16070 matches found
EUVD-2026-21974
An improper resource deallocation and closure vulnerability in the tools/zmqsend.c component of FFmpeg v8.0.1 allows attackers to cause a Denial of Service DoS via supplying a crafted input file...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the SW-URL header in the MCP server. An attacker can access internal resources and potentially exfiltrate sensitive information by sending crafted requests that are processed by the server. Remediati...
Malicious Package
Overview @kucoin-gbiz-next/tools is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...
Malicious code in @kucoin-gbiz-next/tools (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 74b28e2536b0d59d01e913269776e3bd933f0bce2477136d28b923d2b5222d54 The package @kucoin-gbiz-next/tools was found to contain malicious code. Source: ghsa-malware...
MAL-2026-2587 Malicious code in @kucoin-gbiz-next/tools (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 74b28e2536b0d59d01e913269776e3bd933f0bce2477136d28b923d2b5222d54 The package @kucoin-gbiz-next/tools was found to contain malicious code. Source: ghsa-malware...
UBUNTU-CVE-2026-30998
An improper resource deallocation and closure vulnerability in the tools/zmqsend.c component of FFmpeg v8.0.1 allows attackers to cause a Denial of Service DoS via supplying a crafted input file...
RHEL 8 : go-toolset:rhel8 (RHSA-2026:7879)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:7879 advisory. Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: cmd/go: cmd/go:...
The Best Vulnerability Scanning Tools for 2026: A Complete Guide
Your vulnerability scanner found 14,000 issues last quarter. Your team patched 800. The other 13,200 are sitting in a spreadsheet that nobody opens anymore. This is the reality for most security teams. The scanner works. It finds vulnerabilities. But without context, prioritization, or a clear pa...
Machine Learning-Based Detection of MCP Attacks
The Model Context Protocol MCP is a new and emerging technology that extends the functionality of large language models, improving workflows but also exposing users to a new attack surface. Several studies have highlighted related security flaws, but MCP attack detection remains underexplored. To...
CVE-2026-32288 vulnerabilities
Vulnerabilities for packages: redpanda, nuclei, mattermost, gitness, ingress-nginx-controller, helm-mapkubeapis, splunk-otel-collector, malcontent, hubble, podman, aws-flb-firehose, terraform, cosign, ko, nats, gitlab-kas, crane, neuvector-scanner, pulumi-language-yaml, act, gatekeeper, coredns,...
GHSA-M4PR-4J3G-9V7V vulnerabilities
Vulnerabilities for packages: k8ssandra-operator, gostatsd, mongodb-kubernetes-operator, secrets-store-csi-driver-provider-azure, gitness, helm-mapkubeapis, aws-privateca-issuer, oauth2-proxy, terraform-provider-time, nri-rabbitmq, otel-cli, cosign, custom-pod-autoscaler-operator,...
GHSA-5W89-2C2X-6X66 vulnerabilities
Vulnerabilities for packages: k8ssandra-operator, gostatsd, mongodb-kubernetes-operator, secrets-store-csi-driver-provider-azure, gitness, helm-mapkubeapis, aws-privateca-issuer, oauth2-proxy, terraform-provider-time, go-jsonnet, nri-rabbitmq, otel-cli, cfssl, overmind, cosign,...
GHSA-GJVH-7JH8-7XHM vulnerabilities
Vulnerabilities for packages: k8ssandra-operator, gostatsd, mongodb-kubernetes-operator, secrets-store-csi-driver-provider-azure, gitness, helm-mapkubeapis, aws-privateca-issuer, oauth2-proxy, terraform-provider-time, nri-rabbitmq, otel-cli, cosign, custom-pod-autoscaler-operator,...
CVE-2026-27140 vulnerabilities
Vulnerabilities for packages: crossplane-provider-azure-managedidentity, custom-pod-autoscaler-fips, ingress-nginx-controller, crossplane-provider-aws-sqs-fips, rabbitmq-messaging-topology-operator, goose, git-lfs, pvc-autoresizer, newrelic-nri-statsd, gitaly, thanos-receive-controller-fips,...
Low: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: sqlite: lemon-3.52.0-1.1.hum1 aarch64, x8664 sqlite-3.52.0-1.1.hum1 aarch64, x8664 sqlite-analyzer-3.52.0-1.1.hum1 aarch64, x8664 sqlite-debug-3.52.0-1.1.hum1 aarch64, x8664...
Low: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: libtasn1: libtasn1-4.21.0-1.1.hum1 aarch64, x8664 libtasn1-devel-4.21.0-1.1.hum1 aarch64, x8664 libtasn1-tools-4.21.0-1.1.hum1 aarch64, x8664 libtasn1-4.21.0-1.1.hum1.src src...
PraisonAI Vulnerable to RCE via Automatic tools.py Import
PraisonAI automatically imports ./tools.py from the current working directory when launching certain components. This includes call.py, toolresolver.py, and CLI tool-loading paths. A malicious tools.py placed in the process working directory is executed immediately, allowing arbitrary Python code...
GHSA-G985-WJH9-QXXC PraisonAI Vulnerable to RCE via Automatic tools.py Import
PraisonAI automatically imports ./tools.py from the current working directory when launching certain components. This includes call.py, toolresolver.py, and CLI tool-loading paths. A malicious tools.py placed in the process working directory is executed immediately, allowing arbitrary Python code...
EUVD-2026-21508
PraisonAI Vulnerable to Implicit Execution of Arbitrary Code via Automatic tools.py Loading...
PraisonAI Vulnerable to Implicit Execution of Arbitrary Code via Automatic `tools.py` Loading
PraisonAI automatically loads a file named tools.py from the current working directory to discover and register custom agent tools. This loading process uses importlib.util.specfromfilelocation and immediately executes module-level code via spec.loader.execmodule without explicit user consent,...