Lucene search
+L

130 matches found

ATTACKERKB
ATTACKERKB
added 2026/07/06 2:26 p.m.4 views

CVE-2026-59152

LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to 0.8.18, an attacker who can send an HTTP request to a server running the LangSmith SDK's TracingMiddleware can cause that server to read an arbitrary file from its local filesystem and upload the contents to...

5CVSS6AI score0.00174EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/30 6:17 p.m.5 views

GHSA-CVW6-GFVV-953Q Fission: Cross-namespace Environment reference via unvalidated EnvironmentRef in Function admission webhook

Summary The Fission Function admission webhook pkg/webhook/function.go validated that spec.secrets.namespace and spec.configmaps.namespace equalled the function's own namespace but performed no equivalent check on spec.environment.namespace. Details An attacker with permission to create Functions...

8.5CVSS5.8AI score0.00223EPSS
Exploits0References6
NVD
NVD
added 2026/06/24 6:17 p.m.8 views

CVE-2026-48725

Warp is an agentic development environment. From 0.2021.04.25.23.05.stable00 until 0.2026.05.06.15.42.stable01, Warp allows terminal output to request access to the local system clipboard. A malicious remote host, remote program, or other attacker-controlled terminal output source can trigger...

8.1CVSS0.00213EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/24 5:22 p.m.14 views

CVE-2026-48725

Warp is an agentic development environment. From 0.2021.04.25.23.05.stable00 until 0.2026.05.06.15.42.stable01, Warp allows terminal output to request access to the local system clipboard. A malicious remote host, remote program, or other attacker-controlled terminal output source can trigger...

8.1CVSS5.9AI score0.00213EPSS
Exploits0References3
NVD
NVD
added 2026/06/23 5:16 p.m.18 views

CVE-2026-12957

Improper trust boundary enforcement in Language Servers for AWS before version 1.65.0 on all supported platforms may allow a for arbitrary code execution. If a local user opens a maliciously crafted workspace, any commands within the project configuration files may be automatically executed. This...

8.5CVSS0.00118EPSS
Exploits0References2
OSV
OSV
added 2026/06/23 4:3 p.m.3 views

CVE-2026-12958 Arbitrary file write in Language Servers for AWS

Missing symlink validation in Language Servers for AWS may allow an arbitrary file write outside of the workspace trust boundary. This may occur when a local user opens a workspace with a maliciously crafted symlink that resolves to a file path outside the workspace trust boundary. To remediate...

8.5CVSS6AI score0.00142EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/23 4:2 p.m.6 views

CVE-2026-12957

Improper trust boundary enforcement in Language Servers for AWS before version 1.65.0 on all supported platforms may allow a for arbitrary code execution. If a local user opens a maliciously crafted workspace, any commands within the project configuration files may be automatically executed. This...

8.5CVSS6.1AI score0.00118EPSS
Exploits0References2
OSV
OSV
added 2026/06/18 5:25 p.m.6 views

GHSA-R253-R9JW-QG44 Crawl4AI: Unauthenticated RCE via Chromium launch-argument injection in browser_config.extra_args

Summary The Docker API server accepted a request-supplied browserconfig.extraargs, which flowed into Chromium's launch arguments. An attacker could inject Chromium switches that replace a child-process launch command --utility-cmd-prefix, --renderer-cmd-prefix, --gpu-launcher,...

10CVSS6.5AI score0.00523EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/15 7:59 p.m.61 views

DOMPurify: Hook mutation of `data.allowedTags` / `data.allowedAttributes` permanently pollutes `DEFAULT_ALLOWED_TAGS` / `DEFAULT_ALLOWED_ATTR`

Hook mutation of data.allowedTags / data.allowedAttributes permanently pollutes DEFAULTALLOWEDTAGS / DEFAULTALLOWEDATTR CWE: CWE-501 Trust Boundary Violation — hook-scoped mutation leaks to global default sets via CWE-693 Protection Mechanism Failure — the default allow-list is silently widened f...

5.6AI score
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/06/15 7:59 p.m.10 views

Trust Boundary Violation

Overview org.webjars.npm:dompurify is a DOM-only XSS sanitizer for HTML, MathML and SVG. Affected versions of this package are vulnerable to Trust Boundary Violation through the mutation of data.allowedTags or data.allowedAttributes in hooks, which directly alters the global default sets used for...

6.1CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 2026/06/15 7:56 p.m.9 views

Trust Boundary Violation

Overview org.webjars.npm:dompurify is a DOM-only XSS sanitizer for HTML, MathML and SVG. Affected versions of this package are vulnerable to Trust Boundary Violation in the sanitize function when handling DOM nodes from a different same-origin realm due to improper realm-bound instanceof checks. ...

6.1CVSS6.2AI score0.00288EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/10 9:0 p.m.10 views

CVE-2026-33828

Trust boundary violation in Windows Attestation allows an authorized attacker to elevate privileges locally...

7.8CVSS5.4AI score0.0031EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 6:30 p.m.17 views

EUVD-2026-35657

Trust boundary violation in Windows Attestation allows an authorized attacker to elevate privileges locally...

7.8CVSS5.4AI score0.0031EPSS
Exploits0References2
NVD
NVD
added 2026/06/09 5:17 p.m.12 views

CVE-2026-33828

Trust boundary violation in Windows Attestation allows an authorized attacker to elevate privileges locally...

7.8CVSS0.0031EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 5:4 p.m.146 views

CVE-2026-33828

CVE-2026-33828 affects Windows Device Health Attestation (DHA). The vulnerability is a trust boundary violation in Windows Attestation that allows an authorized local attacker to elevate privileges. CVSS v3.1 base metrics indicate high impact to confidentiality, integrity, and availability with l...

7.8CVSS5.4AI score0.0031EPSS
Exploits0References1Affected Software12
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.17 views

PT-2026-47864

Name of the Vulnerable Software and Affected Versions Windows Attestation affected versions not specified Description A trust boundary violation in Device Health Attestation allows an authorized attacker to elevate privileges locally to SYSTEM level. A trust boundary violation occurs when a progr...

7.8CVSS5.2AI score0.0031EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.22 views

Microsoft Windows Attestation 输入验证错误漏洞

Microsoft Windows Attestation is an open-source device certification service based on TPM hardware trust roots, developed by Microsoft in the United States. Microsoft Windows Attestation has a security vulnerability that stems from a violation of trust boundaries, which may allow authorized...

7.8CVSS5.8AI score0.0031EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:39 p.m.9 views

CVE-2026-7439

AgentFlow's local web API accepts non-JSON content types on POST /api/runs and POST /api/runs/validate endpoints without enforcing application/json validation, allowing attackers to bypass trust-boundary enforcement on sensitive operations. Attackers can exploit this content-type validation...

4.8CVSS5.5AI score0.00089EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.14 views

CVE-2026-44661

python-utcp is the python implementation of UTCP. Prior to 1.1.3, the utcp-http plugin is vulnerable to a blind Server-Side Request Forgery SSRF caused by a trust-boundary inconsistency between manual discovery and tool invocation. registermanual validates the discovery URL against an HTTPS /...

4.7CVSS5.5AI score0.00168EPSS
Exploits0References1
NVD
NVD
added 2026/05/28 10:17 p.m.14 views

CVE-2026-45366

typescript-utcp is a typescript implementation of UTCP. Prior to 1.1.2, the @utcp/http package is vulnerable to a blind Server-Side Request Forgery SSRF caused by a trust-boundary inconsistency between manual discovery and tool invocation. registerManual validates the discovery URL against an HTT...

4.7CVSS0.00122EPSS
Exploits0References1
Rows per page
Query Builder