DRUPAL-CONTRIB-2026-044

The Examples for Developers project aims to provide high-quality, well-documented API examples for a broad range of Drupal core functionality. The "Read from a file" feature implemented by the file\example submodule can be used to expose any file that PHP can access. Therefore, the file\example...

Examples for Developers - Moderately critical - Access bypass - SA-CONTRIB-2026-044

The Examples for Developers project aims to provide high-quality, well-documented API examples for a broad range of Drupal core functionality. The "Read from a file" feature implemented by the fileexample submodule can be used to expose any file that PHP can access. Therefore, the fileexample...

PT-2026-48592

The Examples for Developers project aims to provide high-quality, well-documented API examples for a broad range of Drupal core functionality. The "Read from a file" feature implemented by the file example submodule can be used to expose any file that PHP can access. Therefore, the file example...

Malicious code in @doaction/examples (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 361bc047872fceb7885c47404eef734b43ce8e5e7f13554e79d011be6f383339 @doaction/[email protected] declares preinstall: node scripts/postinstall.js in package.json, which requires @doaction/shared/bin/postinstall.js. The...

Malicious Package

Overview @doaction/examples is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MAL-2026-5372 Malicious code in @doaction/examples (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 361bc047872fceb7885c47404eef734b43ce8e5e7f13554e79d011be6f383339 @doaction/[email protected] declares preinstall: node scripts/postinstall.js in package.json, which requires @doaction/shared/bin/postinstall.js. The...

PraisonAI spider_tools SSRF protection bypass via alternate loopback host encodings

Summary PraisonAI's spidertools URL validation can be bypassed using alternate loopback host encodings. The affected component is: text praisonaiagents/tools/spidertools.py The tool contains a URL validation function intended to block local or unsafe targets before fetching attacker-controlled...

Exploit for CVE-2026-42945

CVE-2026-42945-NGINX-Rift bash Basic usage with target I...

org.apache.doris:flink-doris-connector-2.0 (>=26.0.0 <=26.1.1), org.apache.flink:flink-examples-table_2.12 (>=2.0.0 <=2.0.1) +6 more potentially affected by CVE-2026-35194 via org.apache.flink:flink-table-runtime (>=2.0.0 <=2.0.1)

org.apache.flink:flink-table-runtime MAVEN version =2.0.0, =26.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.1 Source cves: CVE-2026-35194 Source advisory: OSV:GHSA-2F54-V4HM-FX73...

com.drobisch:flink-connector-elasticsearch-e2e-tests-common (>=4.0.0-serde-fixes <=4.0.5-fault-tolerant), com.drobisch:flink-connector-elasticsearch6-e2e-tests (>=4.0.0-serde-fixes <=4.0.5-fault-tolerant) +25 more potentially affected by CVE-2026-35194 via org.apache.flink:flink-table-api-java (>=2.0.0 <=2.0.1)

org.apache.flink:flink-table-api-java MAVEN version =2.0.0, =4.0.0-serde-fixes, =4.0.0-serde-fixes, =4.0.0-serde-fixes, =26.0.0, =0.2.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.1 and more Source cves: CVE-2026-35194 Source advisory: OSV:GHSA-2F54-V4HM-FX73...

com.drobisch:flink-connector-elasticsearch-e2e-tests-common (>=4.0.0-serde-fixes <=4.0.5-fault-tolerant), com.drobisch:flink-connector-elasticsearch6-e2e-tests (>=4.0.0-serde-fixes <=4.0.5-fault-tolerant) +25 more potentially affected by CVE-2026-35194 via org.apache.flink:flink-table-api-java (>=2.0.0 <=2.0.1)

org.apache.flink:flink-table-api-java MAVEN version =2.0.0, =4.0.0-serde-fixes, =4.0.0-serde-fixes, =4.0.0-serde-fixes, =26.0.0, =0.2.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.1 and more Source cves: CVE-2026-35194 Source advisory: SNYK:JAVA-ORGAPACHEFLINK-16799798...

