21274 matches found
PT-2026-35203
A security vulnerability has been detected in SmythOS sre up to 0.0.15. Affected is the function AgentRuntime of the file packages/core/src/subsystems/AgentManager/AgentRuntime.class.ts of the component HTTP Header Handler. Such manipulation of the argument X-DEBUG-RUN/X-DEBUG-INJ leads to improp...
SmythOS 授权问题漏洞
SmythOS is an open-source infrastructure for the execution and development of AI agents. Versions of SmythOS 0.0.15 and earlier contained vulnerabilities related to authorization. These vulnerabilities stemmed from the handling of X-DEBUG-RUN/X-DEBUG-INJ parameters in the AgentRuntime function...
EUVD-2026-25677
A vulnerability was determined in KLiK SocialMediaWebsite up to 1.0.1. This vulnerability affects unknown code of the file /includes/getmessageajax.php of the component Private Message Handler. Executing a manipulation of the argument cid can lead to sql injection. It is possible to launch the...
CVE-2026-7002 KLiK SocialMediaWebsite Private Message get_message_ajax.php sql injection
A vulnerability was determined in KLiK SocialMediaWebsite up to 1.0.1. This vulnerability affects unknown code of the file /includes/getmessageajax.php of the component Private Message Handler. Executing a manipulation of the argument cid can lead to sql injection. It is possible to launch the...
CVE-2026-7002 KLiK SocialMediaWebsite Private Message get_message_ajax.php sql injection
A vulnerability was determined in KLiK SocialMediaWebsite up to 1.0.1. This vulnerability affects unknown code of the file /includes/getmessageajax.php of the component Private Message Handler. Executing a manipulation of the argument cid can lead to sql injection. It is possible to launch the...
CVE-2026-7002
A vulnerability was determined in KLiK SocialMediaWebsite up to 1.0.1. This vulnerability affects unknown code of the file /includes/getmessageajax.php of the component Private Message Handler. Executing a manipulation of the argument cid can lead to sql injection. It is possible to launch the...
CVE-2026-7002
CVE-2026-7002 affects KLiK SocialMediaWebsite (versions up to 1.0.1). The vulnerability exists in /includes/get_message_ajax.php within the Private Message Handler; manipulating the c_id argument permits SQL injection, exploitable remotely over a network. CVSS data indicate high severity (3.1: sc...
CVE-2026-6994
A weakness has been identified in Envoy up to 1.33.0. Affected is the function params.add of the file source/extensions/filters/http/headermutation/headermutation.cc of the component Query Parameter Handler. This manipulation causes injection. Remote exploitation of the attack is possible. Patch...
CVE-2026-6994 Envoy Query Parameter header_mutation.cc params.add injection
A weakness has been identified in Envoy up to 1.33.0. Affected is the function params.add of the file source/extensions/filters/http/headermutation/headermutation.cc of the component Query Parameter Handler. This manipulation causes injection. Remote exploitation of the attack is possible. Patch...
CVE-2026-6994 Envoy Query Parameter header_mutation.cc params.add injection
A weakness has been identified in Envoy up to 1.33.0. Affected is the function params.add of the file source/extensions/filters/http/headermutation/headermutation.cc of the component Query Parameter Handler. This manipulation causes injection. Remote exploitation of the attack is possible. Patch...
EUVD-2026-25670
A weakness has been identified in Envoy up to 1.33.0. Affected is the function params.add of the file source/extensions/filters/http/headermutation/headermutation.cc of the component Query Parameter Handler. This manipulation causes injection. Remote exploitation of the attack is possible. Patch...
HTTP Request Smuggling
Overview Affected versions of this package are vulnerable to HTTP Request Smuggling via the NewServer function in the HTTP server, specifically within the http.DefaultServeMux Fallback Handler. An attacker can access sensitive information by sending crafted HTTP requests that trigger the unintend...
CVE-2026-6993 go-kratos http.DefaultServeMux Fallback server.go NewServer confused deputy
A security flaw has been discovered in go-kratos kratos up to 2.9.2. This impacts the function NewServer of the file transport/http/server.go of the component http.DefaultServeMux Fallback Handler. The manipulation results in unintended intermediary. The attack may be launched remotely. The explo...
CVE-2026-6993
CVE-2026-6993 affects go-kratos kratos up to 2.9.2. It concerns the function NewServer in transport/http/server.go’s http.DefaultServeMux Fallback Handler, where manipulation can yield an unintended intermediary and may be exploitable remotely. Public exploit exists. A patch is identified as 0284...
EUVD-2026-25669
A security flaw has been discovered in go-kratos kratos up to 2.9.2. This impacts the function NewServer of the file transport/http/server.go of the component http.DefaultServeMux Fallback Handler. The manipulation results in unintended intermediary. The attack may be launched remotely. The explo...
CVE-2026-6993 go-kratos http.DefaultServeMux Fallback server.go NewServer confused deputy
A security flaw has been discovered in go-kratos kratos up to 2.9.2. This impacts the function NewServer of the file transport/http/server.go of the component http.DefaultServeMux Fallback Handler. The manipulation results in unintended intermediary. The attack may be launched remotely. The explo...
CVE-2026-6992
A vulnerability was identified in Linksys MR9600 2.0.6.206937. This affects the function BTRequestGetSmartConnectStatus of the file /etc/init.d/runcentral2.sh of the component JNAP Action Handler. The manipulation of the argument pin leads to os command injection. The attack may be initiated...
CVE-2026-6992 Linksys MR9600 JNAP Action run_central2.sh BTRequestGetSmartConnectStatus os command injection
A vulnerability was identified in Linksys MR9600 2.0.6.206937. This affects the function BTRequestGetSmartConnectStatus of the file /etc/init.d/runcentral2.sh of the component JNAP Action Handler. The manipulation of the argument pin leads to os command injection. The attack may be initiated...
CVE-2026-6992
A vulnerability was identified in Linksys MR9600 2.0.6.206937. This affects the function BTRequestGetSmartConnectStatus of the file /etc/init.d/runcentral2.sh of the component JNAP Action Handler. The manipulation of the argument pin leads to os command injection. The attack may be initiated...
EUVD-2026-25667
A vulnerability was determined in colinhacks Zod up to 4.3.6. The impacted element is an unknown function of the file packages/zod/src/v4/core/regexes.ts of the component CUID Data Type Handler. Executing a manipulation can lead to sql injection. The attack can be launched remotely. The exploit h...