878 matches found
com.mchange/mchange-commons-java: mchange-commons-java: Arbitrary code execution via JNDI dereferencing of crafted objects
A flaw was found in mchange-commons-java, a Java utility library. An attacker can exploit this vulnerability by providing a maliciously crafted javax.naming.Reference or serialized object to an application using the library. This can provoke the application to download and execute arbitrary...
openSUSE 15 Security Update : c3p0 and mchange-commons (SUSE-SU-2026:0855-1)
The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0855-1 advisory. c3p0: - Security issues fixed: - CVE-2026-27830: Fixed unsafe object deserialization bsc1258942 - Fix the null pointer exception in the...
EUVD-2026-10647
Improper restriction of names for files and other resources in Active Directory Domain Services allows an authorized attacker to elevate privileges over a network...
GO-2026-4638 WeKnora Vulnerable to Tool Execution Hijacking via Ambigous Naming Convention In MCP client and Indirect Prompt Injection in github.com/Tencent/WeKnora
WeKnora Vulnerable to Tool Execution Hijacking via Ambigous Naming Convention In MCP client and Indirect Prompt Injection in github.com/Tencent/WeKnora...
CVE-2026-24283 Multiple UNC Provider Kernel Driver Elevation of Privilege Vulnerability
...
CVE-2026-24283 Multiple UNC Provider Kernel Driver Elevation of Privilege Vulnerability
...
Vertex AI Experiments Bucket Squatting Defensive Scanner
The Vertex AI Bucket Squatting Defensive Scanner is a security assessment tool designed to detect potential Google Cloud Storage bucket hijacking risks related to predictable naming patterns in Vertex AI experiment workflows. Instead of exploiting the vulnerability, this defensive version perform...
📄 Vertex AI Experiments 1.132.x Predictable Bucket Naming
A vulnerability identified as CVE-2026-2473 affected Google Cloud Vertex AI, specifically the Vertex AI Experiments component, in versions 1.21.0 through 1.132.x fixed in 1.133.0 and later. The issue stemmed from predictable Cloud Storage bucket naming patterns, enabling a class of attack known a...
CVE-2026-30856 WeKnora: Tool Execution Hijacking via Ambigous Naming Convention In MCP client and Indirect Prompt Injection
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.0, a vulnerability involving tool name collision and indirect prompt injection allows a malicious remote MCP server to hijack tool execution. By exploiting an ambiguous naming...
CVE-2026-30856 WeKnora: Tool Execution Hijacking via Ambigous Naming Convention In MCP client and Indirect Prompt Injection
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.0, a vulnerability involving tool name collision and indirect prompt injection allows a malicious remote MCP server to hijack tool execution. By exploiting an ambiguous naming...
CVE-2026-30856 WeKnora: Tool Execution Hijacking via Ambigous Naming Convention In MCP client and Indirect Prompt Injection
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.0, a vulnerability involving tool name collision and indirect prompt injection allows a malicious remote MCP server to hijack tool execution. By exploiting an ambiguous naming...
WordPress,WordPress plugin 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress plugin The Qlean 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress plugin Alchemists 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
WordPress plugin Vixus 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
WordPress plugin Equadio 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
WordPress plugin Marra 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...
CVE-2026-27830
A flaw was found in c3p0, a Java Database Connectivity JDBC Connection pooling library. This vulnerability allows an attacker to achieve arbitrary code execution by providing maliciously crafted Java-serialized objects or javax.naming.Reference instances. By manipulating the userOverridesAsString...
CVE-2026-27615
ADB Explorer is a fluent UI for ADB on Windows. In versions prior to Beta 0.9.26022, ADB-Explorer allows the ManualAdbPath settings variable, which determines the path of the ADB binary to be executed, to be set to a Universal Naming Convention UNC path in the application's settings file. This...
CVE-2026-27830
c3p0, a JDBC Connection pooling library, is vulnerable to attack via maliciously crafted Java-serialized objects and javax.naming.Reference instances. Several c3p0 ConnectionPoolDataSource implementations have a property called userOverridesAsString which conceptually represents a Map. Prior to...