7 matches found
PT-2026-38406
Name of the Vulnerable Software and Affected Versions Vercel CLI versions 50.16.0 through 52.0.0 Description When running in non-interactive mode via the --non-interactive flag or auto-detected AI agent, commands that cannot complete autonomously emit JSON payloads containing suggested follow-up...
axonflow-sdk-typescript: Webhook signing-key (HMAC-SHA256) not exposed by SDK type, preventing signature verification
Summary The AxonFlow SDK's WebhookSubscription or equivalent type did not expose the HMAC-SHA256 signing key returned by the platform's CreateWebhook endpoint. Without access to the secret through the typed SDK API, callers had no path to verify the X-AxonFlow-Signature header on incoming webhook...
PT-2026-30322
Name of the Vulnerable Software and Affected Versions @hapi/content versions through 6.0.0 Description @hapi/content is susceptible to Regular Expression Denial of Service ReDoS through crafted HTTP header values. Three regular expressions used to parse Content-Type and Content-Disposition header...
CVE-2026-27812
Sub2API is an AI API gateway platform designed to distribute and manage API quotas from AI product subscriptions. A vulnerability in versions prior to 0.1.85 is a Password Reset Poisoning Host Header / Forwarded Header trust issue, which allows attackers to manipulate the password reset link...
PT-2024-7207 · Microsoft · Edge
Name of the Vulnerable Software and Affected Versions: Microsoft Edge Chromium-based versions prior to 129.0.2792.52 Description: The issue is related to a use-after-free vulnerability in Microsoft Edge, which is based on Chromium. This vulnerability can be exploited by a remote attacker to execu...
PT-2024-3316 · Aruba · Arubaos
Name of the Vulnerable Software and Affected Versions: ArubaOS versions 8.10 through 10.5 Description: The issue is related to a buffer overflow vulnerability in the Utility daemon, which could lead to unauthenticated remote code execution by sending specially crafted packets to the PAPI UDP port...
CVE-2020-15275 malicious SVG attachment causing stored XSS vulnerability in MoinMoin
MoinMoin is a wiki engine. In MoinMoin before version 1.9.11, an attacker with write permissions can upload an SVG file that contains malicious javascript. This javascript will be executed in a user's browser when the user is viewing that SVG file on the wiki. Users are strongly advised to upgrad...