CVE-2026-25525

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to version 20.17.0, the Dataflow module in OpenMage LTS uses a weak blacklist filter...

CVE-2026-25525

OpenMage LTS (Magento Long Term Support) Dataflow module before 20.17.0 is affected by a path traversal filter bypass. The weak blacklist uses str_replace('../', '', $input), which can be bypassed with patterns like ..././ or ....//, still resulting in ../ after replacement. An authenticated admi...

CVE-2026-25525 OpenMage LTS has Path Traversal Filter Bypass in Dataflow Module

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to version 20.17.0, the Dataflow module in OpenMage LTS uses a weak blacklist filter...

PT-2026-33797

The Dataflow module in OpenMage LTS uses a weak blacklist filter str replace'../', '', $input to prevent path traversal attacks. This filter can be bypassed using patterns like ..././ or ....//, which after the replacement still result in ../. An authenticated administrator can exploit this to re...

OpenMage Magento Lts（Magento） 安全漏洞

OpenMage Magento Lts Magento is an e-commerce system developed by the OpenMage organization. Versions of OpenMage Magento Lts prior to 20.17.0 contained security vulnerabilities. These vulnerabilities stemmed from the Dataflow module’s use of a weak blacklist filter to prevent path traversal...

Agent Audit: A Security Analysis System for LLM Agent Applications

What should a developer inspect before deploying an LLM agent: the model, the tool code, the deployment configuration, or all three? In practice, many security failures in agent systems arise not from model weights alone, but from the surrounding software stack: tool functions that pass untrusted...

airflow-tools (>=0.9.0 <=0.11.0), dataflow-airflow (>=2.10.3 <=2.10.9) +2 more potentially affected by CVE-2026-28779 via apache-airflow-providers-amazon (>=9.0.0 <=9.17.0)

apache-airflow-providers-amazon PYPI version =9.0.0, =0.9.0, =2.10.3, =0.0.1rc1, =2.10.7, =2.10.11rc5 Source cves: CVE-2026-28779 Source advisory: SNYK:PYTHON-APACHEAIRFLOWPROVIDERSAMAZON-15674487...

ChainFuzzer: Greybox Fuzzing for Workflow-Level Multi-Tool Vulnerabilities in LLM Agents

Tool-augmented LLM agents increasingly rely on multi-step, multi-tool workflows to complete real tasks. This design expands the attack surface, because data produced by one tool can be persisted and later reused as input to another tool, enabling exploitable source-to-sink dataflows that only...

airflow-add-ons (>=0.2.0 <=0.2.9b2), airflow-aws-shared-secrets (>=0.0.1 <=0.0.5) +11 more potentially affected by CVE-2026-25604 via apache-airflow-providers-amazon (>=1.0.0 <=9.17.0)

apache-airflow-providers-amazon PYPI version =1.0.0, =0.2.0, =0.0.1, =0.1.0, =0.1.0, =0.1.0, =0.0.3, =0.0.4, =0.0.0, =2.10.3, =14.4.0, =0.0.1, =0.0.1rc1, =2.10.7, =2.10.11rc5 Source cves: CVE-2026-25604 Source advisory: OSV:GHSA-RV5F-CCPM-XJJ4...

Malicious code in dataflow-unified (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware eeb92e0d113a35c9340e56c29e540f04d548f6e42f05f369d8e22fb5d78dea39 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-48783 Malicious code in dataflow-unified (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware eeb92e0d113a35c9340e56c29e540f04d548f6e42f05f369d8e22fb5d78dea39 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview dataflow-unified is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

EUVD-2025-36119

Malicious code in dataflow-unified npm...

EUVD-2023-0479

Malicious code in bioql PyPI...

FuzzRDUCC: Fuzzing with Reconstructed Def-Use Chain Coverage

Binary-only fuzzing often struggles with achieving thorough code coverage and uncovering hidden vulnerabilities due to limited insight into a program's internal dataflows. Traditional grey-box fuzzers guide test case generation primarily using control flow edge coverage, which can overlook bugs n...

Side-Channel Extraction of Dataflow AI Accelerator Hardware Parameters

Dataflow neural network accelerators efficiently process AI tasks on FPGAs, with deployment simplified by ready-to-use frameworks and pre-trained models. However, this convenience makes them vulnerable to malicious actors seeking to reverse engineer valuable Intellectual Property IP through...

Dynamic Graph-Based Fingerprinting of In-Browser Cryptomining

The decentralized and unregulated nature of cryptocurrencies, combined with their monetary value, has made them a vehicle for various illicit activities. One such activity is cryptojacking, an attack that uses stolen computing resources to mine cryptocurrencies without consent for profit...

Exploit for CVE-2024-22263

CVE-2024-22263Scanner For Ethical Usage only, Any harmful or...

org.springframework.cloud.stream.app:spring-cloud-starter-stream-sink-task-launcher-dataflow (>=1.0.0.RELEASE <=1.0.2.RELEASE), org.springframework.cloud.stream.app:spring-cloud-stream-app-starters-docs (>=Einstein.RELEASE <=Einstein.SR5) +46 more potentially affected by CVE-2024-37084 via org.springframework.cloud:spring-cloud-skipper (>=1.0.0.RELEASE <=2.11.3)

org.springframework.cloud:spring-cloud-skipper MAVEN version =1.0.0.RELEASE, =1.0.0.RELEASE, =Einstein.RELEASE, =1.0.0.RELEASE, =1.0.0.RELEASE, =1.1.1.RELEASE, =1.1.1.RELEASE, =Clark.SR1, =2.11.0, =2.0.0.RELEASE, =2.0.0.RELEASE, =1.6.0.RELEASE, =2.0.0.RELEASE, =2.11.3 -...

This Week in Spring - September 26th, 2023

Hi, Spring fans! Welcome to another installment of This Week in Spring! How are you? It's September 26th, 2023, and I am in sunny Singapore for SpringOne at VMWare Explore Singapore. If you're around, don't forget to say hi! It's gonna be a fun and busy week in Singapore, and then next week I'm o...