176 matches found
CVE-2026-41645
A flaw was found in Nuclei, a vulnerability scanner. A malicious target server can inject and execute supported DSL Domain Specific Language expressions within Nuclei's expression evaluation engine. This occurs when HTTP response data containing helper/function syntax is reused by multi-step...
OrchJail: Jailbreaking Tool-Calling Text-To-Image Agents by Orchestration-Guided Fuzzing
Tool-calling text-to-image T2I agents can plan and execute multi-step tool chains to accomplish complex generation and editing queries. However, this capability introduces a new safety attack surface: harmful outputs may arise from tool orchestration, where individually benign steps combine into...
WordPress Contact Form 7 Multi-Step Forms plugin <= 4.4.1 - Unauthenticated Reflected Cross-Site Scripting vulnerability
Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Contact Form 7 Multi-Step Forms versions = 4.4.1...
CVE-2026-41282
A flaw was found in ProjectDiscovery Nuclei. This vulnerability allows for DSL Domain Specific Language expression injection when using environment variables for multi-step templates against untrusted targets. An attacker could exploit this by crafting malicious input, potentially leading to...
EUVD-2026-23795
ProjectDiscovery Nuclei 3 before 3.8.0 allows DSL expression injection. This affects use of -env-vars for multi-step templates against untrusted targets not the default configuration...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the -env-vars process when multi-step templates are used against untrusted targets. An attacker can execute arbitrary code by injecting malicious DSL expressions. This is only exploitable if multi-step...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the -env-vars process when multi-step templates are used against untrusted targets. An attacker can execute arbitrary code by injecting malicious DSL expressions. This is only exploitable if multi-step...
CVE-2026-41282
ProjectDiscovery Nuclei 3 before 3.8.0 allows DSL expression injection. This affects use of -env-vars for multi-step templates against untrusted targets not the default configuration...
CVE-2026-41282
ProjectDiscovery Nuclei 3 before 3.8.0 allows DSL expression injection. This affects use of -env-vars for multi-step templates against untrusted targets not the default configuration...
CVE-2026-41282
Summary: CVE-2026-41282 affects ProjectDiscovery Nuclei prior to 3.8.0, where DSL expression injection is possible when using -env-vars for multi-step templates against untrusted targets configured non-defaultly. The Red Hat advisory describes a flaw enabling DSL injection that could lead to unau...
CVE-2026-41282
ProjectDiscovery Nuclei 3 before 3.8.0 allows DSL expression injection. This affects use of -env-vars for multi-step templates against untrusted targets not the default configuration...
CVE-2026-41282
ProjectDiscovery Nuclei 3 before 3.8.0 allows DSL expression injection. This affects use of -env-vars for multi-step templates against untrusted targets not the default configuration...
Nuclei 安全漏洞
Nuclei is a fast-customizable vulnerability scanner based on simple YAML, open-sourced by ProjectDiscovery. Versions of Nuclei prior to 3.8.0 have security vulnerabilities, which stem from DSL expression injection and may affect the use of multi-step templates...
PT-2026-33724
ProjectDiscovery Nuclei 3 before 3.8.0 allows DSL expression injection. This affects use of -env-vars for multi-step templates against untrusted targets not the default configuration...
poc-studio-public
Nuclei Offline GUI This is a pure offline desktop prototype,...
T-MAP: Red-Teaming LLM Agents with Trajectory-Aware Evolutionary Search
While prior red-teaming efforts have focused on eliciting harmful text outputs from large language models LLMs, such approaches fail to capture agent-specific vulnerabilities that emerge through multi-step tool execution, particularly in rapidly growing ecosystems such as the Model Context Protoc...
The Promptware Kill Chain: How Prompt Injections Gradually Evolved into a Multi-Step Malware
Whitepaper called The Promptware Kill Chain: How Prompt Injections Gradually Evolved Into A Multi-Step Malware...
CVE-2023-50832
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Mondula GmbH Multi Step Form allows Stored XSS.This issue affects Multi Step Form: from n/a through 1.7.13...
Jailbreaking Large Language Models through Iterative Tool-Disguised Attacks Via Reinforcement Learning
Large language models LLMs have demonstrated remarkable capabilities across diverse applications, however, they remain critically vulnerable to jailbreak attacks that elicit harmful responses violating human values and safety guidelines. Despite extensive research on defense mechanisms, existing...
WordPress Multi-Step Checkout for WooCommerce plugin <= 2.33 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by benzdeus in WordPress Plugin Multi-Step Checkout for WooCommerce versions = 2.33...