1121 matches found
onnx Vulnerable to Path Traversal via Symlink
Summary A path traversal vulnerability via symlink allows to read arbitrary files outside model or user-provided directory. Details The following check for symlink is ineffective and it is possible to point a symlink to an arbitrary location on the file system:...
WordPress Broken Link Checker plugin <= 2.4.7 - SQL Injection vulnerability
SQL Injection vulnerability discovered by daroo in WordPress Plugin Broken Link Checker versions = 2.4.7...
CVE-2026-33663
Summary: CVE-2026-33663 affects n8n Community Edition. Before versions 2.14.1, 2.13.3, and 1.123.27, an authenticated user with the global:member role could exploit chained authorization flaws in the credential pipeline to steal plaintext secrets from generic HTTP credentials (httpBasicAuth, http...
AgentRFC: Security Design Principles and Conformance Testing for Agent Protocols
AI agent protocols -- including MCP, A2A, ANP, and ACP -- enable autonomous agents to discover capabilities, delegate tasks, and compose services across trust boundaries. Despite massive deployment MCP alone has 97M+ monthly SDK downloads, no systematic security framework for these protocols...
CodeHacker: Automated Test Case Generation for Detecting Vulnerabilities in Competitive Programming Solutions
The evaluation of Large Language Models LLMs for code generation relies heavily on the quality and robustness of test cases. However, existing benchmarks often lack coverage for subtle corner cases, allowing incorrect solutions to pass. To bridge this gap, we propose CodeHacker, an automated agen...
CVE-2026-25931
vscode-spell-checker is a basic spell checker that works well with code and documents. Prior to v4.5.4, DocumentSettings.determineIsTrusted treats the configuration value cSpell.trustedWorkspace as the authoritative trust flag. The value defaults to true package.json and is read from workspace...
Description of the security update for Microsoft Exchange Server 2019 CU15: February 10, 2026 (KB5074993)
None None...
CVE-2026-25931 vscode-spell-checker has a workspace-trust bypass Code Execution
vscode-spell-checker is a basic spell checker that works well with code and documents. Prior to v4.5.4, DocumentSettings.determineIsTrusted treats the configuration value cSpell.trustedWorkspace as the authoritative trust flag. The value defaults to true package.json and is read from workspace...
CVE-2026-25931 vscode-spell-checker has a workspace-trust bypass Code Execution
vscode-spell-checker is a basic spell checker that works well with code and documents. Prior to v4.5.4, DocumentSettings.determineIsTrusted treats the configuration value cSpell.trustedWorkspace as the authoritative trust flag. The value defaults to true package.json and is read from workspace...
CVE-2026-25931
vscode-spell-checker is a basic spell checker that works well with code and documents. Prior to v4.5.4, DocumentSettings.determineIsTrusted treats the configuration value cSpell.trustedWorkspace as the authoritative trust flag. The value defaults to true package.json and is read from workspace...
CVE-2026-25931
The vulnerability affects the vscode-spell-checker extension prior to version 4.5.4. It arises because DocumentSettings._determineIsTrusted uses the cSpell.trustedWorkspace setting as the authoritative trust flag, defaulting to true in package.json. This allows an untrusted workspace to cause the...
CVE-2026-25931 vscode-spell-checker has a workspace-trust bypass Code Execution
vscode-spell-checker is a basic spell checker that works well with code and documents. Prior to v4.5.4, DocumentSettings.determineIsTrusted treats the configuration value cSpell.trustedWorkspace as the authoritative trust flag. The value defaults to true package.json and is read from workspace...
Spelling Checker for Visual Studio Code 安全漏洞
Spelling Checker for Visual Studio Code is a simple source code spell checker developed by Street Side Software. Versions of Spelling Checker for Visual Studio Code prior to v4.5.4 contained a security vulnerability. This vulnerability stemmed from improper handling of trust flags, which could...
PT-2026-7180
Name of the Vulnerable Software and Affected Versions vscode-spell-checker versions prior to 4.5.4 Description The vscode-spell-checker extension is susceptible to a workspace-trust bypass that can lead to code execution. The DocumentSettings. determineIsTrusted function incorrectly relies on the...
Malicious code in web3-meme-tool (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 62aebca1848d232cb70d5bacf954626ca7d0fd1d5680bb8ab45777aa9347f5ed Disguised as metadata checker, packages are designed to exfiltrate hardcoded or given data to an obfuscated remote target --- Category: MALICIOUS - The campaig...
MAL-2026-763 Malicious code in web3-meme-tool (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 62aebca1848d232cb70d5bacf954626ca7d0fd1d5680bb8ab45777aa9347f5ed Disguised as metadata checker, packages are designed to exfiltrate hardcoded or given data to an obfuscated remote target --- Category: MALICIOUS - The campaig...
MAL-2026-762 Malicious code in metadata-checker (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 222755e960642163a0918eeb42baef3dedec6676e084a02742210fb83b7d99e5 Disguised as metadata checker, packages are designed to exfiltrate hardcoded or given data to an obfuscated remote target --- Category: MALICIOUS - The campaig...
Malicious code in metadata-checker (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 222755e960642163a0918eeb42baef3dedec6676e084a02742210fb83b7d99e5 Disguised as metadata checker, packages are designed to exfiltrate hardcoded or given data to an obfuscated remote target --- Category: MALICIOUS - The campaig...
CVE-2026-25023
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in mdedev Run Contests, Raffles, and Giveaways with ContestsWP contest-code-checker allows Retrieve Embedded Sensitive Data.This issue affects Run Contests, Raffles, and Giveaways with ContestsWP: from n/a...
CVE-2026-25023
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in mdedev Run Contests, Raffles, and Giveaways with ContestsWP contest-code-checker allows Retrieve Embedded Sensitive Data.This issue affects Run Contests, Raffles, and Giveaways with ContestsWP: from n/a...