10 matches found
CVE-2026-14611
DeepMyst Mysti (up to 0.4.0) is affected by a vulnerability in MemoryManager.ts initProjectMemory where manipulating workspacePath can cause resource exposure. The issue is exploitable remotely and is fixed by upgrading to version 0.4.0; the patch is identified as 6d709229b5199f6769fb3cf763e5122d...
EUVD-2026-41610
A vulnerability has been found in DeepMyst Mysti up to 0.4.0. The affected element is the function initProjectMemory of the file src/managers/MemoryManager.ts of the component Per-Project Auto-Memory Handler. Such manipulation of the argument workspacePath leads to exposure of resource. The attac...
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via the factoryClassLocation function. An attacker can achieve arbitrary code execution by provoking the application to read a maliciously...
GHSA-M2CM-222F-QW44 mchange-commons-java: Remote Code Execution via JNDI Reference Resolution
Impact mchange-commons-java includes code that mirrors early implementations of JNDI functionality, including support for remote factoryClassLocation values, by which code can be downloaded and invoked within a running application. If an attacker can provoke an application to read a maliciously...
Coder AgentAPI exposed user chat history via a DNS rebinding attack
Summary AgentAPI prior to version 0.4.0 was susceptible to a client-side DNS rebinding attack when hosted over plain HTTP on localhost. Impact An attacker could have gained access to the /messages endpoint served by the Agent API. This allowed for the unauthorized exfiltration of sensitive user...
Linux Distros Unpatched Vulnerability : CVE-2024-52595
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - lxmlhtmlclean is a project for HTML cleaning functionalities copied from lxml.html.clean. Prior to version 0.4.0, the HTML Parser in lxml does not properly hand...
SQL Injection
Overview llama-index-retrievers-duckdb-retriever is a llama-index retrievers duckdb-retriever integration Affected versions of this package are vulnerable to SQL Injection in the retrieve function, which sends an unparameterized SQL query based on user input for the values of "search using string...
SUSE CVE-2024-52595
lxmlhtmlclean is a project for HTML cleaning functionalities copied from lxml.html.clean. Prior to version 0.4.0, the HTML Parser in lxml does not properly handle context-switching for special HTML tags such as , and . This behavior deviates from how web browsers parse and interpret such tags...
PT-2024-35391 · Unknown +1 · Lxml Html Clean +1
Name of the Vulnerable Software and Affected Versions: lxml html clean versions prior to 0.4.0 Description: The HTML Parser in lxml does not properly handle context-switching for special HTML tags such as , , and . This behavior deviates from how web browsers parse and interpret such tags...
Cross-site Request Forgery (CSRF)
Overview fieldtest is an A/B testing library for Rails. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF with non-session based authentication methods. Remediation Upgrade fieldtest to version 0.4.0 or higher. References - GitHub Issue...