15 matches found
PT-2026-46157
Incoming VPN network profile settings fail to process special characters safely, enabling command injection via malicious config files...
Craft CMS 安全漏洞
Craft CMS is an open-source content management system developed by Craft CMS. Versions of Craft CMS from 4.0.0 to 4.17.12 and 5.9.18 contained security vulnerabilities. These vulnerabilities stemmed from input handling defects in the Yii object creation path, which could allow any authenticated...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.23 contained security vulnerabilities. These vulnerabilities stemmed from improper access control in the gateway tools config.apply and config.patch, allowing compromised models...
Nginx UI 安全漏洞
Nginx UI is a web interface for Nginx developed by Jacky. Versions of Nginx UI prior to 2.3.4 contained security vulnerabilities. These vulnerabilities stemmed from the backup and restoration mechanism, which allowed attackers to tamper with encrypted backup archives and inject malicious...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization in the host transfer API due to missing authorization checks on the source team. An attacker can gain unauthorized control over hosts belonging to other teams by initiating a transfer, resulting in the ability to...
EUVD-2026-2096
Renovate vulnerable to arbitrary command injection via npm manager and malicious Renovate configuration...
Cursor 操作系统命令注入漏洞
Cursor is an AI code editor from Cursor open source. An operating system command injection vulnerability exists in versions prior to Cursor 2025.09.17-25b418f, which stems from an MCP server mechanism that allows the upload of malicious MCP configurations, which could lead to remote code executio...
EUVD-2025-27248
Malicious code in bioql PyPI...
CVE-2025-7350
A security issue affecting multiple Cisco devices also directly impacts Stratix® 5410, 5700, and 8000 devices. This can lead to remote code execution by uploading and running malicious configurations without authentication...
CVE-2025-27818
A flaw was found in apache-kafka. This issue occurs due to improper handling of configuration data when using a Kafka client SASL JAAS, allowing an attacker with access to alterConfig for a cluster resource or Kafka Connect worker to inject arbitrary configuration. This injection can lead to the...
A Rusty Link in the AI Supply Chain: Detecting Evil Configurations in Model Repositories
Recent advancements in large language models LLMs have spurred the development of diverse AI applications from code generation and video editing to text generation; however, AI supply chains such as Hugging Face, which host pretrained models and their associated configuration files contributed by...
Rockwell Automation FactoryTalk Services Platform 授权问题漏洞
Rockwell Automation FactoryTalk Services Platform is a suite of services platforms from Rockwell Automation, Inc. that consists of multiple products that provide applications with routine services such as diagnostic information, health monitoring, and real-time data access. A security vulnerabili...
Quality Open Software logback remote code execution vulnerability
Quality Open Software logback is a logging framework for Java applications from Quality Open Software of Switzerland. quality Open Software logback in versions 1.2.7 and earlier is vulnerable to remote code execution, which stems from a failure to effectively filter user input. The vulnerability...
Quality Open Software Logback 代码问题漏洞
Quality Open Software logback is a logging framework for Java applications from Quality Open Software of Switzerland. quality Open Software logback in versions 1.2.7 and earlier is vulnerable to remote code execution, which stems from a failure to effectively filter user input. The vulnerability...
The vulnerability of the PowerOn Auto Provisioning (POAP) mechanism in the network operating system of Cisco NX-OS switches allows a perpetrator to gain access to other devices.
The vulnerability of the PowerOn Auto Provisioning POAP mechanism in the network operating system of Cisco NX-OS switches involves errors during the automated device deployment process. Exploiting this vulnerability allows a malicious actor to download and execute malicious configuration scenario...