1870506 matches found
Exploit for CVE-2026-13001
CVE-2026-13001 — Podlove Podcast Publisher Unauthenticated File...
TuxBot v3 Evolution Shows Signs of LLM-Assisted IoT Botnet Development
Cybersecurity researchers have disclosed details of a previously unreported Internet-of-Things IoT botnet framework dubbed TuxBot v3 Evolution that shows signs of being developed with assistance from a large language model LLM, albeit with not so successful results. "While the AI complied with...
EUVD-2026-44752
Kanboard through 1.2.52, fixed in commit 564cc30, BoardAjaxController save method used by the kanban board drag-and-drop endpoint validates the caller's role on the attacker-supplied projectid but never verifies that the supplied taskid actually belongs to that project. Because task identifiers a...
EUVD-2026-44709
Microsoft AVML before 0.17.0 could follow a symlink when opening a destination output path on Unix, allowing truncation/overwrite of the symlink target. The destructive effect is performed at open-time via OTRUNC, and can happen before full input validation completes “truncation-before-validation...
CVE-Hunter
CVE Hunter Pro A Chrome extension for fast, single-lookup CVE...
GHSA-RJG7-R26H-CFP2 Koel: Full-read SSRF via podcast enclosure URL: isPublicHost() filter_var guard does not reject NAT64 (64:ff9b::/96) or 6to4 (2002::/16) IPv6-transition wrappers of internal IPv4
Summary Koel's outbound-URL guard App\Helpers\Network::isPublicHost classifies an IP as "public" using PHP's filtervar$ip, FILTERVALIDATEIP, FILTERFLAGNOPRIVRANGE | FILTERFLAGNORESRANGE. That flag set does not recognise IPv6 transition-address forms that embed a private/loopback/link-local IPv4:...
Exploit for CVE-2026-14960
Privilege Escalation Vulnerabilities in Pegatron TdeIo64 Drive...
CVE-2026-58660
Kanboard through 1.2.52, fixed in commit 564cc30, BoardAjaxController save method used by the kanban board drag-and-drop endpoint validates the caller's role on the attacker-supplied projectid but never verifies that the supplied taskid actually belongs to that project. Because task identifiers a...
CVE-2026-50562
FastGPT is a knowledge-based AI application platform. At commit 22ebfacbb43311e9b73294040ae0eb87390c6bba and earlier, artifacts built from untrusted pull request code in .github/workflows/preview-docs-build.yml and .github/workflows/preview-fastgpt-build.yml can be downloaded by privileged...
GHSA-6QVR-WJMV-V8MM Koel: Incomplete fix for CVE-2026-47260 — systemic SSRF in podcast & radio fetch paths
Summary The fix for CVE-2026-47260 v9.3.5 added an initial isSafeUrl check to several fetchers synchronizeEpisodes, getStreamableUrl, AddRadioStation, EpisodePlayable, but the redirect-target validation — the per-hop Guzzle onredirect callback added in follow-up commit be1e867 — was applied to on...
Malicious code in qwen-asr-pvt (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 68e8b2f6db0443a648cdf03348c8dd9351568469f84b8d61022f1ed1da2a330e The package's pyproject.toml declares an unpinned runtime dependency on transformers4576, a lookalike of the widely used HuggingFace transformers...
MAL-2026-10690 Malicious code in qwen-asr-pvt (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 68e8b2f6db0443a648cdf03348c8dd9351568469f84b8d61022f1ed1da2a330e The package's pyproject.toml declares an unpinned runtime dependency on transformers4576, a lookalike of the widely used HuggingFace transformers...
GHSA-RV48-QQJ5-CRXG Protobuf: Unbounded recursion depth in embedded-message decoding
Summary Unbounded recursion depth in Protobuf.Decoder Hex package protobuf, versions = 0.8.0, 0.16.1 lets an unauthenticated attacker crash any service that decodes untrusted protobuf messages whose schema contains a self-referential or cyclic message type. A small request body a few KB to a few ...
GHSA-3PVH-63GF-J9MW LangBot: Authenticated RCE Via MCP Configuration
Summary Any authenticated user can achieve arbitrary command execution on the LangBot servers through changing the MCP Server Configuration by added an "STDIO" MCP with an arbitrary command. Details The repository uses StdioServerParameters which is based on Anthropic's modelcontextprotocol open...
LangBot: Authenticated RCE Via MCP Configuration
Summary Any authenticated user can achieve arbitrary command execution on the LangBot servers through changing the MCP Server Configuration by added an "STDIO" MCP with an arbitrary command. Details The repository uses StdioServerParameters which is based on Anthropic's modelcontextprotocol open...
Koel has SSRF through Authenticated Subsonic podcast feed URLs
Summary Koel's Subsonic createPodcastChannel.view endpoint accepts a user supplied podcast feed URL and fetches it server-side before applying the safe URL checks that are used for podcast episode enclosure URLs. An authenticated Subsonic API user can provide a loopback or internal URL as the fee...
GHSA-8Q6Q-M837-FV64 Koel has SSRF through Authenticated Subsonic podcast feed URLs
Summary Koel's Subsonic createPodcastChannel.view endpoint accepts a user supplied podcast feed URL and fetches it server-side before applying the safe URL checks that are used for podcast episode enclosure URLs. An authenticated Subsonic API user can provide a loopback or internal URL as the fee...
CVE-2026-12382
A flaw was found in the AAP Gateway Envoy proxy configuration. The non-mTLS route to EDA event streams does not remove the Subject HTTP header from client requests, despite the source code defining requestHeadersToRemove for this header. An unauthenticated remote attacker can inject a spoofed...
OIBSIP_CyberSecurty_Task-9
SQL Injection — DVWA & SQLMap Task 5 of the Oasis InfoByte...
CVE-2026-58660 Kanboard BoardAjaxController Missing Ownership Check via Drag-and-Drop
Kanboard through 1.2.52, fixed in commit 564cc30, BoardAjaxController save method used by the kanban board drag-and-drop endpoint validates the caller's role on the attacker-supplied projectid but never verifies that the supplied taskid actually belongs to that project. Because task identifiers a...