1077 matches found
PT-2026-44951
Name of the Vulnerable Software and Affected Versions JetBrains TeamCity versions prior to 2026.1.1 Description A reflected Cross-Site Scripting XSS issue exists in the keyword filter. Reflected XSS occurs when an application receives data in an HTTP request and includes that data within the...
JetBrains TeamCity 跨站脚本漏洞
JetBrains TeamCity is a set of distributed build management and continuous integration tools developed by the Czech company JetBrains. This tool offers features such as continuous unit testing, code quality analysis, and reporting on build issues. Versions of JetBrains TeamCity prior to 2026.1.1...
GHSA-9RFG-V8G9-9367 Fedify has an LD-Signature Bypass via JSON-LD Named-Graph Restructuring
As told on Discord earlier, multiple projects are affected, and we would like to coordinate. For now, we are aiming at a May 6th release date, but this is not set in stone yet. Summary An attacker can make use of JSON-LD features to restructure a JSON-LD document that would change how Fedify...
CyBOKClaw: Human-In-The-Loop CyBOK Mapping for Cybersecurity Curriculum
This paper presents CyBOKClaw, an interpretable human-in-the-loop retrieval framework for mapping cybersecurity keywords or phrases KWoPs to the Cyber Security Body of Knowledge CyBOK. Rather than treating the task as strict exact classification, the framework is designed as a top-k candidate...
MAL-2026-4197 Malicious code in pretty-logger-utils (npm)
pretty-logger-utils is a malicious npm package that depends on terminal-logger-utils and triggers the malicious behavior in that package when installed or imported. The terminal-logger-utils payload executes a postinstall hook that opens utils.cjs, an obfuscated malware dropper. The dropper...
MAL-2026-4198 Malicious code in terminal-logger-utils (npm)
terminal-logger-utils is a malicious npm package that when installed executes a postinstall hook that opens utils.cjs, an obfuscated malware dropper. The dropper checks the current system, downloads a platform-specific second-stage binary from Hugging Face, and executes it. The second-stage paylo...
CVE-2026-45331
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, validateurl in backend/openwebui/retrieval/web/utils.py calls validators.ipv6ip, private=True, but the validators library does NOT implement the private keyword for IPv6 — the call...
MAL-2026-3763 Malicious code in exxpress-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dfa81f7c144d5feeea9c49254fbeec68f8271460d4a51efd5757a62b251c05f2 The package declares scripts.postinstall pointing at postinstall.js, which runs automatically on npm install. The script performs three...
CVE-2026-44195 OPNsense: Authentication lockout bypass
OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.7, a logic flaw in the OPNsense lockouthandler allows an unauthenticated attacker to continuously reset the authentication failure counter for their IP address. By interjecting a crafted username containing a success keyword...
CVE-2026-36962
SQL Injection in MuuCMF T6 v1.9.4.20260115 allows an unauthenticated attacker to compromise the entire database, achieve unauthorized administrative access, and potentially gain remote code execution by writing malicious files to the server's file system via the keyword parameter in the...
EUVD-2026-29112
SQL Injection in MuuCMF T6 v1.9.4.20260115 allows an unauthenticated attacker to compromise the entire database, achieve unauthorized administrative access, and potentially gain remote code execution by writing malicious files to the server's file system via the keyword parameter in the...
CVE-2026-36962
SQL Injection in MuuCMF T6 v1.9.4.20260115 allows an unauthenticated attacker to compromise the entire database, achieve unauthorized administrative access, and potentially gain remote code execution by writing malicious files to the server's file system via the keyword parameter in the...
MuuCmf 安全漏洞
MuuCmf is an open-source application development framework created by Dameng100. Version MuuCMF T6 1.9.4.20260115 contains a security vulnerability. This vulnerability stems from the keyword parameter in the /index/controller/Search.php endpoint, which exposes a SQL injection vulnerability. It...
CVE-2026-36962
SQL Injection in MuuCMF T6 v1.9.4.20260115 allows an unauthenticated attacker to compromise the entire database, achieve unauthorized administrative access, and potentially gain remote code execution by writing malicious files to the server's file system via the keyword parameter in the...
CyberThreat-Nlp-Intelligence-System
🛡️ CyberGuard AI — Cyber Threat Intelligence System An AI-p...
cups: Fix of CVE-2026-34980
CVE-2026-34980: filter control characters from option values in the scheduler to prevent PPD keyword injection via Print-Job...
CLSA-2026-1777541087 cups: Fix of CVE-2026-34980
CVE-2026-34980: filter control characters from option values in the scheduler to prevent PPD keyword injection via Print-Job...
CLSA-2026-1777480298 cups: Fix of CVE-2026-34980
CVE-2026-34980: filter control characters from option values in the scheduler to prevent PPD keyword injection via Print-Job...
CVE-2026-7290 JeecgBoot loadDict Endpoint SqlInjectionUtil.java SqlInjectionUtil sql injection
A vulnerability was determined in JeecgBoot up to 3.9.1. Impacted is the function SqlInjectionUtil of the file jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/SqlInjectionUtil.java of the component loadDict Endpoint. This manipulation of the argument keyword causes sql...
JeecgBoot 注入漏洞
JeecgBoot is a Java low-code platform developed by Jeecg Corporation, designed for enterprise web applications. JeecgBoot versions 3.9.1 and earlier contained an injection vulnerability. This vulnerability stemmed from the parameter keyword in the SqlInjectionUtil function of the component.loadDi...