3232 matches found
CVE-2026-56012
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in David Lingren Media LIbrary Assistant allows Blind SQL Injection. This issue affects Media LIbrary Assistant: from n/a through 3.35...
WordPress Media LIbrary Assistant plugin <= 3.35 - SQL Injection vulnerability
SQL Injection vulnerability discovered by daroo in WordPress Plugin Media LIbrary Assistant versions = 3.35...
CVE-2026-54317
creationtimestamp| type| source ---|---|--- 2026-06-18 09:17:38+00:00| published-proof-of-concept| https://github.com/home-assistant/core/security/advisories/GHSA-x84v-g949-293w 2026-06-24 12:13:59+00:00| seen| https://bsky.app/profile/hugovalters.bsky.social/post/3mozvbqteme22...
CVE-2026-54198
Unauthenticated Cross Site Scripting XSS in Media LIbrary Assistant = 3.35 versions...
EUVD-2026-37055
Unauthenticated Cross Site Scripting XSS in Media LIbrary Assistant = 3.35 versions...
CVE-2026-54198 WordPress Media LIbrary Assistant plugin <= 3.35 - Reflected Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in Media LIbrary Assistant = 3.35 versions...
CVE-2026-54198
CVE-2026-54198 affects the WordPress Media Library Assistant plugin up to version 3.35. The vulnerability is an unauthenticated cross-site scripting (XSS) in the plugin (reflected XSS per CVE record) with a CVSS 3.1 base score of 7.1 (HIGH). Attack vector: Network; privileges required: NONE; user...
Malicious code in sp-api-dev-assistant-mcp-server (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 18b5b59005300a7a8612a3bf36d3707df573ac722e94e52a3854844345d63745 Package contains only package.json and README.md, with the README explicitly stating it is a proof-of-concept squatting an unclaimed npm name that wa...
Your Security Operations Team Just Got Faster: Meet Imperva’s AI Assistant.
There is a moment every security analyst knows well. It’s 2am , an alert fires, and you’re staring at a console trying to make sense of what just happened—fast. You need context, scope, and impact: What’s being targeted? Where is it coming from? Is it getting worse? What should we do next? That...
A tale of two eras
Welcome to this week's edition of the Threat Source newsletter. To the surprise of absolutely no one who has seen my face, I'm one of the younger employees at Talos. As my industry veteran colleagues were buying the first iPods, navigating the switch from dial-up to broadband, saying goodbye to...
CVE-2026-45487
Time-of-check time-of-use TOCTOU race condition in Program Compatibility Assistant Service allows an authorized attacker to elevate privileges locally...
rspwner
RSPWNER RSPWNER is a Rust-based AI-assisted CTF pwn assistant...
CVE-2026-36728
A markdown based cross-site scripting XSS vulnerability in the AI assistant chat function of FastapiAdmin v2.2.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into a chat message...
CVE-2026-46475
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, assistant create and update mass-assignment allows cross-workspace assistant takeover. This issue has been patched in version 3.1.2...
CVE-2026-46441
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the assistant update endpoint of FlowiseAI. The endpoint allows authenticated users to modify server-controlled properties such as workspaceId...
EUVD-2026-35673
Time-of-check time-of-use TOCTOU race condition in Program Compatibility Assistant Service allows an authorized attacker to elevate privileges locally...
CVE-2026-45487
Time-of-check time-of-use TOCTOU race condition in Program Compatibility Assistant Service allows an authorized attacker to elevate privileges locally...
CVE-2026-45487 Windows Program Compatibility Assistant Service Elevation of Privilege Vulnerability
...
CVE-2026-45487
CVE-2026-45487 is a Windows vulnerability in the Program Compatibility Assistant Service where a TOCTOU race condition enables a local, authorized user to elevate privileges. Affected component: Program Compatibility Assistant Service on Windows. Root cause: TOCTOU race condition allowing privile...
CVE-2026-45487 Windows Program Compatibility Assistant Service Elevation of Privilege Vulnerability
...