178 matches found
The Red Agent POV: How it Reasoned its Way to SSRF
Part 1: How the Red Agent uncovered a multi-step attack chain allowing SSRF-to-Local-File-Read on a GCP Cloud Run API...
CVE-2026-41645
A flaw was found in Nuclei, a vulnerability scanner. A malicious target server can inject and execute supported DSL Domain Specific Language expressions within Nuclei's expression evaluation engine. This occurs when HTTP response data containing helper/function syntax is reused by multi-step...
OrchJail: Jailbreaking Tool-Calling Text-To-Image Agents by Orchestration-Guided Fuzzing
Tool-calling text-to-image T2I agents can plan and execute multi-step tool chains to accomplish complex generation and editing queries. However, this capability introduces a new safety attack surface: harmful outputs may arise from tool orchestration, where individually benign steps combine into...
WordPress Contact Form 7 Multi-Step Forms plugin <= 4.4.1 - Unauthenticated Reflected Cross-Site Scripting vulnerability
Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Contact Form 7 Multi-Step Forms versions = 4.4.1...
CVE-2026-41282
A flaw was found in ProjectDiscovery Nuclei. This vulnerability allows for DSL Domain Specific Language expression injection when using environment variables for multi-step templates against untrusted targets. An attacker could exploit this by crafting malicious input, potentially leading to...
EUVD-2026-23795
ProjectDiscovery Nuclei 3 before 3.8.0 allows DSL expression injection. This affects use of -env-vars for multi-step templates against untrusted targets not the default configuration...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the -env-vars process when multi-step templates are used against untrusted targets. An attacker can execute arbitrary code by injecting malicious DSL expressions. This is only exploitable if multi-step...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the -env-vars process when multi-step templates are used against untrusted targets. An attacker can execute arbitrary code by injecting malicious DSL expressions. This is only exploitable if multi-step...
CVE-2026-41282
ProjectDiscovery Nuclei 3 before 3.8.0 allows DSL expression injection. This affects use of -env-vars for multi-step templates against untrusted targets not the default configuration...
CVE-2026-41282
ProjectDiscovery Nuclei 3 before 3.8.0 allows DSL expression injection. This affects use of -env-vars for multi-step templates against untrusted targets not the default configuration...
CVE-2026-41282
Summary: CVE-2026-41282 affects ProjectDiscovery Nuclei prior to 3.8.0, where DSL expression injection is possible when using -env-vars for multi-step templates against untrusted targets configured non-defaultly. The Red Hat advisory describes a flaw enabling DSL injection that could lead to unau...
CVE-2026-41282
ProjectDiscovery Nuclei 3 before 3.8.0 allows DSL expression injection. This affects use of -env-vars for multi-step templates against untrusted targets not the default configuration...
CVE-2026-41282
ProjectDiscovery Nuclei 3 before 3.8.0 allows DSL expression injection. This affects use of -env-vars for multi-step templates against untrusted targets not the default configuration...
CVE-2026-41282
ProjectDiscovery Nuclei 3 before 3.8.0 allows DSL expression injection. This affects use of -env-vars for multi-step templates against untrusted targets not the default configuration...
PT-2026-33724
ProjectDiscovery Nuclei 3 before 3.8.0 allows DSL expression injection. This affects use of -env-vars for multi-step templates against untrusted targets not the default configuration...
Nuclei 安全漏洞
Nuclei is a fast-customizable vulnerability scanner based on simple YAML, open-sourced by ProjectDiscovery. Versions of Nuclei prior to 3.8.0 have security vulnerabilities, which stem from DSL expression injection and may affect the use of multi-step templates...
poc-studio-public
Nuclei Offline GUI This is a pure offline desktop prototype,...
T-MAP: Red-Teaming LLM Agents with Trajectory-Aware Evolutionary Search
While prior red-teaming efforts have focused on eliciting harmful text outputs from large language models LLMs, such approaches fail to capture agent-specific vulnerabilities that emerge through multi-step tool execution, particularly in rapidly growing ecosystems such as the Model Context Protoc...
The Promptware Kill Chain: How Prompt Injections Gradually Evolved into a Multi-Step Malware
Whitepaper called The Promptware Kill Chain: How Prompt Injections Gradually Evolved Into A Multi-Step Malware...
CVE-2023-50832
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Mondula GmbH Multi Step Form allows Stored XSS.This issue affects Multi Step Form: from n/a through 1.7.13...