EUVD-2026-33722

Thor Vector Graphics ThorVG is a production-ready vector graphics engine. Prior to version 1.0.5, a null pointer dereference in SvgLoader::run allows any caller that passes untrusted SVG data to Picture::load to crash the process with a 6-byte payload. This issue has been patched in version 1.0.5...

PT-2026-34236

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.1.0 Description A flaw exists in the run method of the CSV Agents class due to improper sandboxing when evaluating Python scripts generated by a Large Language Model LLM. An unauthenticated attacker can use prompt...

Incomplete List of Disallowed Inputs

Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs in the run method of the AirtableAgents class, which evaluates LLM-generated Python scripts in a non-sandboxed environment. An attacker can execute arbitrary code on the...

Incomplete List of Disallowed Inputs

Overview flowise-ui is a Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs in the run method of the AirtableAgents class, which evaluates LLM-generated Python scripts in a non-sandboxed environment. An attacker can execute arbitrary code on the server by...

CVE-2026-27156

NiceGUI is a Python-based UI framework. Prior to version 3.8.0, several NiceGUI APIs that execute methods on client-side elements Element.runmethod, AgGrid.rungridmethod, EChart.runchartmethod, and others use an eval fallback in the JavaScript-side runMethod function. When user-controlled input i...

Cross-site Scripting (XSS)

Overview nicegui is a Create web-based user interfaces with Python. The nice way. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the runmethod function. An attacker can execute arbitrary JavaScript in the victim's browser by supplying crafted input as a method...

CVE-2026-27156

NiceGUI is a Python-based UI framework. Prior to version 3.8.0, several NiceGUI APIs that execute methods on client-side elements Element.runmethod, AgGrid.rungridmethod, EChart.runchartmethod, and others use an eval fallback in the JavaScript-side runMethod function. When user-controlled input i...

CVE-2026-27156 NiceGUI has XSS via Code Injection

NiceGUI is a Python-based UI framework. Prior to version 3.8.0, several NiceGUI APIs that execute methods on client-side elements Element.runmethod, AgGrid.rungridmethod, EChart.runchartmethod, and others use an eval fallback in the JavaScript-side runMethod function. When user-controlled input i...

CVE-2026-27156 NiceGUI has XSS via Code Injection

NiceGUI is a Python-based UI framework. Prior to version 3.8.0, several NiceGUI APIs that execute methods on client-side elements Element.runmethod, AgGrid.rungridmethod, EChart.runchartmethod, and others use an eval fallback in the JavaScript-side runMethod function. When user-controlled input i...

CVE-2026-27156

NiceGUI (Python) before version 3.8.0 is vulnerable to XSS via code injection in client-side runMethod-related APIs (Element.run_method, AgGrid.run_grid_method, EChart.run_chart_method, etc.) due to eval fallback and unsafe string interpolation of method names. The issue allows attacker-controlle...

cve_repo

It is an offensive tool for web exploitation. This repository co...

CVE-2024-8769

A vulnerability in the LockManager.releaselocks function in aimhubio/aim commit bb76afe allows for arbitrary file deletion through relative path traversal. The runhash parameter, which is user-controllable, is concatenated without normalization as part of a path used to specify file deletion. Thi...

OffensiveVBA - Code Execution And AV Evasion Methods For Macros In Office Documents

In preparation for a VBS AV Evasion Stream/Video I was doing some research for Office Macro code execution methods and evasion techniques. The list got longer and longer and I found no central place for offensive VBA templates - so this repo can be used for such. It is very far away from being...

metasploit-framework

This is an exploit module for the Metasploit Framework, a penetration testing tool. The module is designed to target a vulnerability in a specific product or service, but the exact target is not specified in the provided context. The module is likely intended to be used by penetration testers and...

Easewe FTP 4.5.0.9 Insecure Method

Vulnerability ID: HTB23015 Reference: http://www.htbridge.ch/advisory/easeweftpocxactivexcontrolexecuteinsecuremethod.html Product: Easewe FTP OCX ActiveX Control Vendor: Easewe Software http://www.ftpocx.com Vulnerable Version: 4.5.0.9 and probably prior Tested on: 4.5.0.9 Vendor Notification: 0...

Hummingbird Deployment Wizard ActiveX Control Multiple Security Vulnerabilities

This host is installed with Deployment Wizard ActiveX Control and is prone to multiple security vulnerabilities. The multiple flaws are due to error in 'SetRegistryValueAsString', 'Run' and 'PerformUpdateAsync' methods in DeployRun.DeploymentSetup.1 DeployRun.dll ActiveX control. OpenVAS...

CVE-2006-6121

Acer Notebook LunchApp.APlunch ActiveX control allows remote attackers to execute arbitrary commands by calling the Run method...

CVE-2006-6121

Acer Notebook LunchApp.APlunch ActiveX control allows remote attackers to execute arbitrary commands by calling the Run method...