4 matches found
CVE-2026-4399
The CVE-2026-4399 entry describes a prompt injection vulnerability in the 1millionbot Millie chatbot. The issue arises when a user bypasses chat restrictions via Boolean prompt injection, causing the model to execute an injected instruction after an affirmative ('true') response. Consequences sta...
CVE-2025-55165 Autocaliweb Exposure of Sensitive Information to an Unauthorized Actor in `config_sql.py`
Autocaliweb is a web app that offers an interface for browsing, reading, and downloading eBooks using a valid Calibre database. Prior to version 0.8.3, the debug pack generated by Autocaliweb can expose sensitive configuration data, including API keys. This occurs because the todict method, used ...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the charms HTTP API endpoint when handling uploaded ZIP files. An attacker can overwrite arbitrary files on the server by uploading a specially crafted ZIP archive containing directory traversal sequences,...
MAL-2023-8167 Malicious code in @spgy/eslint-plugin-spgy-fe (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0f153ed03ad775543b9a2c5ba45f744fdb6dc3bdd3de7734a273488881a1353a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...