310 matches found
PT-2026-60834
Name of the Vulnerable Software and Affected Versions IBM Langflow OSS versions 1.0.0 through 1.10.0 Description Improper authentication and access control in the user registration and account provisioning logic allow unauthenticated attackers to create unlimited user accounts. This occurs when...
CVE-2026-25779
Gitea versions up to and including 1.25.4 allow redirect bypasses through raw or percent-encoded backslashes in redirectto values...
PYSEC-2026-375 LangChain Experimental vulnerable to arbitrary code execution
langchainexperimental aka LangChain Experimental before 0.0.52, part of LangChain before 0.1.8, allows an attacker to bypass the CVE-2023-44467 fix and execute arbitrary code via the import, subclasses, builtins, globals, getattribute, bases, mro, or base attribute in Python code. These are not...
GO-2026-5523 Arc has an authenticated arbitrary local-file read via DuckDB I/O functions that bypasses RBAC table-level checks in github.com/basekick-labs/arc
Arc has an authenticated arbitrary local-file read via DuckDB I/O functions that bypasses RBAC table-level checks in github.com/basekick-labs/arc...
MAL-2026-5594 Malicious code in 0x2ai-demo7x (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c7e956073a7db6057e4d42af462dba0299152ca992c113d74c715e90574d0efb On npm install, scripts/postinstall.cjs copies the package's payload/ tree into the installer's project root process.env.INITCWD, placing...
EUVD-2026-34165
Version 3.0.7 of the Securly Chrome Extension dynamically registers content13.min.js as a content script via chrome.scripting.registerContentScripts at runtime. This script is NOT declared in manifest.json and bypasses Chrome Web Store static security review. It runs on all URLs and immediately...
Securly Chrome Extension 安全漏洞
Securly Chrome Extension is a web filtering and student online security management browser extension developed by the American company Securly. Version 3.0.7 of Securly Chrome Extension contains a security vulnerability. This vulnerability stems from dynamic registration of content scripts, which...
CVE-2026-0097
In multiple locations, there is a possible way to bypass user interaction when pairing an LE device due to a logic error. This could lead to remote proximal/adjacent escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2026-8327
Concrete CMS below 9.5.0 and below is vulnerable to password change without reauthorization and session-hardening bypass. The user-profile edit controller passes the entire raw POST array to UserInfo::update without field whitelisting resulting in password change without requiring the current...
PickleFuzzer: A Case Study in Fuzzing for Discrepancies between Python Pickle Implementations
Python's native serialization protocol, pickle, is a powerful but insecure format for transferring untrusted data. It is frequently used, especially for saving machine learning models, despite known security challenges. While developers sometimes mitigate this risk by restricting imports during...
PT-2026-40771
Multiple authorization bypass vulnerabilities in the Endpoint DLP component of Prisma Access Agent® allow a local attacker to bypass authentication controls and execute privileged operations...
PT-2026-39754
Name of the Vulnerable Software and Affected Versions Next.js versions 15.2.0 through 15.5.17 Next.js versions 16.0.0 through 16.2.5 Description A flaw exists where a previous security fix was not correctly applied to middleware.ts when used in conjunction with Turbopack, a high-performance...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.14 contained security vulnerabilities. These vulnerabilities stemmed from editing bypasses, allowing authenticated gateway clients to receive unedited secrets through alias fiel...
The (In)security Landscape of AI-Powered GitHub Actions (Part 2/2)
When AI meets CI/CD: permission bypasses, prompt injection, and what to do about it...
xss
CSS Style Sheet Mutation alert"This is a test" alert"...
GHSA-4P64-V8F5-R2GX Multiple security fixes in justhtml
Summary justhtml 1.16.0 fixes multiple security issues in sanitization, serialization, and programmatic DOM handling. Most of these issues affected one of these advanced paths rather than ordinary parsed HTML with the default safe settings: - programmatic DOM input to sanitize or sanitizedom -...
EUVD-2019-20126
Faleemi Desktop Software 1.8 contains a local buffer overflow vulnerability in the System Setup dialog that allows attackers to bypass DEP protections through structured exception handling exploitation. Attackers can inject a crafted payload into the Save Path for Snapshot and Record file field t...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.25 contained security vulnerabilities. These vulnerabilities were caused by authorization bypasses in calls made through Microsoft Teams, which could allow unauthorized senders ...
Node.js Adapter for Hono 路径遍历漏洞
The Node.js Adapter for Hono is an open-source tool developed by Hono, designed to run Hono applications on Node.js. Versions of the Node.js Adapter for Hono prior to 1.19.13 contained a path traversal vulnerability. This vulnerability stemmed from inconsistent path handling, allowing access to...
ChurchCRM 安全漏洞
ChurchCRM is an open-source CRM system developed for churches. Versions of ChurchCRM prior to 7.1.0 contained security vulnerabilities. These vulnerabilities stemmed from authentication bypasses in the API middleware, allowing unverified attackers to access all protected API endpoints...