use after free in Media in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...
CVE-2026-8532
Integer overflow in XML in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...
CVE-2026-8540
Type Confusion in V8 in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...
CVE-2026-8527
Insufficient validation of untrusted input in Downloads in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...
CVE-2026-8524
Out of bounds write in WebAudio in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...