Lucene search
K

1121 matches found

Github Security Blog
Github Security Blog
added 2026/03/31 10:34 p.m.11 views

onnx Vulnerable to Path Traversal via Symlink

Summary A path traversal vulnerability via symlink allows to read arbitrary files outside model or user-provided directory. Details The following check for symlink is ineffective and it is possible to point a symlink to an arbitrary location on the file system:...

8.7CVSS6AI score0.00593EPSS
Exploits1References4Affected Software1
Patchstack
Patchstack
added 2026/03/26 8:20 a.m.6 views

WordPress Broken Link Checker plugin <= 2.4.7 - SQL Injection vulnerability

SQL Injection vulnerability discovered by daroo in WordPress Plugin Broken Link Checker versions = 2.4.7...

7.6CVSS6AI score0.00279EPSS
Exploits0Affected Software1
CVE
CVE
added 2026/03/25 5:11 p.m.19 views

CVE-2026-33663

Summary: CVE-2026-33663 affects n8n Community Edition. Before versions 2.14.1, 2.13.3, and 1.123.27, an authenticated user with the global:member role could exploit chained authorization flaws in the credential pipeline to steal plaintext secrets from generic HTTP credentials (httpBasicAuth, http...

8.5CVSS6AI score0.00392EPSS
Exploits0References1Affected Software1
Packet Storm News
Packet Storm News
added 2026/03/24 12:0 a.m.25 views

AgentRFC: Security Design Principles and Conformance Testing for Agent Protocols

AI agent protocols -- including MCP, A2A, ANP, and ACP -- enable autonomous agents to discover capabilities, delegate tasks, and compose services across trust boundaries. Despite massive deployment MCP alone has 97M+ monthly SDK downloads, no systematic security framework for these protocols...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/02/23 12:0 a.m.8 views

CodeHacker: Automated Test Case Generation for Detecting Vulnerabilities in Competitive Programming Solutions

The evaluation of Large Language Models LLMs for code generation relies heavily on the quality and robustness of test cases. However, existing benchmarks often lack coverage for subtle corner cases, allowing incorrect solutions to pass. To bridge this gap, we propose CodeHacker, an automated agen...

6AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/02/11 1:33 a.m.6 views

CVE-2026-25931

vscode-spell-checker is a basic spell checker that works well with code and documents. Prior to v4.5.4, DocumentSettings.determineIsTrusted treats the configuration value cSpell.trustedWorkspace as the authoritative trust flag. The value defaults to true package.json and is read from workspace...

7.8CVSS5.7AI score0.00126EPSS
Exploits0References1
Microsoft KB
Microsoft KB
added 2026/02/10 4:0 p.m.85 views

Description of the security update for Microsoft Exchange Server 2019 CU15: February 10, 2026 (KB5074993)

None None...

6.5CVSS6.4AI score0.0768EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/02/09 10:10 p.m.11 views

CVE-2026-25931 vscode-spell-checker has a workspace-trust bypass Code Execution

vscode-spell-checker is a basic spell checker that works well with code and documents. Prior to v4.5.4, DocumentSettings.determineIsTrusted treats the configuration value cSpell.trustedWorkspace as the authoritative trust flag. The value defaults to true package.json and is read from workspace...

7.8CVSS5.7AI score0.00126EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/09 10:10 p.m.28 views

CVE-2026-25931 vscode-spell-checker has a workspace-trust bypass Code Execution

vscode-spell-checker is a basic spell checker that works well with code and documents. Prior to v4.5.4, DocumentSettings.determineIsTrusted treats the configuration value cSpell.trustedWorkspace as the authoritative trust flag. The value defaults to true package.json and is read from workspace...

7.8CVSS0.00126EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/02/09 10:10 p.m.3 views

CVE-2026-25931

vscode-spell-checker is a basic spell checker that works well with code and documents. Prior to v4.5.4, DocumentSettings.determineIsTrusted treats the configuration value cSpell.trustedWorkspace as the authoritative trust flag. The value defaults to true package.json and is read from workspace...

