PT-2026-36956

Name of the Vulnerable Software and Affected Versions Simple Owl Shortcodes versions prior to 2.1.2 Description The Simple Owl Shortcodes plugin for WordPress contains a Stored Cross-Site Scripting issue. This occurs due to insufficient input sanitization and output escaping of user-supplied...

Malicious code in rogiant-quick-install (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 efdebb03bb05b0da602f813ad321bbc81c658ac1bec059a5a7fa73fed277a53b During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

jdbc-wrapper-poc

AWS Advanced JDBC Wrapper - Deserialization RCE via Cache Pois...

Access Control Bypass

Overview MindsDB is a MindsDB server, provides server capabilities to mindsdb native python library Affected versions of this package are vulnerable to Access Control Bypass via the exec function in the mindsdb/integrations/handlers/byomhandler/procwrapper.py component. An attacker can gain...

GHSA-9F6M-65V9-X9G2 MindsDB has an Improper Access Control Issue

A weakness has been identified in MindsDB up to 26.01. This impacts the function exec of the file mindsdb/integrations/handlers/byomhandler/procwrapper.py of the component Engine Handler. Executing a manipulation can lead to unrestricted upload. The attack can be executed remotely. The exploit ha...

MindsDB has an Improper Access Control Issue

A weakness has been identified in MindsDB up to 26.01. This impacts the function exec of the file mindsdb/integrations/handlers/byomhandler/procwrapper.py of the component Engine Handler. Executing a manipulation can lead to unrestricted upload. The attack can be executed remotely. The exploit ha...

CVE-2026-7711

A weakness has been identified in MindsDB up to 26.01. This impacts the function exec of the file mindsdb/integrations/handlers/byomhandler/procwrapper.py of the component Engine Handler. Executing a manipulation can lead to unrestricted upload. The attack can be executed remotely. The exploit ha...

MindsDB 访问控制错误漏洞

MindsDB is a joint query engine developed by MindsDB Corporation, designed specifically for AI agents and large language models. It can handle questions related to PB-level enterprise data. MindsDB versions 26.01 and earlier contained a access control vulnerability. This vulnerability stemmed fro...

Astra Linux - уязвимость в linux-5.15

In efirtasmwrapper of efi-rt-wrapper.S, there is a possible bypass of shadow stack protection due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Add a wrapper around the mlx5etxreporterdumpsq function to extract the SQ value from the struct mlx5etxtimeoutctx structure. In the TX-timeout-recovery flow, the argument passed to this function is actually of type...

CVE-2026-7711

A weakness has been identified in MindsDB up to 26.01. This impacts the function exec of the file mindsdb/integrations/handlers/byomhandler/procwrapper.py of the component Engine Handler. Executing a manipulation can lead to unrestricted upload. The attack can be executed remotely. The exploit ha...

EUVD-2026-26852

A weakness has been identified in MindsDB up to 26.01. This impacts the function exec of the file mindsdb/integrations/handlers/byomhandler/procwrapper.py of the component Engine Handler. Executing a manipulation can lead to unrestricted upload. The attack can be executed remotely. The exploit ha...

CVE-2026-7711

Summary: CVE-2026-7711 affects MindsDB Engine up to 26.01, specifically the function exec in mindsdb/integrations/handlers/byom_handler/proc_wrapper.py. The underlying issue enables remote manipulation via the exec path that could allow unrestricted upload. Public exploit code is noted, and the a...

CVE-2026-7711 MindsDB Engine proc_wrapper.py exec unrestricted upload

A weakness has been identified in MindsDB up to 26.01. This impacts the function exec of the file mindsdb/integrations/handlers/byomhandler/procwrapper.py of the component Engine Handler. Executing a manipulation can lead to unrestricted upload. The attack can be executed remotely. The exploit ha...

CVE-2026-7711 MindsDB Engine proc_wrapper.py exec unrestricted upload

A weakness has been identified in MindsDB up to 26.01. This impacts the function exec of the file mindsdb/integrations/handlers/byomhandler/procwrapper.py of the component Engine Handler. Executing a manipulation can lead to unrestricted upload. The attack can be executed remotely. The exploit ha...

PT-2026-36728

Name of the Vulnerable Software and Affected Versions MindsDB versions prior to 26.01 Description A weakness in the Engine Handler component allows for unrestricted file upload. This issue occurs within the exec function located in the mindsdb/integrations/handlers/byom handler/proc wrapper.py fi...

Cross-site Scripting (XSS)

Overview com.shopizer:shopizer is an open source e-commerce software. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the getInputStream or getReader functions in the XssHttpServletRequestWrapper class. An attacker can inject and execute arbitrary web scripts or...

Cross-site Scripting (XSS)

Overview org.jenkins-ci.plugins:htmlpublisher is a plugin for Jenkins that publishes HTML reports. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the wrapper generation logic in HtmlPublisher. An attacker can inject arbitrary HTML attributes or markup by supplyin...

Malicious code in robase-dnb (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 24da23c2c626baf8f3c35e8c5000506cdadb4d8129d0e4350b262a0e3922d8c7 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

PT-2026-36156

Multiple authenticated cross-site scripting XSS vulnerabilities in the XssHttpServletRequestWrapper class of shopizer v3.2.5 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the getInputStream or getReader functions...