CVE-2026-3573 AI (Artificial Intelligence) - Moderately critical - Information Disclosure - SA-CONTRIB-2026-028

Incorrect Authorization vulnerability in Drupal AI Artificial Intelligence allows Resource Injection.This issue affects AI Artificial Intelligence: from 0.0.0 before 1.1.11, from 1.2.0 before 1.2.12...

EUVD-2009-0371

Malware in sbrugna...

Drupal AI (Artificial Intelligence) module < 1.0.5 - Authenticated Remote Code Execution (RCE) vulnerability

Authenticated Remote Code Execution RCE vulnerability discovered by Drew Webber mcdruid in WordPress Module AI Artificial Intelligence versions 1.0.5...

Drupal AI (Artificial Intelligence) module < 1.0.5 - Authenticated Other Vulnerability Type vulnerability

Authenticated Other Vulnerability Type vulnerability discovered by Drew Webber mcdruid in WordPress Module AI Artificial Intelligence versions 1.0.5...

Drupal AI (Artificial Intelligence) module < 1.0.3 - Unauthenticated Multiple Vulnerabilities vulnerability

Unauthenticated Multiple Vulnerabilities vulnerability discovered by Mingsong in WordPress Module AI Artificial Intelligence versions 1.0.3...

AI (Artificial Intelligence) - Critical - Cross Site Request Forgery - SA-CONTRIB-2025-003

The Drupal AI module provides a framework for easily integrating Artificial Intelligence on any Drupal site using any kind of AI from multiple vendors. The sub-modules AI Chatbot and AI Assistants API allow users to interact with the Drupal site via a 'chat' interface. The AI Chatbot module doesn...

Drupal AI (Artificial Intelligence) module < 1.0.2 - Unauthenticated Cross Site Request Forgery (CSRF) vulnerability

Unauthenticated Cross Site Request Forgery CSRF vulnerability discovered by Marcus Johansson in WordPress Module AI Artificial Intelligence versions 1.0.2...

CVE-2024-5125

parisneo/lollms-webui version 9.6 is vulnerable to Cross-Site Scripting XSS and Open Redirect due to inadequate input validation and processing of SVG files during the upload process. The XSS vulnerability allows attackers to embed malicious JavaScript code within SVG files, which is executed upo...

CVE-2024-5125

parisneo/lollms-webui version 9.6 is vulnerable to Cross-Site Scripting XSS and Open Redirect due to inadequate input validation and processing of SVG files during the upload process. The XSS vulnerability allows attackers to embed malicious JavaScript code within SVG files, which is executed upo...

CVE-2024-5125

CVE-2024-5125 affects parisneo/lollms-webui version 9.6, where SVG processing during file upload enables two issues: Cross‑Site Scripting (XSS) and Open Redirect. The root cause is inadequate input validation and handling of SVG files in the upload flow, allowing embedded JavaScript execution and...

CVE-2024-5125 XSS and Open Redirect via SVG File Upload in parisneo/lollms-webui

parisneo/lollms-webui version 9.6 is vulnerable to Cross-Site Scripting XSS and Open Redirect due to inadequate input validation and processing of SVG files during the upload process. The XSS vulnerability allows attackers to embed malicious JavaScript code within SVG files, which is executed upo...

CVE-2024-5125 XSS and Open Redirect via SVG File Upload in parisneo/lollms-webui

parisneo/lollms-webui version 9.6 is vulnerable to Cross-Site Scripting XSS and Open Redirect due to inadequate input validation and processing of SVG files during the upload process. The XSS vulnerability allows attackers to embed malicious JavaScript code within SVG files, which is executed upo...

Purple Fox rootkit now bundled with Telegram installer

The Purple Fox rootkit is being spread as an installer for the popular Telegram instant messaging app for Windows, according to researchers. Its not clear how the installer in this case was distributed, although it seems like at least some were delivered via email. Common distribution methods for...

CVE-2009-0367

The Python AI module in Wesnoth 1.4.x and 1.5 before 1.5.11 allows remote attackers to escape the sandbox and execute arbitrary code by using a whitelisted module that imports an unsafe module, then using a hierarchical module name to access the unsafe module through the whitelisted module...

CVE-2009-0367

The Python AI module in Wesnoth 1.4.x and 1.5 before 1.5.11 allows remote attackers to escape the sandbox and execute arbitrary code by using a whitelisted module that imports an unsafe module, then using a hierarchical module name to access the unsafe module through the whitelisted module...

Code injection

The Python AI module in Wesnoth 1.4.x and 1.5 before 1.5.11 allows remote attackers to escape the sandbox and execute arbitrary code by using a whitelisted module that imports an unsafe module, then using a hierarchical module name to access the unsafe module through the whitelisted module...

CVE-2009-0367

The Python AI module in Wesnoth 1.4.x and 1.5 before 1.5.11 allows remote attackers to escape the sandbox and execute arbitrary code by using a whitelisted module that imports an unsafe module, then using a hierarchical module name to access the unsafe module through the whitelisted module...

CVE-2009-0367

The CVE-2009-0367 vulnerability affects Wesnoth’s Python AI module (Wesnoth 1.4.x and 1.5 before 1.5.11). A remote attacker can escape the sandbox and run arbitrary Python code by using a whitelisted module that imports an unsafe module, then accessing it via a hierarchical module name through th...

retina.vs.iis4-round2.txt

http://www.eeye.com/database/advisories/ad06081999/ad06081999.html Retina vs. IIS4, Round 2 Systems Affected: Internet Information Server 4.0 IIS4 Microsoft Windows NT 4.0 SP3 Option Pack 4 Microsoft Windows NT 4.0 SP4 Option Pack 4 Microsoft Windows NT 4.0 SP5 Option Pack 4 Release Date: June 8,...