PT-2026-45092

A vulnerability was identified in Open5GS up to 2.7.7. This affects an unknown part in the library lib/sbi/nnrf-handler.c of the component Shared NF-profile Parser. Such manipulation leads to denial of service. The attack can be launched remotely. The exploit is publicly available and might be...

CVE-2026-4957 OpenBMB XAgent API Key function_handler.py FunctionHandler.handle_tool_call log file

A flaw has been found in OpenBMB XAgent 1.0.0. The impacted element is the function FunctionHandler.handletoolcall of the file XAgent/functionhandler.py of the component API Key Handler. This manipulation of the argument apikey causes sensitive information in log files. The attack may be initiate...

CVE-2026-4957 OpenBMB XAgent API Key function_handler.py FunctionHandler.handle_tool_call log file

A flaw has been found in OpenBMB XAgent 1.0.0. The impacted element is the function FunctionHandler.handletoolcall of the file XAgent/functionhandler.py of the component API Key Handler. This manipulation of the argument apikey causes sensitive information in log files. The attack may be initiate...

PT-2026-28683

A flaw has been found in OpenBMB XAgent 1.0.0. The impacted element is the function FunctionHandler.handle tool call of the file XAgent/function handler.py of the component API Key Handler. This manipulation of the argument api key causes sensitive information in log files. The attack may be...

XAgent 日志信息泄露漏洞

XAgent is an open-source, experimental large language model-driven autonomous agent developed by OpenBMB. Version XAgent 1.0.0 contains a vulnerability related to log information leakage, which stems from incorrect handling of the parameter apikey in the file XAgent/functionhandler.py. This could...

CVE-2025-68387

Improper neutralization of input during web page generation 'Cross-site Scripting' CWE-79 allows an unauthenticated user to embed a malicious script in content that will be served to web browsers causing cross-site scripting XSS CAPEC-63 via a vulnerability a function handler in the Vega AST...

CVE-2025-68387

CVE-2025-68387 corresponds to Kibana, where an unauthenticated user can exploit an XSS flaw caused by improper input neutralization during web page generation in a function handler of the Vega AST evaluator . Several feeds (NVD, Red Hat, OSV, BIT-KIBANA, SNYK) describe the issue consistently and ...

CVE-2023-29805

WFS-SR03 v1.0.3 was discovered to contain a command injection vulnerability via the prostorcanceltranshandlerpart19 function...

Design/Logic Flaw

G DATA InternetSecurity 2007 does not properly validate certain parameters to System Service Descriptor Table SSDT function handlers, which allows local users to cause a denial of service crash and possibly gain privileges via the 1 NtCreateKey and 2 NtOpenProcess kernel SSDT hooks...