Acronis True Image 代码问题漏洞

Acronis True Image is a renowned data backup and restoration software developed by the Swiss company Acronis. This software can be used to create drive and disk images, and to restore those images when a clean system is required. Previous versions of Acronis True Image, such as version 42902, had...

Arbitrary Code Execution.

@anthropic-ai/claude-code is vulnerable to Arbitrary code execution. The vulnerability is due to improper parsing of shell commands involving $IFS and short CLI flags, which allows an attacker to bypass read-only validation and execute arbitrary code by injecting untrusted content into the contex...

When Labels Are Scarce: A Systematic Mapping of Label-Efficient Code Vulnerability Detection

Machine-learning-based code vulnerability detection CVD has progressed rapidly, from deep program representations to pretrained code models and LLM-centered pipelines. Yet dependable vulnerability labeling remains expensive, noisy, and uneven across projects, languages, and CWE types, motivating...

VulnScout-C: A Lightweight Transformer for C Code Vulnerability Detection

Vulnerability detection in C programs is a critical challenge in software security. Although large language models LLMs achieve strong detection performance, their multi-billion-parameter scale makes them impractical for integration into development workflows requiring low latency and continuous...

LibreChat 代码问题漏洞

LibreChat is an open-source, free, and highly customizable unified AI dialogue platform. It allows for the aggregation and running of large models from any vendor within a single interface. Prior to LibreChat 0.8.3, there were code vulnerabilities. These vulnerabilities stemmed from the isPrivate...

CVE-2026-33201

Digital Photo Frame GH-WDF10A provided by GREEN HOUSE CO., LTD. contains an active debug code vulnerability. If this vulnerability is exploited, files or configurations on the affected device may be read or written, or arbitrary files may be executed with root privileges...

CVE-2026-33201

The Digital Photo Frame GH-WDF10A from GREEN HOUSE CO., LTD. contains an active debug code vulnerability. Exploitation can read/write files or configurations on the device, or arbitrarily execute files with root privileges. CVSS data from the connected CVE entry indicates high impact on confident...

Kalcaddle Kodbox 代码问题漏洞

Kalcaddle Kodbox is a private cloud storage and online collaborative office platform developed by Kalcaddle Corporation. Version 1.64 of kalcaddle Kodbox contains a code vulnerability. This vulnerability arises from an operation on the Add function in the file...

OpenEMR 代码问题漏洞

OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Versions of OpenEMR prior to 8.0.0.3 contained code...

OpenClaw code issue vulnerability (CNVD-2026-14844)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a code issue vulnerability caused by a path validation bypass flaw in the exec approval distribution list pattern on macOS. An attacker can exploit the vulnerability to execute arbitrary commands on th...

Mozilla多款产品 代码问题漏洞

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. A code issue vulnerability exists in several Mozilla products that can b...

CVE-2019-25603

TuneClone 2.20 contains a structured exception handler SEH buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious license code string. Attackers can craft a payload with a controlled buffer, NSEH jump instruction, and SEH handler address...

Notepad2 代码问题漏洞

Notepad2 is a text editor developed by Florian Balmer. Version 4.2.25 of Notepad2 has a code vulnerability caused by an unknown function in the PROPSYS.dll library, which may lead to uncontrolled search paths...

Microsoft Purview 代码问题漏洞

Microsoft Purview is a data security and management software developed by the American company Microsoft. There is a code vulnerability in Microsoft Purview, which stems from server-side request forgery. This vulnerability could allow unauthorized attackers to gain elevated privileges through the...

WordPress plugin WishList Member X 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There ar...

WordPress plugin Mobile App Editor 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

OpenClaw 代码问题漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a code issue vulnerability that can be exploited by an attacker to bypass the allow list check and execute a trojan binary...

OmniGen2 代码问题漏洞

OmniGen2 is a model for command-driven image editing, open-sourced by VectorSpaceLab. OmniGen2 has a code vulnerability that stems from insecure pickle deserialization in the reward server component, which may lead to remote code execution...

The New Era of Application Security: Reasoning-Based Agents, Runtime Reality, and Risk Intelligence

Key Takeaways AI reasoning systems improve vulnerability detection in source code, but do not address the full spectrum of application security risk. Modern application security must account for APIs, runtime environments, and externally exposed assets beyond the source repository. Continuous...

Spinnaker 代码问题漏洞

Spinnaker is an open-source continuous delivery platform developed by Spinnaker. It is used to release software changes with high speed and confidence. Spinnaker has a code vulnerability that stems from improper handling of underscores when Java URL objects are parsed, which may lead to bypassing...