4 matches found
CVE-2026-40154
PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI treats remotely fetched template files as trusted executable code without integrity verification, origin validation, or user confirmation, enabling supply chain attacks through malicious templates. This vulnerability is fixed in...
EUVD-2025-198965
The update mechanism in Xtooltech Xtool AnyScan Android Application 4.40.40 and prior is insecure. The application downloads and extracts update packages containing executable code without performing a cryptographic integrity or authenticity check on their contents. An attacker who can control th...
PT-2025-41535
Name of the Vulnerable Software and Affected Versions HCL MyXalytics version 6.6 Description The software contains a flaw related to the inclusion of functionality from an untrusted control sphere. Specifically, the application allows loading third-party scripts without proper integrity checks or...
The vulnerability of the Smart Tunnel component of the microprogramming software for Cisco Adaptive Security Appliance allows a attacker to load a malicious executable file.
The vulnerability of the Smart Tunnel component of the Cisco Adaptive Security Appliance microprogramming firewall software is related to the lack of checks for the integrity of system files. Exploiting this vulnerability could allow a attacker to load a malicious executable file...