1002 matches found
SQLi
SQL Injection: An Elite Bug Bounty Hunter's Field Manual SQL...
How the Internet Broke Everyone’s Bullshit Detectors
From AI-generated images to restricted satellite data, the systems used to verify what’s real online are struggling to keep up...
Exploit for Use After Free in Redis
CVE-2025-49844 RediShell AI-made Revshell PoC Untested comple...
Broken by Default: A Formal Verification Study of Security Vulnerabilities in AI-Generated Code
AI coding assistants are now used to generate production code in security-sensitive domains, yet the exploitability of their outputs remains unquantified. We address this gap with Broken by Default: a formal verification study of 3,500 code artifacts generated by seven frontier LLMs across 500...
CVE-2026-4946
Ghidra versions prior to 12.0.3 improperly process annotation directives embedded in automatically extracted binary data, resulting in arbitrary command execution when an analyst interacts with the UI. Specifically, the @execute annotation which is intended for trusted, user-authored comments is...
CVE-2026-4946
Ghidra up to version 12.0.2 is affected by a flaw where annotation directives embedded in automatically extracted binary data (notably the @execute directive parsed from auto-analysis comments like CFStrings in Mach‑O) are executed when an analyst clicks benign-looking UI text. This yields arbitr...
Arbitrary Code Injection
Langflow is vulnerable to Arbitrary Code Injection. The vulnerability is due to the validation process dynamically executing LLM‑generated Python code via exec, where the validation routine runs the generated code and an attacker who can influence the model output can achieve arbitrary server‑sid...
Remote Code Execution (RCE)
ruby-lsp is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsanitized interpolation of the rubyLsp.branch setting into a generated Gemfile, which allows an attacker to inject malicious code that executes when a user opens a crafted project...
PYSEC-2026-82
Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.9.0, the Agentic Assistant feature in Langflow executes LLM-generated Python code during its validation phase. Although this phase appears intended to validate generated component code, the...
BIT-PARSE-2026-33527 Parse Server: Session update endpoint allows overwriting server-generated session fields
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.57 and 9.6.0, an authenticated user can overwrite server-generated session fields such as expiresAt and createdWith when updating their own session via the REST API. This...
AVideo: IDOR in AI Plugin Allows Stealing Other Users' AI-Generated Metadata and Transcriptions
Summary The AI plugin's save.json.php endpoint loads AI response objects using an attacker-controlled $REQUEST'id' parameter without validating that the AI response belongs to the specified video. An authenticated user with AI permissions can reference any AI response ID — including those generat...
PT-2026-27948
Name of the Vulnerable Software and Affected Versions Widget Wrangler versions prior to 2.3.9 Description A code injection issue exists in Jonathan Daggerhart Widget Wrangler. The issue involves improper control of code generation. This allows for code injection. Recommendations Update Widget...
CVE-2026-33527 Parse Server: Session update endpoint allows overwriting server-generated session fields
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.57 and 9.6.0-alpha.48, an authenticated user can overwrite server-generated session fields such as expiresAt and createdWith when updating their own session via the REST...
EUVD-2026-14974
Parse Server's Session Update endpoint allows overwriting server-generated session fields...
CVE-2026-33335 Vikunja Desktop allows arbitrary local application invocation via unvalidated shell.openExternal
Vikunja is an open-source self-hosted task management platform. Starting in version 0.21.0 and prior to version 2.2.0, the Vikunja Desktop Electron wrapper passes URLs from window.open calls directly to shell.openExternal without any validation or protocol allowlisting. An attacker who can place ...
HCL AION Information Disclosure Vulnerability (CNVD-2026-15145)
HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from an information disclosure vulnerability that stems from the predictability of certain identifiers, which can be exploited by an attacker to cause the attacker to infer or guess system-generated values, triggerin...
CVE-2026-32742 Parse Server session creation endpoint allows overwriting server-generated session fields
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.17 and 8.6.42, an authenticated user can overwrite server-generated session fields sessionToken, expiresAt, createdWith when creating a session object via POST...
GHSA-5V7G-9H8F-8PGG Parse Server session creation endpoint allows overwriting server-generated session fields
Impact An authenticated user can overwrite server-generated session fields sessionToken, expiresAt, createdWith when creating a session object via POST /classes/Session. This allows bypassing the server's session expiration policy by setting an arbitrary far-future expiration date. It also allows...
HCL AION 安全漏洞
HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from an information disclosure vulnerability that stems from the predictability of certain identifiers, which can be exploited by an attacker to cause the attacker to infer or guess system-generated values, triggerin...
EUVD-2026-11338
PingPong is a platform for using large language models LLMs for teaching and learning. Prior to 7.27.2, an authenticated user may be able to retrieve or delete files outside the intended authorization scope. This issue could result in retrieval or deletion of private files, including user-uploade...