320199 matches found
Exploit for Use After Free in Linux Linux_Kernel
CVE-2026-43499 — Galaxy S25 Ultra Port This repository contai...
DEBIAN-CVE-2026-61862
ImageMagick before 7.1.2-26 and 6.9.13-51 contains an information disclosure vulnerability: when a profile is displayed with the identify command and the profile value is not printable, a single byte at the end of the profile can be printed read past the profile boundary. This behavior occurs whe...
POC-RCE-LPE
POC — RCE - LPE to SYSTEM - Local Posture Takeover Cibl...
Unpacking the AsyncAPI npm supply chain compromise and import-time payload delivery
In this article 1. Attack chain overview 2. How the attack started: GitHub Actions pwn request 3. Mitigation and protection guidance 4. Learn more On July 14, 2026, Microsoft Threat Intelligence identified a coordinated supply chain compromise of the @asyncapi npm organization, a widely used set ...
EUVD-2026-44846
LiteLLM 1.18.10 contains a remote code execution vulnerability in its MCP server creation functionality. The application allows users to add MCP servers via a JSON configuration specifying arbitrary command and args values. LiteLLM executes these values on the host without validation, enabling...
EUVD-2026-44845
xszyou Fay 4.3.1 contains a remote code execution vulnerability in its MCP STDIO server management and command execution handling. A remote attacker can access the publicly exposed MCP management interface and configure an MCP STDIO server with attacker-controlled commands and parameters, resulti...
GHSA-PR64-JMMF-JP54 ToolHive: SSRF in remote MCP server authentication discovery (host-side, bypasses container isolation)
Security Advisory: SSRF in remote MCP server authentication discovery Severity: High. CWE: CWE-918. Affected: ToolHive through the latest release v0.29.3 and current main HEAD b672d82f, 2026-06-12; re-verified 2026-06-14. FetchResourceMetadata and the discovery clients remain unguarded; no commit...
ToolHive: SSRF in remote MCP server authentication discovery (host-side, bypasses container isolation)
Security Advisory: SSRF in remote MCP server authentication discovery Severity: High. CWE: CWE-918. Affected: ToolHive through the latest release v0.29.3 and current main HEAD b672d82f, 2026-06-12; re-verified 2026-06-14. FetchResourceMetadata and the discovery clients remain unguarded; no commit...
GHSA-6F5R-5672-72J7 @andrea9293/mcp-documentation-server: Web UI API binds to all interfaces without authentication by default
Summary @andrea9293/mcp-documentation-server v1.13.0 documents that a Web UI starts automatically on port 3080. However, the Web UI/API appears to bind to all network interfaces by default :3080 / 0.0.0.0:3080 instead of localhost-only, and its document-management API endpoints do not require...
@andrea9293/mcp-documentation-server: Web UI API binds to all interfaces without authentication by default
Summary @andrea9293/mcp-documentation-server v1.13.0 documents that a Web UI starts automatically on port 3080. However, the Web UI/API appears to bind to all network interfaces by default :3080 / 0.0.0.0:3080 instead of localhost-only, and its document-management API endpoints do not require...
NPM: systeminformation: OS command injection in networkInterfaces() via interfaces(5) source-directive path on Linux
NPM: systeminformation: OS command injection in networkInterfaces via interfaces5 source-directive path on Linux vulnerability discovered by ? in WordPress Npm systeminformation versions = 5.31.6...
GHSA-5XPP-75JX-M839 systeminformation: OS command injection in networkInterfaces() via interfaces(5) source-directive path on Linux
Summary On Linux, systeminformation's networkInterfaces is vulnerable to OS command injection through the Debian/Ubuntu interfaces5 source directive. While collecting per-interface DHCP state, the library reads /etc/network/interfaces and, for every source line it encounters, extracts the path...
systeminformation: OS command injection in networkInterfaces() via interfaces(5) source-directive path on Linux
Summary On Linux, systeminformation's networkInterfaces is vulnerable to OS command injection through the Debian/Ubuntu interfaces5 source directive. While collecting per-interface DHCP state, the library reads /etc/network/interfaces and, for every source line it encounters, extracts the path...
GHSA-GGW3-5987-RX77 Pomerium Pre-Auth Memory Exhaustion via Unbounded zstd Decompression in HPKE Callback
Summary The HPKE V2 URL decode path in pkg/hpke/url.go decompresses attacker-controlled zstd data without any size limit. On Pomerium deployments using the stateless authentication flow Pomerium Zero / hosted authenticate, the proxy's /.pomerium/callback endpoint is reachable without credentials...
Pomerium Pre-Auth Memory Exhaustion via Unbounded zstd Decompression in HPKE Callback
Summary The HPKE V2 URL decode path in pkg/hpke/url.go decompresses attacker-controlled zstd data without any size limit. On Pomerium deployments using the stateless authentication flow Pomerium Zero / hosted authenticate, the proxy's /.pomerium/callback endpoint is reachable without credentials...
django-haystack: Remote Code Execution via `eval()` in Elasticsearch Result Deserialization
Remote Code Execution via eval in Elasticsearch Result Deserialization Summary The Elasticsearch backend in django-haystack calls eval on raw field values returned from Elasticsearch when a SearchField is declared with an indexfieldname alias that differs from the logical field name. During resul...
GHSA-R3HX-X5RH-P9VV django-haystack: Remote Code Execution via `eval()` in Elasticsearch Result Deserialization
Remote Code Execution via eval in Elasticsearch Result Deserialization Summary The Elasticsearch backend in django-haystack calls eval on raw field values returned from Elasticsearch when a SearchField is declared with an indexfieldname alias that differs from the logical field name. During resul...
CVE-2026-55576
MaaAssistantArknights is a one-click tool for daily Arknights tasks. In the current dev-v2 workflow, .github/workflows/release-preparation.yml inlined attacker-controlled github.event.pullrequest.title into a run: shell command during the pullrequest opened, reopened, and readyforreview events, s...
CVE-2026-52891
Wekan is open source kanban built with Meteor. Prior to 9.07, Wekan avatar upload functionality embeds user-supplied filenames into paths later passed to childprocess.exec for MIME-type detection. Because models/avatars.js and models/fileValidation.js used a shell command with the avatar filename...
CVE-2026-30618
xszyou Fay 4.3.1 contains a remote code execution vulnerability in its MCP STDIO server management and command execution handling. A remote attacker can access the publicly exposed MCP management interface and configure an MCP STDIO server with attacker-controlled commands and parameters, resulti...