Bandit 安全漏洞

Bandit is a high-performance HTTP and WebSocket server from the individual developer Mat Trudel. A security vulnerability exists in Bandit versions 0.5.9 through 1.11.0 and earlier, which stems from an unrestricted resource allocation when WebSocket permessage-deflate compression is enabled, whic...

CVE-2025-67511

Cybersecurity AI CAI is an open-source framework for building and deploying AI-powered offensive and defensive automation. Versions 0.5.9 and below are vulnerable to Command Injection through the runsshcommandwithcredentials function, which is available to AI agents. Only password and command...

Cybersecurity AI 命令注入漏洞

Cybersecurity AI is an open source cybersecurity AI security framework from Alias Robotics. A command injection vulnerability exists in Cybersecurity AI version 0.5.9 and earlier, which stems from a command injection in the runsshcommandwithcredentials function that could lead to the execution of...

CVE-2025-67511

CVE-2025-67511 affects Cybersecurity AI (CAI). Versions ≤ 0.5.9 are vulnerable to Command Injection via the run_ssh_command_with_credentials() function exposed to AI agents. Only password and command inputs are escaped to mitigate shell injection; username, host, and port values remain injectable...

@activix/summernote-image-attributes (=1.0.0), @beratkara/summernote-words-length (=1.0.0) +132 more potentially affected by CVE-2024-37629 via summernote (>=0.5.9 <=0.8.20)

summernote NPM version =0.5.9, =0.0.3, =0.0.1, =1.0.2, =1.0.0, =2.1.4140, =0.1.0, =1.0.0, =0.1.0, =0.1.0, =1.0.12, =2.0.0 and more Source cves: CVE-2024-37629 Source advisory: OSV:GHSA-CC55-MVQC-G9MG...