3 matches found
CVE-2026-6819
HKUDS OpenHarness prior to PR 156 remediation exposes plugin lifecycle commands including /plugin install, /plugin enable, /plugin disable, and /reload-plugins to remote senders by default. Attackers who gain access through the channel layer can remotely manage plugin trust and activation state,...
OpenHarness 安全漏洞
OpenHarness is a lightweight development and runtime framework for Data Intelligence Lab@HKU. Versions prior to OpenHarness PR 156 contained security vulnerabilities. These vulnerabilities stemmed from the default exposure of plugin lifecycle commands, which could allow attackers to remotely mana...
Arbitrary command execution on Windows
Description Opening files from an untrusted directory can lead to execution of arbitrary commands on Windows systems, this is possible by having a malicious file with the same name as a trusted executable, Windows gives priority to the current directory when searching for executables. Several...