382 matches found
CVE-2026-14784
A vulnerability was identified in vxcontrol PentAGI up to 2.1.0. This affects an unknown function of the file backend/pkg/docker/client.go of the component Docker API. The manipulation leads to sandbox issue. The attack may be initiated remotely. The pull request to fix this issue awaits acceptan...
CVE-2026-13543
Documenso (up to v2.11.0) is affected by a vulnerability in the Google OAuth Login flow. The issue resides in the file packages/auth/server/lib/utils/handle-oauth-callback-url.ts and is triggered by manipulation of the OAuth callback URL, leading to improper authentication. The flaw can be exploi...
UBUNTU-CVE-2026-53319
In the Linux kernel, the following vulnerability has been resolved: blk-wbt: remove WARNONONCE from wbtinitenabledefault wbtinitenabledefault uses WARNONONCE to check for failures from wbtalloc and wbtinit. However, both are expected failure paths: - wbtalloc can return NULL under memory pressure...
CVE-2026-56696
OpenHarness /issue and /prcomments slash commands lack remoteinvocable=False protection, allowing remote channel senders to write attacker-controlled Markdown into project context files. Admitted remote attackers can inject malicious content into .openharness/issue.md and .openharness/prcomments....
MINI-W329-PR28-V44X
Bulletin has no description...
EUVD-2026-34253
A vulnerability was determined in mjperpinosa stumasy. The impacted element is an unknown function of the file application/PHP/objects/profiles/changeprofileimage.php. Executing a manipulation of the argument prprofileimage can lead to unrestricted upload. The attack may be launched remotely. The...
CVE-2026-10807 mjperpinosa stumasy change_profile_image.php unrestricted upload
A vulnerability was determined in mjperpinosa stumasy. The impacted element is an unknown function of the file application/PHP/objects/profiles/changeprofileimage.php. Executing a manipulation of the argument prprofileimage can lead to unrestricted upload. The attack may be launched remotely. The...
CVE-2026-10565 Open5GS NGAP Handover gmm-sm.c gmm_state_security_mode race condition
A security flaw has been discovered in Open5GS up to 2.7.6. The impacted element is the function gmmstatesecuritymode of the file src/amf/gmm-sm.c of the component NGAP Handover. Performing a manipulation results in race condition. The attack can be initiated remotely. The complexity of an attack...
CVE-2026-44723
CVE-2026-44723 affects Vowpal Wabbit. The issue arises in the GitHub workflow .github/workflows/python_checks.yml where the PR title ({{ github.event.pull_request.title }}) is directly embedded inside double-quoted bash strings in four steps across four jobs, passing it as a CLI argument to run_t...
PT-2026-43379
A weakness has been identified in ThingsBoard up to 4.3.1.1. Affected by this vulnerability is the function getGatewayDockerComposeFile of the file /api/v1/provision of the component YAML Handler. This manipulation causes code injection. It is possible to initiate the attack remotely. The attack'...
CVE-2026-4646
Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to validate user-supplied input in API request handlers which allows an authenticated attacker to crash the plugin process via a crafted HTTP request to the PR details endpoint.. Mattermost Advisory ID:...
PT-2026-42748
Name of the Vulnerable Software and Affected Versions Mattermost version 11.6.0 Mattermost version 11.5.3 Mattermost version 11.4.4 Mattermost version 10.11.14 Description Insufficient input validation in the GitHub plugin API request handlers allows an authenticated attacker to cause a denial of...
EUVD-2026-30714
A vulnerability has been found in vercel ai up to 3.0.97. Impacted is the function run of the file .github/workflows/prettier-on-automerge.yml of the component PR Branch Name Interpolation. The manipulation leads to os command injection. The attack can be initiated remotely. The complexity of an...
CVE-2026-8767 vercel ai PR Branch Name Interpolation prettier-on-automerge.yml run os command injection
A vulnerability has been found in vercel ai up to 3.0.97. Impacted is the function run of the file .github/workflows/prettier-on-automerge.yml of the component PR Branch Name Interpolation. The manipulation leads to os command injection. The attack can be initiated remotely. The complexity of an...
CVE-2026-8767
CVE-2026-8767 affects vercel ai up to version 3.0.97. The issue lies in the run function of .github/workflows/prettier-on-automerge.yml within the PR Branch Name Interpolation component, enabling an OS command injection. Attacks can be remote, with high attack complexity and exploitability deemed...
AI SDK 命令注入漏洞
AI SDK is a TypeScript AI toolkit open-sourced by Vercel. Versions of AI SDK 3.0.97 and earlier have a command injection vulnerability. This vulnerability stems from the run function in the PR Branch Name Interpolation component, where operating system commands can be injected, potentially allowi...
CVE-2026-45321 Malware in 42 @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys
On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack/ packages were published to the npm registry. The publishes were authenticated via the legitimate GitHub Actions OIDC trusted-publisher binding for TanStack/router, but the publish workflow itself...
PT-2026-39905
Name of the Vulnerable Software and Affected Versions @tanstack/ packages affected versions not specified Description An attacker published 84 malicious versions across 42 @tanstack/ packages to the npm registry. The attack was executed by chaining three vulnerability classes: a pull request targ...
OESA-2026-2239 pdfbox security update
Apache PDFBox is an open source Java PDF library for working with PDF documents. This project allows creation of new PDF documents, manipulation of existing documents and the ability to extract content from documents. Apache PDFBox also includes several command line utilities. Apache PDFBox is...
Linux Distros Unpatched Vulnerability : CVE-2026-41414
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Skim is a fuzzy finder designed to through files, lines, and commands. The generate-files job in .github/workflows/pr.yml checks out attacker-controlled fork co...