CVE-2026-26057 Skill Scanner Unsecured Network Binding Vulnerability

Skill Scanner is a security scanner for AI Agent Skills that detects prompt injection, data exfiltration, and malicious code patterns. A vulnerability in the API Server of Skill Scanner could allow a unauthenticated, remote attacker to interact with the server API and either trigger a denial of...

CVE-2026-26057

The CVE-2026-26057 entry is complemented by a concrete advisory for Skill-scanner (Skill-scanner API Server). Affected: Skill-scanner 1.0.1 and earlier when API Server is enabled. Root cause: erroneous binding to multiple interfaces. Impact: unauthenticated remote attacker can trigger DoS via res...

CVE-2026-26057 Skill Scanner Unsecured Network Binding Vulnerability

Skill Scanner is a security scanner for AI Agent Skills that detects prompt injection, data exfiltration, and malicious code patterns. A vulnerability in the API Server of Skill Scanner could allow a unauthenticated, remote attacker to interact with the server API and either trigger a denial of...

CVE-2026-26057 Skill Scanner Unsecured Network Binding Vulnerability

Skill Scanner is a security scanner for AI Agent Skills that detects prompt injection, data exfiltration, and malicious code patterns. A vulnerability in the API Server of Skill Scanner could allow a unauthenticated, remote attacker to interact with the server API and either trigger a denial of...

web-vuln-scanner

web-vuln-scanner A Python-based web vulnerabili...

Python Safe TAR Scanner

This Python tool provides a scanner for TAR archives, designed to detect unsafe or malicious entries before extraction...

Skill Scanner 安全漏洞

Skill Scanner is an open-source security scanner developed by Cisco AI Defense. Versions of Skill Scanner 1.0.1 and earlier contain security vulnerabilities. These vulnerabilities stem from incorrect binding of the API server to multiple interfaces, which may lead to denial-of-service attacks or...

github.com/sirupsen/logrus: github.com/sirupsen/logrus: Denial-of-Service due to large single-line payload

A denial-of-service vulnerability in github.com/sirupsen/logrus occurs when Entry.Writer processes a single-line payload larger than 64KB with no newline characters. Due to a limitation in Go’s internal bufio.Scanner, the read operation fails with a “token too long” error, causing the underlying...

Incomplete List of Disallowed Inputs

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs via the scanpytorch function. An attacker can execute arbitrary code by crafting a malicious payload that...

github.com/sirupsen/logrus: github.com/sirupsen/logrus: Denial-of-Service due to large single-line payload

A denial-of-service vulnerability in github.com/sirupsen/logrus occurs when Entry.Writer processes a single-line payload larger than 64KB with no newline characters. Due to a limitation in Go’s internal bufio.Scanner, the read operation fails with a “token too long” error, causing the underlying...

SUSE CVE-2025-67860

A vulnerability has been identified in the NeuVector scanner where the scanner process accepts registry and controller credentials as command-line arguments, potentially exposing sensitive credentials to local users...

📄 Samsung QuramDNG Type Confusion Detector Vulnerability Scanner

This C++ scanner analyzes DNG Digital Negative files for the CVE-2025-58478 type confusion vulnerability in the libimagecodec.quram.so library used on Samsung devices...

📄 Ruckus Unleashed 200.13.6.1.319 XSS Scanner

This is a testing script to validate whether or not a Ruckus Unleashed system is vulnerable to the cross site scripting vulnerability in version 200.13.6.1.319...

mailcow: Dockerized Host Header Password Reset Poisoning Scanner

This Metasploit module adds a scanner for a Host header poisoning vulnerability in mailcow:dockerized versions prior to 2025-01a. The vulnerability occurs because the application improperly trusts the HTTP Host header when generating password reset links. By supplying a crafted Host header during...

📄 Samsung Malformed DNG ColorMatrix2 Out-Of-Bounds Read

A memory safety vulnerability was identified in Samsung’s image decoding library libimagecodec.quram.so, affecting the handling of DNG Digital Negative image files. The issue stems from improper bounds validation when parsing the ColorMatrix2 0xC622 tag within DNG metadata. By supplying a crafted...

Server-side Request Forgery (SSRF)

Overview cisco-ai-skill-scanner is a Security scanner for Agent Skills packages - Detects prompt injection, data exfiltration, and malicious code Affected versions of this package are vulnerable to Server-side Request Forgery SSRF due to its APIs binding to 0.0.0.0. If the API server is enabled, ...

GHSA-PPFX-73J5-FHXC Skill-scanner Unsecured Network Binding Vulnerability

Description: A vulnerability in the API Server of Skill Scanner could allow a unauthenticated, remote attacker to interact with the server API and either trigger a denial of service DoS condition or upload arbitrary files. This vulnerability is due to an erroneous binding to multiple interfaces. ...

Skill-scanner Unsecured Network Binding Vulnerability

Description: A vulnerability in the API Server of Skill Scanner could allow a unauthenticated, remote attacker to interact with the server API and either trigger a denial of service DoS condition or upload arbitrary files. This vulnerability is due to an erroneous binding to multiple interfaces. ...

Insufficiently Protected Credentials

Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials via handling passwords as command arguments. An attacker can obtain sensitive information by accessing process arguments through system interfaces. Remediation Upgrade github.com/neuvector/scanner to...

GO-2026-4490 NeuVector scanner insecurely handles passwords as command arguments in github.com/neuvector/scanner

NeuVector scanner insecurely handles passwords as command arguments in github.com/neuvector/scanner. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...