192400 matches found
The Attack and Defense Landscape of Agentic AI: A Comprehensive Survey
AI agents that combine large language models with non-AI system components are rapidly emerging in real-world applications, offering unprecedented automation and flexibility. However, this unprecedented flexibility introduces complex security challenges fundamentally different from those in...
PT-2026-24824
Copyparty is a portable file server. Prior to 1.20.12, if an attacker has been given both read- and write-permissions to the server, they can upload a malicious file with the filename .prologue.html and then craft a link to potentially execute arbitrary JavaScript in the victim's context. Note th...
D-SLAMSpoof: An Environment-Agnostic LiDAR Spoofing Attack Using Dynamic Point Cloud Injection
In this work, we introduce Dynamic SLAMSpoof D-SLAMSpoof, a novel attack that compromises LiDAR SLAM even in feature-rich environments. The attack leverages LiDAR spoofing, which injects spurious measurements into LiDAR scans through external laser interference. By designing both spatial injectio...
ROS-20260311-73-0004
Vulnerability in mongodb-org related to a flaw in the use of assert. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
PT-2026-24668
🚨 CVE-2026-3944 A vulnerability was determined in itsourcecode University Management System 1.0. This vulnerability affects unknown code of the file /att add.php. This manipulation of the argument Name causes sql injection. The attack may be initiated remotely. The exploit has been publicly...
CVE-2025-67298
An issue in ClasroomIO before v.0.2.6 allows a remote attacker to escalate privileges via the endpoints /api/verify and /rest/v1/profile...
PT-2026-24795
Shopware is an open commerce platform. Prior to 6.6.10.15 and 6.7.8.1, a vulnerability in the Shopware app registration flow that could, under specific conditions, allow attackers to take over the communication channel between a shop and an app. The legacy app registration flow used HMAC‑based...
Linux Distros Unpatched Vulnerability : CVE-2026-26127
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out-of-bounds read in .NET allows an unauthorized attacker to deny service over a network. CVE-2026-26127 Note that Nessus relies on the presence of the package...
PT-2026-24808
xygeni-action is the GitHub Action for Xygeni Scanner. On March 3, 2026, an attacker with access to compromised credentials created a series of pull requests 46, 47, 48 injecting obfuscated shell code into action.yml. The PRs were blocked by branch protection rules and never merged into the main...
CVE-2025-67037
An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS commands into the "tunnel" parameter when killing a tunnel connection. Injected commands are executed with root privileges...
Parse Server SQL注入漏洞
Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that runs Node.js. Versions of Parse Server prior to 9.6.0-alpha.2 and 8.6.28 have a SQL injection vulnerability. This vulnerability arises when attackers combine dot notation field...
PT-2026-24680
Easy Grade Pro 4.1.0.2 contains a file parsing logic flaw in the handling of proprietary .EGP gradebook files. By modifying specific fields at precise offsets within an otherwise valid .EGP file, an attacker can trigger an out-of-bounds memory read during parsing. This results in an unhandled...
CVE-2026-30741
OpenClaw Agent Platform up to v2026.2.6 is affected by a remote code execution (RCE) via a Request-Side prompt injection attack. The root cause is a lack of integrity validation for upstream API requests, which can cause high‑severity command execution in downstream components (e.g., MCP tools) w...
VulnCheck KEV: CVE-2025-62593
Ray is an AI compute engine. Prior to version 2.52.0, developers working with Ray as a development tool can be exploited via a critical RCE vulnerability exploitable via Firefox and Safari. This vulnerability is due to an insufficient guard against browser-based attacks, as the current defense us...
PT-2026-24809
Name of the Vulnerable Software and Affected Versions Himmelblau versions prior to 3.1.0 Himmelblau versions prior to 2.3.8 Description Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. The himmelblaud-tasks daemon, running as root, writes Kerberos cache files under...
Infinite loop
Overview Affected versions of this package are vulnerable to Infinite loop in the FileTypeParser class. This is triggered when the ASF WMV/WMA parser receives input including an ASF sub-header with a size value of 0. An attacker can interrupt service with a 55-byte payload. Remediation Upgrade...
Symlink Attack
Overview org.webjars.npm:tar is a full-featured Tar for Node.js. Affected versions of this package are vulnerable to Symlink Attack via tar.x extraction, which allows an attacker to overwrite arbitrary files outside the intended extraction directory with a drive-relative symlink target - like...
Symlink Attack
Overview tar is a full-featured Tar for Node.js. Affected versions of this package are vulnerable to Symlink Attack via tar.x extraction, which allows an attacker to overwrite arbitrary files outside the intended extraction directory with a drive-relative symlink target - like...
CVE-2025-22850
Time-of-check time-of-use race condition in the UEFI PdaSmm module for some IntelR reference platforms may allow an information disclosure. System software adversary with a privileged user combined with a high complexity attack may enable data exposure. This result may potentially occur via local...
CVE-2025-22444
CVE-2025-22444 affects the UEFI PdaSmm module on certain Intel reference platforms. The flaw is described as Exposure of resource to wrong sphere, enabling information disclosure. A system software adversary with privileged user access and a high-complexity, local attack could potentially cause d...