22177 matches found
AutoGPT 代码注入漏洞
AutoGPT is an open-source tool developed by AutoGPT. It aims to make AI accessible and usable for everyone. In versions 0.6.34 to 0.6.51 of AutoGPT, there was a code injection vulnerability. This vulnerability stemmed from the use of pickle.loads to deserialize Redis cache data without proper...
CVE-2026-47091
Claude HUD through 0.0.12, patched in commit 234d9aa, contains a path traversal vulnerability that allows attackers to read arbitrary files by supplying an unvalidated transcriptpath value via stdin JSON. Attackers can access any file readable by the process and the file metadata is written to a...
CVE-2026-44457
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, Cache Middleware does not skip caching for responses that declare per-user variance via Vary: Authorization or Vary: Cookie. As a result, a response cached for one authenticated user may be...
EUVD-2026-30800
Claude HUD through 0.0.12, patched in commit 234d9aa, contains a path traversal vulnerability that allows attackers to read arbitrary files by supplying an unvalidated transcriptpath value via stdin JSON. Attackers can access any file readable by the process and the file metadata is written to a...
CVE-2026-47091
Claude HUD up to version 0.0.12 is affected by a path traversal flaw exposed by an unvalidated transcript_path in stdin JSON. The vulnerability lets an attacker read arbitrary files readable by the process, and the accessed file metadata is written to a persistent cache file with insufficient per...
CVE-2026-47091 Claude HUD 0.0.12 Path Traversal via transcript_path
Claude HUD through 0.0.12, patched in commit 234d9aa, contains a path traversal vulnerability that allows attackers to read arbitrary files by supplying an unvalidated transcriptpath value via stdin JSON. Attackers can access any file readable by the process and the file metadata is written to a...
CVE-2026-47091
Claude HUD through 0.0.12, patched in commit 234d9aa, contains a path traversal vulnerability that allows attackers to read arbitrary files by supplying an unvalidated transcriptpath value via stdin JSON. Attackers can access any file readable by the process and the file metadata is written to a...
Updated perl-WWW-Mechanize-Cached, perl-File-XDG & perl-Path-Tiny packages fix security vulnerabilities
WWW::Mechanize::Cached versions before 2.00 for Perl deserialize cached HTTP responses from a world-writable on-disk cache, enabling local response forgery and code execution...
MGASA-2026-0149 Updated perl-WWW-Mechanize-Cached, perl-File-XDG & perl-Path-Tiny packages fix security vulnerabilities
WWW::Mechanize::Cached versions before 2.00 for Perl deserialize cached HTTP responses from a world-writable on-disk cache, enabling local response forgery and code execution...
CLSA-2026-1779119053 Fix of 8 CVEs
SECURITY UPDATE: modproxyajp heap buffer over-read in ajpmsggetstring - debian/patches/CVE-2026-34032.patch: add buffer checks in modules/proxy/ajpmsg.c. - CVE-2026-34032 SECURITY UPDATE: AJP getter functions off-by-one out-of-bounds reads - debian/patches/CVE-2026-33857.patch: fix length checks ...
Exploit for Embedded Malicious Code in Tanstack Tanstack\/Arktype-Adapter
TanStack Supply Chain Compromise - IOC Checker bash curl -...
kernel: "Dirty Frag" ESP XFRM variant is a new universal Local Privilege Escalation (LPE) vulnerability in the Linux kernel
A flaw was found in the Linux kernel's xfrm-ESP and RxRPC subsystems. Unsafe in-place cryptographic processing of shared socket buffer fragments allows a low-privileged local attacker to corrupt page-cache contents of readable files, including sensitive system files, and gain root privileges. The...
SUSE-SU-2026:1959-1 Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP7 RT kernel was updated to fix various security issues The following security issues were fixed: - CVE-2025-54518: x86/CPU/AMD: Prevent improper isolation of shared resources in Zen2's op cache bsc1264013. - CVE-2026-46300: net: skbuff: propagate shared-frag marker...
Security update for xen
This update for xen fixes the following issue CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption bsc1264066. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like...
SUSE-SU-2026:1933-1 Security update for xen
This update for xen fixes the following issue - CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption bsc1264066...
CVE-2026-3220
The Autoptimize WordPress plugin before 3.1.15, Clearfy Cache WordPress plugin before 2.4.2, Speed Optimizer WordPress plugin before 7.7.9 are vulnerable to unauthenticated Stored Cross-Site Scripting XSS due to a predictable replacement hash used during the HTML minification process and abusing ...
Security Bulletin: Multiple vulnerabilities in IBM watsonx Orchestrate with watsonx Assistant Cartridge
Summary Multiple vulnerabilities were addressed in IBM watsonx Orchestrate with watsonx Assistant Cartridge version 5.3.2 Vulnerability Details CVEID:CVE-2026-24398 DESCRIPTION: Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, IP...
CVE-2026-3220
CVE-2026-3220 affects three WordPress plugins: Autoptimize (before 3.1.15), Clearfy Cache (before 2.4.2), and Speed Optimizer (before 7.7.9). The issue is unauthenticated Stored XSS caused by a predictable replacement hash used during HTML minification and an abused regular expression, allowing a...
CVE-2026-3220 Multiple Plugins - Unauthenticated Stored XSS via Minify Library
The Autoptimize WordPress plugin before 3.1.15, Clearfy Cache WordPress plugin before 2.4.2, Speed Optimizer WordPress plugin before 7.7.9 are vulnerable to unauthenticated Stored Cross-Site Scripting XSS due to a predictable replacement hash used during the HTML minification process and abusing ...
CVE-2026-3220
The Autoptimize WordPress plugin before 3.1.15, Clearfy Cache WordPress plugin before 2.4.2, Speed Optimizer WordPress plugin before 7.7.9 are vulnerable to unauthenticated Stored Cross-Site Scripting XSS due to a predictable replacement hash used during the HTML minification process and abusing ...