Lucene search
+L

178 matches found

wizblog
wizblog
added 2026/06/17 2:33 p.m.16 views

The Red Agent POV: How it Reasoned its Way to SSRF

Part 1: How the Red Agent uncovered a multi-step attack chain allowing SSRF-to-Local-File-Read on a GCP Cloud Run API...

5.2AI score
Exploits0
redhatcve
redhatcve
added 2026/05/12 6:1 p.m.14 views

CVE-2026-41645

A flaw was found in Nuclei, a vulnerability scanner. A malicious target server can inject and execute supported DSL Domain Specific Language expressions within Nuclei's expression evaluation engine. This occurs when HTTP response data containing helper/function syntax is reused by multi-step...

5.3CVSS5.8AI score0.00344EPSS
Exploits0References2
packetstormnews
packetstormnews
added 2026/05/08 12:0 a.m.21 views

OrchJail: Jailbreaking Tool-Calling Text-To-Image Agents by Orchestration-Guided Fuzzing

Tool-calling text-to-image T2I agents can plan and execute multi-step tool chains to accomplish complex generation and editing queries. However, this capability introduces a new safety attack surface: harmful outputs may arise from tool orchestration, where individually benign steps combine into...

5.9AI score
Exploits0
patchstack
patchstack
added 2026/05/01 9:32 a.m.9 views

WordPress Contact Form 7 Multi-Step Forms plugin <= 4.4.1 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Contact Form 7 Multi-Step Forms versions = 4.4.1...

6.1CVSS5.8AI score0.00276EPSS
Exploits0References1Affected Software1
redhatcve
redhatcve
added 2026/04/20 11:33 a.m.6 views

CVE-2026-41282

A flaw was found in ProjectDiscovery Nuclei. This vulnerability allows for DSL Domain Specific Language expression injection when using environment variables for multi-step templates against untrusted targets. An attacker could exploit this by crafting malicious input, potentially leading to...

7.5CVSS5.7AI score0.0025EPSS
Exploits0References2
euvd
euvd
added 2026/04/20 9:30 a.m.7 views

EUVD-2026-23795

ProjectDiscovery Nuclei 3 before 3.8.0 allows DSL expression injection. This affects use of -env-vars for multi-step templates against untrusted targets not the default configuration...

4CVSS5.8AI score0.0025EPSS
Exploits0References6
snyk
snyk
added 2026/04/20 9:16 a.m.3 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the -env-vars process when multi-step templates are used against untrusted targets. An attacker can execute arbitrary code by injecting malicious DSL expressions. This is only exploitable if multi-step...

7.5CVSS6.1AI score0.00344EPSS
Exploits0References2
snyk
snyk
added 2026/04/20 9:16 a.m.4 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the -env-vars process when multi-step templates are used against untrusted targets. An attacker can execute arbitrary code by injecting malicious DSL expressions. This is only exploitable if multi-step...

7.5CVSS6.1AI score0.00344EPSS
Exploits0References2
nvd
nvd
added 2026/04/20 8:16 a.m.13 views

CVE-2026-41282

ProjectDiscovery Nuclei 3 before 3.8.0 allows DSL expression injection. This affects use of -env-vars for multi-step templates against untrusted targets not the default configuration...

7.5CVSS0.0025EPSS
Exploits0References5
attackerkb
attackerkb
added 2026/04/20 7:10 a.m.7 views

CVE-2026-41282

ProjectDiscovery Nuclei 3 before 3.8.0 allows DSL expression injection. This affects use of -env-vars for multi-step templates against untrusted targets not the default configuration...

4CVSS5.8AI score0.0025EPSS
Exploits0References6Affected Software1
cve
cve
added 2026/04/20 7:10 a.m.19 views

CVE-2026-41282

Summary: CVE-2026-41282 affects ProjectDiscovery Nuclei prior to 3.8.0, where DSL expression injection is possible when using -env-vars for multi-step templates against untrusted targets configured non-defaultly. The Red Hat advisory describes a flaw enabling DSL injection that could lead to unau...

7.5CVSS5.8AI score0.0025EPSS
Exploits0References5Affected Software1
vulnrichment
vulnrichment
added 2026/04/20 7:10 a.m.8 views

CVE-2026-41282

ProjectDiscovery Nuclei 3 before 3.8.0 allows DSL expression injection. This affects use of -env-vars for multi-step templates against untrusted targets not the default configuration...

4CVSS5.8AI score0.0025EPSS
Exploits0References5
cvelist
cvelist
added 2026/04/20 7:10 a.m.36 views

CVE-2026-41282

ProjectDiscovery Nuclei 3 before 3.8.0 allows DSL expression injection. This affects use of -env-vars for multi-step templates against untrusted targets not the default configuration...

4CVSS0.0025EPSS
Exploits0References5
osv
osv
added 2026/04/20 7:10 a.m.3 views

CVE-2026-41282

ProjectDiscovery Nuclei 3 before 3.8.0 allows DSL expression injection. This affects use of -env-vars for multi-step templates against untrusted targets not the default configuration...

4CVSS5.9AI score0.00344EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2026/04/20 12:0 a.m.7 views

PT-2026-33724

ProjectDiscovery Nuclei 3 before 3.8.0 allows DSL expression injection. This affects use of -env-vars for multi-step templates against untrusted targets not the default configuration...

4CVSS5.8AI score0.0025EPSS
Exploits0References6
cnnvd
cnnvd
added 2026/04/20 12:0 a.m.9 views

Nuclei 安全漏洞

Nuclei is a fast-customizable vulnerability scanner based on simple YAML, open-sourced by ProjectDiscovery. Versions of Nuclei prior to 3.8.0 have security vulnerabilities, which stem from DSL expression injection and may affect the use of multi-step templates...

7.5CVSS5.8AI score0.0025EPSS
Exploits0References2
githubexploit
githubexploit
added 2026/03/31 9:27 a.m.130 views

poc-studio-public

Nuclei Offline GUI This is a pure offline desktop prototype,...

5.9AI score
Exploits0
packetstormnews
packetstormnews
added 2026/03/21 12:0 a.m.18 views

T-MAP: Red-Teaming LLM Agents with Trajectory-Aware Evolutionary Search

While prior red-teaming efforts have focused on eliciting harmful text outputs from large language models LLMs, such approaches fail to capture agent-specific vulnerabilities that emerge through multi-step tool execution, particularly in rapidly growing ecosystems such as the Model Context Protoc...

6AI score
Exploits0
packetstormnews
packetstormnews
added 2026/01/14 12:0 a.m.5 views

The Promptware Kill Chain: How Prompt Injections Gradually Evolved into a Multi-Step Malware

Whitepaper called The Promptware Kill Chain: How Prompt Injections Gradually Evolved Into A Multi-Step Malware...

6.9AI score
Exploits0
redhatcve
redhatcve
added 2026/01/09 9:29 a.m.8 views

CVE-2023-50832

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Mondula GmbH Multi Step Form allows Stored XSS.This issue affects Multi Step Form: from n/a through 1.7.13...

5.9CVSS6.5AI score0.00402EPSS
Exploits1References1
Rows per page
Query Builder