130 matches found
CVE-2026-59152
LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to 0.8.18, an attacker who can send an HTTP request to a server running the LangSmith SDK's TracingMiddleware can cause that server to read an arbitrary file from its local filesystem and upload the contents to...
GHSA-CVW6-GFVV-953Q Fission: Cross-namespace Environment reference via unvalidated EnvironmentRef in Function admission webhook
Summary The Fission Function admission webhook pkg/webhook/function.go validated that spec.secrets.namespace and spec.configmaps.namespace equalled the function's own namespace but performed no equivalent check on spec.environment.namespace. Details An attacker with permission to create Functions...
CVE-2026-48725
Warp is an agentic development environment. From 0.2021.04.25.23.05.stable00 until 0.2026.05.06.15.42.stable01, Warp allows terminal output to request access to the local system clipboard. A malicious remote host, remote program, or other attacker-controlled terminal output source can trigger...
CVE-2026-48725
Warp is an agentic development environment. From 0.2021.04.25.23.05.stable00 until 0.2026.05.06.15.42.stable01, Warp allows terminal output to request access to the local system clipboard. A malicious remote host, remote program, or other attacker-controlled terminal output source can trigger...
CVE-2026-12957
Improper trust boundary enforcement in Language Servers for AWS before version 1.65.0 on all supported platforms may allow a for arbitrary code execution. If a local user opens a maliciously crafted workspace, any commands within the project configuration files may be automatically executed. This...
CVE-2026-12958 Arbitrary file write in Language Servers for AWS
Missing symlink validation in Language Servers for AWS may allow an arbitrary file write outside of the workspace trust boundary. This may occur when a local user opens a workspace with a maliciously crafted symlink that resolves to a file path outside the workspace trust boundary. To remediate...
CVE-2026-12957
Improper trust boundary enforcement in Language Servers for AWS before version 1.65.0 on all supported platforms may allow a for arbitrary code execution. If a local user opens a maliciously crafted workspace, any commands within the project configuration files may be automatically executed. This...
GHSA-R253-R9JW-QG44 Crawl4AI: Unauthenticated RCE via Chromium launch-argument injection in browser_config.extra_args
Summary The Docker API server accepted a request-supplied browserconfig.extraargs, which flowed into Chromium's launch arguments. An attacker could inject Chromium switches that replace a child-process launch command --utility-cmd-prefix, --renderer-cmd-prefix, --gpu-launcher,...
DOMPurify: Hook mutation of `data.allowedTags` / `data.allowedAttributes` permanently pollutes `DEFAULT_ALLOWED_TAGS` / `DEFAULT_ALLOWED_ATTR`
Hook mutation of data.allowedTags / data.allowedAttributes permanently pollutes DEFAULTALLOWEDTAGS / DEFAULTALLOWEDATTR CWE: CWE-501 Trust Boundary Violation — hook-scoped mutation leaks to global default sets via CWE-693 Protection Mechanism Failure — the default allow-list is silently widened f...
Trust Boundary Violation
Overview org.webjars.npm:dompurify is a DOM-only XSS sanitizer for HTML, MathML and SVG. Affected versions of this package are vulnerable to Trust Boundary Violation through the mutation of data.allowedTags or data.allowedAttributes in hooks, which directly alters the global default sets used for...
Trust Boundary Violation
Overview org.webjars.npm:dompurify is a DOM-only XSS sanitizer for HTML, MathML and SVG. Affected versions of this package are vulnerable to Trust Boundary Violation in the sanitize function when handling DOM nodes from a different same-origin realm due to improper realm-bound instanceof checks. ...
CVE-2026-33828
Trust boundary violation in Windows Attestation allows an authorized attacker to elevate privileges locally...
EUVD-2026-35657
Trust boundary violation in Windows Attestation allows an authorized attacker to elevate privileges locally...
CVE-2026-33828
Trust boundary violation in Windows Attestation allows an authorized attacker to elevate privileges locally...
CVE-2026-33828
CVE-2026-33828 affects Windows Device Health Attestation (DHA). The vulnerability is a trust boundary violation in Windows Attestation that allows an authorized local attacker to elevate privileges. CVSS v3.1 base metrics indicate high impact to confidentiality, integrity, and availability with l...
PT-2026-47864
Name of the Vulnerable Software and Affected Versions Windows Attestation affected versions not specified Description A trust boundary violation in Device Health Attestation allows an authorized attacker to elevate privileges locally to SYSTEM level. A trust boundary violation occurs when a progr...
Microsoft Windows Attestation 输入验证错误漏洞
Microsoft Windows Attestation is an open-source device certification service based on TPM hardware trust roots, developed by Microsoft in the United States. Microsoft Windows Attestation has a security vulnerability that stems from a violation of trust boundaries, which may allow authorized...
CVE-2026-7439
AgentFlow's local web API accepts non-JSON content types on POST /api/runs and POST /api/runs/validate endpoints without enforcing application/json validation, allowing attackers to bypass trust-boundary enforcement on sensitive operations. Attackers can exploit this content-type validation...
CVE-2026-44661
python-utcp is the python implementation of UTCP. Prior to 1.1.3, the utcp-http plugin is vulnerable to a blind Server-Side Request Forgery SSRF caused by a trust-boundary inconsistency between manual discovery and tool invocation. registermanual validates the discovery URL against an HTTPS /...
CVE-2026-45366
typescript-utcp is a typescript implementation of UTCP. Prior to 1.1.2, the @utcp/http package is vulnerable to a blind Server-Side Request Forgery SSRF caused by a trust-boundary inconsistency between manual discovery and tool invocation. registerManual validates the discovery URL against an HTT...