229 matches found
Symfony: HtmlSanitizer UrlAttributeSanitizer Misses URL Attributes
Description Symfony\Component\HtmlSanitizer\Visitor\AttributeSanitizer\UrlAttributeSanitizer::getSupportedAttributes enumerates the attribute names whose values are scrubbed through UrlSanitizer::sanitize scheme and host allow-lists, javascript: rejection, BiDi check, etc.. The list is 'src',...
CodeQL 2.25.6
Discover vulnerabilities across a codebase with CodeQL, an industry-leading semantic code analysis engine. CodeQL lets you query code as though it were data. Write a query to find all variants of a vulnerability, eradicating it forever. Then share your query to help others do the same...
CVE-2025-70099
A NULL pointer dereference in the ext4direngetnamelen function in include/ext4dir.h of lwext4 1.0.0 allows attackers to cause a denial of service by supplying a specially crafted EXT4 filesystem image with malformed directory entries. During directory iteration, the code may fail to validate the...
PT-2026-45548
A NULL pointer dereference in the ext4 dir en get name len function in include/ext4 dir.h of lwext4 1.0.0 allows attackers to cause a denial of service by supplying a specially crafted EXT4 filesystem image with malformed directory entries. During directory iteration, the code may fail to validat...
CodeQL 2.25.5
Discover vulnerabilities across a codebase with CodeQL, an industry-leading semantic code analysis engine. CodeQL lets you query code as though it were data. Write a query to find all variants of a vulnerability, eradicating it forever. Then share your query to help others do the same...
CodeQL 2.25.4
Discover vulnerabilities across a codebase with CodeQL, an industry-leading semantic code analysis engine. CodeQL lets you query code as though it were data. Write a query to find all variants of a vulnerability, eradicating it forever. Then share your query to help others do the same...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: can: j1939: prevents deadlock by changing j1939sockslock to rwlock. The following 3 locks may race against each other, causing a deadlock situation in the Syzbot bug report: - j1939sockslock - activesessionlistlock -...
CodeQL 2.25.3
Discover vulnerabilities across a codebase with CodeQL, an industry-leading semantic code analysis engine. CodeQL lets you query code as though it were data. Write a query to find all variants of a vulnerability, eradicating it forever. Then share your query to help others do the same...
Securing AI Applications From Inception to Deployment
Extending the Wiz AI APP into the code layer to detect AI-specific risks at inception, validate exploitability at runtime, and orchestrate remediation with agents that understand your codebase...
Exploit for CVE-2011-3556
Vulnerability Assessment: Java RMI Server Remote Code Executio...
CVE-2026-5023
A vulnerability has been found in DeDeveloper23 codebase-mcp up to 3ec749d237dd8eabbeef48657cf917275792fde6. This vulnerability affects the function getCodebase/getRemoteCodebase/saveCodebase of the file src/tools/codebase.ts of the component RepoMix Command Handler. Such manipulation leads to os...
EUVD-2026-16966
A vulnerability has been found in DeDeveloper23 codebase-mcp up to 3ec749d237dd8eabbeef48657cf917275792fde6. This vulnerability affects the function getCodebase/getRemoteCodebase/saveCodebase of the file src/tools/codebase.ts of the component RepoMix Command Handler. Such manipulation leads to os...
CVE-2026-5023
A vulnerability has been found in DeDeveloper23 codebase-mcp up to 3ec749d237dd8eabbeef48657cf917275792fde6. This vulnerability affects the function getCodebase/getRemoteCodebase/saveCodebase of the file src/tools/codebase.ts of the component RepoMix Command Handler. Such manipulation leads to os...
CVE-2026-5023 DeDeveloper23 codebase-mcp RepoMix codebase.ts saveCodebase os command injection
A vulnerability has been found in DeDeveloper23 codebase-mcp up to 3ec749d237dd8eabbeef48657cf917275792fde6. This vulnerability affects the function getCodebase/getRemoteCodebase/saveCodebase of the file src/tools/codebase.ts of the component RepoMix Command Handler. Such manipulation leads to os...
CVE-2026-5023
A vulnerability has been found in DeDeveloper23 codebase-mcp up to 3ec749d237dd8eabbeef48657cf917275792fde6. This vulnerability affects the function getCodebase/getRemoteCodebase/saveCodebase of the file src/tools/codebase.ts of the component RepoMix Command Handler. Such manipulation leads to os...
CVE-2026-5023 DeDeveloper23 codebase-mcp RepoMix codebase.ts saveCodebase os command injection
A vulnerability has been found in DeDeveloper23 codebase-mcp up to 3ec749d237dd8eabbeef48657cf917275792fde6. This vulnerability affects the function getCodebase/getRemoteCodebase/saveCodebase of the file src/tools/codebase.ts of the component RepoMix Command Handler. Such manipulation leads to os...
CVE-2026-5023
CVE-2026-5023 affects the DeDeveloper23 codebase-mcp, specifically the RepoMix Command Handler’s file src/tools/codebase.ts, with functions getCodebase, getRemoteCodebase, and saveCodebase. The underlying issue is a manipulation that enables OS command injection from local access. The description...
Codebase MCP 操作系统命令注入漏洞
Codebase MCP is a code library retrieval and analysis tool developed by DeDeveloper23. Codebase MCP has a vulnerability related to operating system command injection. This vulnerability stems from a function in the Component RepoMix Command Handler called getCodebase/getRemoteCodebase/saveCodebas...
PT-2026-28737
Name of the Vulnerable Software and Affected Versions DeDeveloper23 codebase-mcp up to 3ec749d237dd8eabbeef48657cf917275792fde6 Description A flaw exists in the getCodebase/getRemoteCodebase/saveCodebase functions within the src/tools/codebase.ts file of the RepoMix Command Handler component. Thi...
iccDEV 缓冲区错误漏洞
iccDEV is a color configuration code base. A buffer overflow vulnerability exists in iccDEV that can be exploited by an attacker to cause a memory leak or crash...