Cesanta Mongoose 安全漏洞

Cesanta Mongoose is a set of embedded server libraries developed by the Irish company Cesanta. It includes functions for TCP and HTTP clients and servers, as well as WenSocket clients and servers. Versions of Cesanta Mongoose 7.20 and earlier contained security vulnerabilities. These...

Vanna 访问控制错误漏洞

Vanna is a personalized AI SQL proxy from Vanna Corporation. Versions of vanna 2.0.2 and earlier contained an access control vulnerability. This vulnerability stemmed from the absence of authentication in the Chat API Endpoint component, which could lead to remote attacks...

Vanna 安全漏洞

Vanna is a personalized AI SQL proxy from Vanna Corporation. Versions of vanna 2.0.2 and earlier contained security vulnerabilities. These vulnerabilities were caused by overly lax cross-domain policies implemented in the FastAPI/Flask Server component, which could lead to remote attacks...

stb 缓冲区错误漏洞

STB is a publicly available library for C/C++ developed by Sean Barrett. Versions of STB prior to 1.22 contained a buffer error vulnerability. This vulnerability stemmed from an out-of-bounds write operation in the startdecoder function found in the file stbvorbis.c, which could lead to remote...

A11y MCP Server 代码问题漏洞

A11y MCP Server is a web accessibility testing tool developed by Priyankar Kumar as an individual project. Versions of A11y MCP Server 1.0.5 and earlier contained code vulnerabilities. These vulnerabilities stemmed from a server-side request forgeing vulnerability in the A11yServer function locat...

Cesanta Mongoose 安全漏洞

Cesanta Mongoose is a set of embedded server libraries developed by the Irish company Cesanta. It includes functions for TCP and HTTP clients and servers, as well as WenSocket clients and servers. Versions of Cesanta Mongoose 7.20 and earlier contained security vulnerabilities. These...

JLSEC-2026-20

Hyperium Hyper before 0.14.19 does not allow for customization of the maxheaderlistsize method in the H2 third-party software, allowing attackers to perform HTTP2 attacks...

CVE-2026-0522 Local File Inclusion in the File Upload/Download Process

A local file inclusion vulnerability in the upload/download flow of the VertiGIS FM application allows authenticated attackers to read arbitrary files from the server by manipulating a file's path during its upload. When the file is subsequently downloaded, the file in the attacker controlled pat...

Iperius Backup 安全漏洞

Iperius Backup is a backup tool developed by the Italian company Iperius Backup. Iperius Backup versions 8.7.2 and earlier contained a security vulnerability. This vulnerability stemmed from the use of a hardcoded encryption key in the IperiusAccounts.ini file, which could lead to local attacks...

Enhancing REST API Fuzzing with Access Policy Violation Checks and Injection Attacks

Due to their widespread use in industry, several techniques have been proposed in the literature to fuzz REST APIs. Existing fuzzers for REST APIs have been focusing on detecting crashes e.g., 500 HTTP server error status code. However, security vulnerabilities can have major drastic consequences...

Automated Framework to Evaluate and Harden LLM System Instructions against Encoding Attacks

System Instructions in Large Language Models LLMs are commonly used to enforce safety policies, define agent behavior, and protect sensitive operational context in agentic AI applications. These instructions may contain sensitive information such as API credentials, internal policies, and...

VertiGIS FM 安全漏洞

VertiGIS FM is a facility and asset management platform from VertiGIS Corporation. Version 10.5.00119 of VertiGIS FM contains a security vulnerability. This vulnerability stems from the inclusion of local files during the upload/download process. It could allow authenticated attackers to read any...

stb 缓冲区错误漏洞

STB is a publicly available library for C/C++ developed by Sean Barrett. Versions of STB prior to 1.26 contained a buffer error vulnerability. This vulnerability stemmed from an out-of-bounds read in the stbtruetype.h library within the TTF File Handler component, which could lead to remote attac...

PT-2026-29236

OpenClaw before 2026.3.12 applies rate limiting only after successful webhook authentication, allowing attackers to bypass rate limits and brute-force webhook secrets. Attackers can submit repeated authentication requests with invalid secrets without triggering rate limit responses, enabling...

Mozilla Firefox and Mozilla Thunderbird Spoofing Vulnerability (CNVD-2026-16379)

Mozilla Firefox is an open source web browser.Mozilla Thunderbird is a set of e-mail client software separate from the Mozilla Application Suite. The software supports IMAP, POP mail protocols and HTML mail format. Mozilla Firefox and Mozilla Thunderbird have a spoofing vulnerability that can be...

Unspecified Vulnerability in HCL Aftermarket DPC (CNVD-2026-15830)

HCL Aftermarket DPC is a digital spare parts and aftermarket management platform for HCL India. HCL Aftermarket DPC suffers from a security vulnerability that can be exploited by an attacker to obtain system software and version details to carry out software-specific attacks...

5G Puppeteer: Chaining Hidden Command and Control Channels in 5G Core Networks

Mobile networks are essential for modern societies. The most recent generation of mobile networks will be even more ubiquitous than previous ones. Therefore, the security of these networks as part of the critical infrastructure with essential communication services is of the uttermost importance...

FreeScout 安全漏洞

FreeScout is a lightweight and powerful free open-source help desk and shared inbox built using PHP Laravel framework by FreeScout Inc. Versions of FreeScout prior to 1.8.211 contained security vulnerabilities, which were due to unvalidated host header operations, potentially leading to external...

Unspecified Vulnerability in HCL Aftermarket DPC

HCL Aftermarket DPC is a digital spare parts and aftermarket management platform for HCL India. HCL Aftermarket DPC has a security vulnerability that can be exploited by an attacker to read sensitive files on the system and use them for further attacks...

Claude SDK for Python 安全漏洞

Claude SDK for Python is an open-source Python software development toolkit developed by Anthropic for calling the Claude API. Versions of Claude SDK for Python prior to 0.87.0 contained a security vulnerability. This vulnerability stemmed from the asynchronous local file system’s memory tools...