12755 matches found
PT-2026-50549
Name of the Vulnerable Software and Affected Versions AWS Bedrock AgentCore Python SDK versions 1.1.3 through 1.6.0 Description Improper neutralization of argument delimiters in the install packages method of the Code Interpreter client allows a remote authenticated user to execute arbitrary...
MAL-2026-5931 Malicious code in mci-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1ae26c09350fdf9fb630e382c71dd730583ba1822122d232cde49a259597264f On npm install, mci-sdk runs the postinstall hook node./src/exec.js, which imports mci from src/core/index.js and invokes it at module top level. The...
Malicious code in mci-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1ae26c09350fdf9fb630e382c71dd730583ba1822122d232cde49a259597264f On npm install, mci-sdk runs the postinstall hook node./src/exec.js, which imports mci from src/core/index.js and invokes it at module top level. The...
GHSA-9FR2-P65V-GQXQ Duplicate Advisory: Workspace .env CLOUDSDK_PYTHON could influence Gmail setup gcloud execution
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-fq9j-vw4w-fr6v. This link is maintained to preserve external references. Original Description OpenClaw before 2026.5.2 contains an environment variable injection vulnerability allowing workspace .env files to...
CVE-2026-48776 LangGraph SDK has unsafe URL path construction
LangGraph Python SDK is used to connect to running LangGraph API servers, manage assistants, threads and stream runs from Python applications. Versions 0.3.14 and prior have unsafe URL path construction through unsanitized caller-supplied identifier values used in HTTP request paths for resource...
CVE-2026-48776
CVE-2026-48776 affects LangGraph Python SDK (versions up to 0.3.14) and describes unsafe URL path construction from unsanitized caller-supplied identifiers in HTTP request paths. This can cause requests to target a different resource or resource type, enabling unintended access, modification, or ...
CVE-2026-48776 LangGraph SDK has unsafe URL path construction
LangGraph Python SDK is used to connect to running LangGraph API servers, manage assistants, threads and stream runs from Python applications. Versions 0.3.14 and prior have unsafe URL path construction through unsanitized caller-supplied identifier values used in HTTP request paths for resource...
CVE-2026-47934
DNG SDK versions 1.7.1 2536 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim mus...
CVE-2026-47963
DNG SDK versions 1.7.1 2536 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim mus...
CVE-2026-47927
DNG SDK versions 1.7.1 2536 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim mus...
Google Vertex AI SDK Flaw Let Attackers Hijack Model Uploads via Bucket Squatting
A flaw in the Google Cloud Vertex AI SDK for Python let an attacker with no access to a victim's project hijack the victim's machine learning model upload and run code inside Google's serving infrastructure. Palo Alto Networks Unit 42, which found and reported the bug through Google's bug bounty...
CVE-2026-53842
OpenClaw prior to 2026.5.2 is affected by an environment variable injection in CLOUDSDK_PYTHON that can influence Python runtime selection during Gmail setup gcloud execution. Attackers with repository access can set CLOUDSDK_PYTHON to point to unintended local Python paths, potentially enabling ...
CVE-2026-47963
DNG SDK versions 1.7.1 2536 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim mus...
CVE-2026-47964
Affected software : DNG SDK (version 1.7.1 2536 and earlier). Vulnerability : Heap-based buffer overflow (CWE-122) in the DNG SDK, potentially allowing arbitrary code execution in the context of the current user. Impact : Arbitrary code execution with high impact (confidentiality/ integrity/ avai...
CVE-2026-47927
DNG SDK versions 1.7.1 2536 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim mus...
Security Bulletin: Db2 Query Management Facility is vulnerable to IBM SDK, Java Technology Edition Quarterly CPU - Apr 2026 - Includes Oracle April 2026 CPU
Summary Db2 Query Management Facility is vulnerable to IBM SDK, Java Technology Edition Quarterly CPU - Apr 2026 - Includes Oracle April 2026 CPU plus CVE-2026-22016, CVE-2026-22021, CVE-2026-22013, CVE-2026-22018, CVE-2026-34268, and CVE-2026-22007 Vulnerability Details CVEID:CVE-2026-22016...
Malicious code in hot-validation-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c76065c270ae195ee042c46a6d0ade5737992948d3f3068f367fc6bfef474ce9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-5870 Malicious code in hot-validation-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c76065c270ae195ee042c46a6d0ade5737992948d3f3068f367fc6bfef474ce9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2026-6964
The Video Conferencing with Zoom plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.6.7. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to obtain...
CVE-2026-6964
The CVE-2026-6964 entry covers the WordPress plugin Video Conferencing with Zoom (versions up to 4.6.7). It states an authorization bypass in the get_auth AJAX action, allowing unauthenticated attackers to obtain the site’s Zoom SDK API key and a freshly-signed JWT usable with the Zoom Web SDK to...