Apache Calcite 安全漏洞

Apache Calcite is an open-source framework developed by the Apache Foundation in the United States, used for building database and data management systems. Versions of Apache Calcite from 1.5.0 to 1.42 contained security vulnerabilities. These vulnerabilities stemmed from the use of external...

CVE-2026-6811 PHP Stack Exhaustion

Stack exhaustion vulnerability in the MongoDB PHP driver can cause application crashes when processing deeply nested BSON documents in unusual circumstances when the source of these BSON documents is not MongoDB Server...

ACIArena: Toward Unified Evaluation for Agent Cascading Injection

Collaboration and information sharing empower Multi-Agent Systems MAS but also introduce a critical security risk known as Agent Cascading Injection ACI. In such attacks, a compromised agent exploits inter-agent trust to propagate malicious instructions, causing cascading failures across the...

Running OpenClaw safely: identity, isolation, and runtime risk

Self-hosted agent runtimes like OpenClaw are showing up fast in enterprise pilots, and they introduce a blunt reality: OpenClaw includes limited built-in security controls. The runtime can ingest untrusted text, download and execute skills i.e. code from external sources, and perform actions usin...

MCP-SandboxScan: WASM-Based Secure Execution and Runtime Analysis for MCP Tools

Tool-augmented LLM agents raise new security risks: tool executions can introduce runtime-only behaviors, including prompt injection and unintended exposure of external inputs e.g., environment secrets or local files. While existing scanners often focus on static artifacts, analyzing runtime...

CMSimple 跨站脚本漏洞

CMSimple is a free content management system. CMSimple suffers from a cross-site scripting vulnerability that stems from the Filebrowser external input field not properly filtering or encoding user-supplied content for output. An attacker can exploit the vulnerability by constructing malicious...

EUVD-2020-6467

Malware in sbrugna...

WordPress Traveler plugin SQL Injection Vulnerability

WordPress Traveler plugin is a WordPress plugin designed for the travel industry , mainly used to create travel and trekking websites, support online booking system, itinerary management and other features. WordPress Traveler plugin suffers from a SQL injection vulnerability that stems from the...

CVE-2024-30712

CVE-2024-30712 entry is rejected/not used; this ID does not represent an active vulnerability.

The vulnerabilities of Mitsubishi Electric’s software products, including EZSocket, FR Configurator2, GT Designer3 Version1(GOT1000), GT Designer3 Version1(GOT2000), GX Works2, GX Works3, MELSOFT Navigator, MT Works2, MX Component, and MX OPC Server DA/UA (software included with MC Works64), are related to the use of external control inputs for class selection. This allows a malicious individual to execute arbitrary code.

The vulnerabilities of Mitsubishi Electric’s software products, including EZSocket, FR Configurator2, GT Designer3 Version1GOT1000, GT Designer3 Version1GOT2000, GX Works2, GX Works3, MELSOFT Navigator, MT Works2, MX Component, and MX OPC Server DA/UA software included with MC Works64, are relate...

PT-2022-26930 · WordPress · Wordpress Popular Posts

Name of the Vulnerable Software and Affected Versions: WordPress Popular Posts versions 6.0.5 and earlier Description: The issue allows external initialization of trusted variables or data stores, enabling the acceptance of untrusted external inputs to update internal variables. This can lead to...

PingCAP TiDB 格式化字符串错误漏洞

PingCAP TiDB is an open source, cloud-native, distributed, MySQL-compatible database for elastic scaling and real-time analytics from China-based PingCAP. A formatting string error vulnerability exists in PingCAP TiDB versions prior to 6.1.3 through 6.4.0, which stems from its use of externally...

Victor CMS SQL注入漏洞

Victor CMS is an open source content management system from the individual developers of Victor Alagwu in Nigeria.A security vulnerability exists in Victor CMS, which stems from the lack of validation of externally entered SQL statements in the database-based application. An attacker could exploi...

Unisoon UltraLog Express SQL Injection Vulnerability

Unisoon UltraLog Express is a telephone recording system from Unisoon, Taiwan, China. A SQL injection vulnerability exists in the administration interface in Unisoon UltraLog Express. The vulnerability stems from the lack of validation of externally entered SQL statements in database-based...

Participants Database Temporal SQL Injection Vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in the WordPress Participants Database plugin prior to version 1.9.5.5. T...