GHSA-67Q9-58VJ-32QX WeKnora Vulnerable to Tool Execution Hijacking via Ambigous Naming Convention In MCP client and Indirect Prompt Injection

Summary A vulnerability involving tool name collision and indirect prompt injection allows a malicious remote MCP server to hijack tool execution. By exploiting an ambiguous naming convention in the MCP client mcpservicetool, an attacker can register a malicious tool that overwrites a legitimate...

PT-2026-23799

Name of the Vulnerable Software and Affected Versions WeKnora versions prior to 0.3.0 Description WeKnora, an LLM-powered framework for deep document understanding and semantic retrieval, is susceptible to a vulnerability involving tool name collision and indirect prompt injection. A malicious...

CVE-2024-8785 WhatsUp Gold Registry Overwrite Remote Code Execution Vulnerability

In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage NmAPI.exe to create or change an existing registry value in registry path HKEYLOCALMACHINE\SOFTWARE\WOW6432Node\Ipswitch...

CVE-2024-8785 WhatsUp Gold Registry Overwrite Remote Code Execution Vulnerability

In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage NmAPI.exe to create or change an existing registry value in registry path HKEYLOCALMACHINE\SOFTWARE\WOW6432Node\Ipswitch...

WinRAR Settings Import Command Execution

!/usr/bin/python -w Title : WinRar Settings Import Command Execution Date : 02/10/2015 Author : R-73eN Tested on : Windows 7 Ultimate Vulnerable Versions : Winrar 5.30 beta 4 The vulnerability exists in the "Import Settings From File" function. Since Settings file of Winrar are saved as a registr...