org.apache.flink:flink-examples-table_2.12 (>=2.0.0 <=2.0.1) potentially affected by CVE-2026-35194 via org.apache.flink:flink-table-planner_2.12 (>=2.0.0 <=2.0.1)

org.apache.flink:flink-table-planner2.12 MAVEN version =2.0.0, =2.0.0, =2.0.1 Source cves: CVE-2026-35194 Source advisory: OSV:GHSA-2F54-V4HM-FX73...

com.datasqrl:sqrl-discovery (>=0.9.0 <=0.10.4), com.datasqrl:sqrl-planner (>=0.9.0 <=0.10.4) +6 more potentially affected by CVE-2026-35194 via org.apache.flink:flink-table-planner_2.12 (=2.2.0)

org.apache.flink:flink-table-planner2.12 MAVEN version =2.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.flink:flink-table-planner2.12 and may be impacted: - com.datasqrl:sqrl-discovery =0.9.0, =0.9.0, =0.9.0, =0.2.0, =0.2.0, =0.2.0,...

acegisecurity:acegi-security-catalina (>=0.7.0 <=0.9.0), ch.qos.logback:logback-access (=${parent.version}) +40 more potentially affected by CVE-2026-43515 via tomcat:catalina (>=4.0.6 <=5.5.9)

tomcat:catalina MAVEN version =4.0.6, =0.7.0, =0.6, =3.2.10-1-SP3seam2hibernate5, =1.5, =1.0, =1.0, =1.0.0, =4.7.1, =4.7.2 - org.apache.geronimo.assemblies:geronimo-tomcat-minimal =1.2-beta - org.apache.geronimo.configs:ca-helper-tomcat =1.2-beta - org.apache.geronimo.configs:dojo-tomcat =1.2-bet...

Information Theoretic Adversarial Training of Large Language Models

Large language models LLMs remain vulnerable to adversarial prompting despite advances in alignment and safety, often exhibiting harmful behaviors under novel attack strategies. While adversarial training can improve robustness, existing approaches are computationally expensive and difficult to...

Exploit for Missing Authentication for Critical Function in Cpanel

POCCVE-2026-41940 Quick start bash python3 pocCVE-202...

com.okta.spring.examples:okta-spring-boot-hosted-code-flow-example (=3.0.7), com.okta.spring.examples:okta-spring-boot-redirect-code-flow-example (=3.0.7) +21 more potentially affected by CVE-2026-40972 via org.springframework.boot:spring-boot-devtools (>=3.3.0 <=3.3.1)

org.springframework.boot:spring-boot-devtools MAVEN version =3.3.0, =1.6.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.1 - org.bremersee:common-exception-spring-boot-autoconfigure =1.1.0 - org.bremersee:common-exception-spring-boot-web-starter =1.1.0 -...

ai.h2o:sparkling-water-core_2.11 (>=3.46.0.1-1-2.3 <=3.46.0.6-1-2.4), ai.h2o:sparkling-water-core_2.12 (>=3.46.0.1-1-3.0 <=3.46.0.6-1-3.5) +761 more potentially affected by CVE-2026-41409 via org.apache.mina:mina-core (>=2.2.0 <=2.2.5)

org.apache.mina:mina-core MAVEN version =2.2.0, =3.46.0.1-1-2.3, =3.46.0.1-1-3.0, =3.46.0.1-1-2.3, =3.46.0.1-1-3.0, =3.46.0.1-1-2.3, =3.46.0.1-1-3.0, =3.46.0.1-1-2.3, =3.46.0.1-1-3.0, =1.5.4.RELEASE, =0.0.2, =3.0.0, =1.0.9, =1.6.9, =1.2.5, =1.1.7, =1.2.8 and more Source cves: CVE-2026-41409 Sourc...

MINE-CYBERSECURITY-PROJECT-1

MINE-CYBERSECURITY-PROJECTS This repository contains advanced...

EUVD-2026-18825

prompts.chat prior to commit 7b81836 contains multiple authorization bypass vulnerabilities due to missing isPrivate checks across API endpoints and page metadata generation that allow unauthorized users to access sensitive data associated with private prompts. Attackers can exploit these missing...