Lucene search
K

846 matches found

Github Security Blog
Github Security Blog
added 2026/04/20 12:30 a.m.10 views

RAGAS has SSRF via Multi-Modal Faithfulness Collections Module

A security flaw has been discovered in vibrantlabsai RAGAS up to 0.4.3. The affected element is the function tryprocesslocalfile/tryprocessurl of the file src/ragas/metrics/collections/multimodalfaithfulness/util.py of the component Collections Module. Performing a manipulation of the argument...

8.1CVSS5.4AI score0.00534EPSS
Exploits1References6Affected Software1
CVE
CVE
added 2026/04/20 12:0 a.m.49 views

CVE-2026-6587

CVE-2026-6587 affects vibrantlabsai RAGAS

8.1CVSS6.1AI score0.00277EPSS
Exploits0References7
OSV
OSV
added 2026/04/15 7:24 p.m.18 views

DRUPAL-CORE-2026-001

Drupal core's jQuery integration for AJAX modal dialog boxes does not sufficiently sanitize certain options, which can lead to a cross-site scripting XSS vulnerability...

6.1CVSS4.9AI score0.00238EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/15 12:0 a.m.4 views

PT-2026-33240

Name of the Vulnerable Software and Affected Versions Drupal versions prior to 10.5.9 Drupal versions prior to 10.6.7 Drupal versions prior to 11.2.11 Drupal versions prior to 11.3.7 Description Drupal core's jQuery integration for AJAX modal dialog boxes does not sufficiently sanitize certain...

6.1CVSS5.6AI score0.00238EPSS
Exploits0References5
Drupal
Drupal
added 2026/04/15 12:0 a.m.19 views

Drupal core - Critical - Cross-site scripting - SA-CORE-2026-001

Drupal core's jQuery integration for AJAX modal dialog boxes does not sufficiently sanitize certain options, which can lead to a cross-site scripting XSS vulnerability...

6.1CVSS4.9AI score0.00238EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/04/10 1:22 a.m.4 views

CVE-2026-39416

AIL framework is an open-source platform to collect, crawl, process and analyse unstructured data. Prior to 6.8, a stored cross-site scripting XSS vulnerability was identified in the modal item preview functionality. When item content longer than 800 characters was processed, attacker-controlled...

8.5CVSS6.1AI score0.00219EPSS
Exploits0References1
NVD
NVD
added 2026/04/08 9:16 p.m.5 views

CVE-2026-39416

AIL framework is an open-source platform to collect, crawl, process and analyse unstructured data. Prior to 6.8, a stored cross-site scripting XSS vulnerability was identified in the modal item preview functionality. When item content longer than 800 characters was processed, attacker-controlled...

8.5CVSS0.00219EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/08 8:11 p.m.19 views

CVE-2026-39416 Stored XSS in modal item preview for long item content in AIL Framework

AIL framework is an open-source platform to collect, crawl, process and analyse unstructured data. Prior to 6.8, a stored cross-site scripting XSS vulnerability was identified in the modal item preview functionality. When item content longer than 800 characters was processed, attacker-controlled...

8.5CVSS0.00219EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/08 8:11 p.m.3 views

EUVD-2026-20605

AIL framework is an open-source platform to collect, crawl, process and analyse unstructured data. Prior to 6.8, a stored cross-site scripting XSS vulnerability was identified in the modal item preview functionality. When item content longer than 800 characters was processed, attacker-controlled...

8.5CVSS6.1AI score0.00219EPSS
Exploits0References2
CVE
CVE
added 2026/04/08 8:11 p.m.11 views

CVE-2026-39416

Affected software: AIL Framework (pre-6.8). Vulnerable component: modal item preview. Root cause: stored XSS when item content >800 characters is returned without a proper text/plain content type, enabling injected HTML/JS in the context of an authenticated user. Impact: arbitrary script execu...