7.8CVSS5.7AI score0.00126EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/02/09 10:10 p.m.38 views

CVE-2026-25931

The vulnerability affects the vscode-spell-checker extension prior to version 4.5.4. It arises because DocumentSettings._determineIsTrusted uses the cSpell.trustedWorkspace setting as the authoritative trust flag, defaulting to true in package.json. This allows an untrusted workspace to cause the...

7.8CVSS5.7AI score0.00126EPSS
Exploits0References4
OSV
OSV
added 2026/02/09 10:10 p.m.6 views

CVE-2026-25931 vscode-spell-checker has a workspace-trust bypass Code Execution

vscode-spell-checker is a basic spell checker that works well with code and documents. Prior to v4.5.4, DocumentSettings.determineIsTrusted treats the configuration value cSpell.trustedWorkspace as the authoritative trust flag. The value defaults to true package.json and is read from workspace...

7.8CVSS5.8AI score0.00126EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/02/09 12:0 a.m.8 views

Spelling Checker for Visual Studio Code 安全漏洞

Spelling Checker for Visual Studio Code is a simple source code spell checker developed by Street Side Software. Versions of Spelling Checker for Visual Studio Code prior to v4.5.4 contained a security vulnerability. This vulnerability stemmed from improper handling of trust flags, which could...

7.8CVSS6AI score0.00126EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/09 12:0 a.m.20 views

PT-2026-7180

Name of the Vulnerable Software and Affected Versions vscode-spell-checker versions prior to 4.5.4 Description The vscode-spell-checker extension is susceptible to a workspace-trust bypass that can lead to code execution. The DocumentSettings. determineIsTrusted function incorrectly relies on the...

7.8CVSS6.2AI score0.00126EPSS
Exploits0References12
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/02/05 2:33 p.m.7 views

Malicious code in web3-meme-tool (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 62aebca1848d232cb70d5bacf954626ca7d0fd1d5680bb8ab45777aa9347f5ed Disguised as metadata checker, packages are designed to exfiltrate hardcoded or given data to an obfuscated remote target --- Category: MALICIOUS - The campaig...

5.5AI score
Exploits0References1
OSV
OSV
added 2026/02/05 2:33 p.m.6 views

MAL-2026-763 Malicious code in web3-meme-tool (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 62aebca1848d232cb70d5bacf954626ca7d0fd1d5680bb8ab45777aa9347f5ed Disguised as metadata checker, packages are designed to exfiltrate hardcoded or given data to an obfuscated remote target --- Category: MALICIOUS - The campaig...

5.5AI score
Exploits0References1
OSV
OSV
added 2026/02/05 2:30 p.m.5 views

MAL-2026-762 Malicious code in metadata-checker (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 222755e960642163a0918eeb42baef3dedec6676e084a02742210fb83b7d99e5 Disguised as metadata checker, packages are designed to exfiltrate hardcoded or given data to an obfuscated remote target --- Category: MALICIOUS - The campaig...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/02/05 2:30 p.m.9 views

Malicious code in metadata-checker (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 222755e960642163a0918eeb42baef3dedec6676e084a02742210fb83b7d99e5 Disguised as metadata checker, packages are designed to exfiltrate hardcoded or given data to an obfuscated remote target --- Category: MALICIOUS - The campaig...

5.5AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/04 7:28 p.m.6 views

CVE-2026-25023

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in mdedev Run Contests, Raffles, and Giveaways with ContestsWP contest-code-checker allows Retrieve Embedded Sensitive Data.This issue affects Run Contests, Raffles, and Giveaways with ContestsWP: from n/a...

5.3CVSS5.4AI score0.00192EPSS
Exploits0References1
NVD
NVD
added 2026/02/03 3:16 p.m.20 views

CVE-2026-25023

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in mdedev Run Contests, Raffles, and Giveaways with ContestsWP contest-code-checker allows Retrieve Embedded Sensitive Data.This issue affects Run Contests, Raffles, and Giveaways with ContestsWP: from n/a...

5.3CVSS0.00192EPSS
Exploits0References1
Rows per page
Query Builder