8.5CVSS6.1AI score0.00219EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.10 views

AIL framework 跨站脚本漏洞

AIL framework is a modular information leakage analysis framework developed as open source within the AIL project. It is used to analyze potential information leaks from unstructured data sources. Prior to version 6.8 of the AIL framework, there was a cross-site scripting vulnerability. This...

8.5CVSS5.7AI score0.00219EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.5 views

PT-2026-31440

AIL framework is an open-source platform to collect, crawl, process and analyse unstructured data. Prior to 6.8, a stored cross-site scripting XSS vulnerability was identified in the modal item preview functionality. When item content longer than 800 characters was processed, attacker-controlled...

8.5CVSS6.1AI score0.00219EPSS
Exploits0References3
OSV
OSV
added 2026/04/06 10:54 p.m.4 views

GHSA-788V-5PFP-93FF PocketMine-MP: JSON decoding of unlimited size large arrays/objects in ModalFormResponse Handling

Impact The server does not meaningfully limit the size of the JSON payload in ModalFormResponsePacket. This can be abused by an attacker to waste memory and CPU on an affected server, e.g. by sending arrays with millions of elements. The player must have a full session on the server i.e. spawned ...

7.1CVSS5.9AI score
Exploits0References4
Snyk
Snyk
added 2026/04/06 10:54 p.m.3 views

Allocation of Resources Without Limits or Throttling

Overview pocketmine/pocketmine-mp is a highly customisable, open source server software for Minecraft: Bedrock Edition written in PHP Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the ModalFormResponsePacket handling process. An attack...

7.1CVSS5.9AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/06 10:54 p.m.6 views

PocketMine-MP: JSON decoding of unlimited size large arrays/objects in ModalFormResponse Handling

Impact The server does not meaningfully limit the size of the JSON payload in ModalFormResponsePacket. This can be abused by an attacker to waste memory and CPU on an affected server, e.g. by sending arrays with millions of elements. The player must have a full session on the server i.e. spawned ...

5.9AI score
Exploits0References4Affected Software1
Packet Storm News
Packet Storm News
added 2026/04/06 12:0 a.m.9 views

SALLIE: Safeguarding against Latent Language and Image Exploits

Large Language Models LLMs and Vision-Language Models VLMs remain highly vulnerable to textual and visual jailbreaks, as well as prompt injections arXiv:2307.15043, Greshake et al., 2023, arXiv:2306.13213. Existing defenses often degrade performance through complex input transformations or treat...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/03 12:0 a.m.5 views

Credential Leakage in LLM Agent Skills: A Large-Scale Empirical Study

Third-party skills extend LLM agents with powerful capabilities but often handle sensitive credentials in privileged environments, making leakage risks poorly understood. We present the first large-scale empirical study of this problem, analyzing 17,022 skills sampled from 170,226 on SkillsMP usi...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/03 12:0 a.m.10 views

ContractShield: Bridging Semantic-Structural Gaps Via Hierarchical Cross-Modal Fusion for Multi-Label Vulnerability Detection in Obfuscated Smart Contracts

Smart contracts are increasingly targeted by adversaries employing obfuscation techniques such as bogus code injection and control flow manipulation to evade vulnerability detection. Existing multimodal methods often process semantic, temporal, and structural features in isolation and fuse them...

6AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/26 3:18 p.m.4 views

CVE-2026-32367

Improper Control of Generation of Code 'Code Injection' vulnerability in Yannick Lefebvre Modal Dialog modal-dialog allows Remote Code Inclusion.This issue affects Modal Dialog: from n/a through = 3.5.16...

9.1CVSS5.8AI score0.00397EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:5 p.m.5 views

CVE-2025-41008

SQL injection vulnerability in Sinturno. This vulnerability allows an attacker to retrieve, create, update, and delete databases through the 'client' parameter in the '/adm/scripts/modalReportdata.php' endpoint...

9.3CVSS5.9AI score0.00249EPSS
Exploits0References1
Rows per page
Query Builder