CVE-2026-10214

A weakness has been identified in zhayujie chatgpt-on-wechat up to 2.0.8. This issue affects the function getsafetywarning of the file agent/tools/bash/bash.py of the component Bash Tool. Executing a manipulation can lead to os command injection. The attack can be launched remotely. The exploit h...

CVE-2026-10214

The CVE affects zhayujie chatgpt-on-wechat Bash Tool (up to 2.0.8). The vulnerability is in agent/tools/bash/bash.py, _get_safety_warning, enabling os command injection via manipulated input and allowing remote exploitation. Exploit code is public (PoC), with the patch in version 2.0.9 (commit 16...

CVE-2026-10214 zhayujie chatgpt-on-wechat Bash Tool bash.py _get_safety_warning os command injection

A weakness has been identified in zhayujie chatgpt-on-wechat up to 2.0.8. This issue affects the function getsafetywarning of the file agent/tools/bash/bash.py of the component Bash Tool. Executing a manipulation can lead to os command injection. The attack can be launched remotely. The exploit h...

CVE-2026-10214 zhayujie chatgpt-on-wechat Bash Tool bash.py _get_safety_warning os command injection

A weakness has been identified in zhayujie chatgpt-on-wechat up to 2.0.8. This issue affects the function getsafetywarning of the file agent/tools/bash/bash.py of the component Bash Tool. Executing a manipulation can lead to os command injection. The attack can be launched remotely. The exploit h...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005613)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005613 advisory. In the Linux kernel, the following vulnerability has been resolved: Drivers: vmbus: Check for channel allocation before looking up relids relid2channel assumes vmbus...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990395)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990395 advisory. In the Linux kernel, the following vulnerability has been resolved: dm raid: fix KASAN warning in raid5adddisks There's a KASAN warning in raid5adddisk when running...

Vulnerability in San Francisco’s Public Safety Warning Sirens Fixed

Public emergency alert sirens, designed to both warn the masses of a crisis and direct them to safety, can be compromised by attackers who can take control of the system to broadcast false alarms. That is the conclusion of researchers at radio security firm Bastille, who released details of its...

Safety warning: PHP zip component integer overflow remote command execution-vulnerability warning-the black bar safety net

A, detailed description: In PHP 7 is due. x versions, which php Vulnerability report at 3. 2 9 has been submitted to the vulnerability to official ! 4. 2 8, official released 7. 0. 6 version fixes the vulnerability, while the author in github released the exp ! Second, the problem of proof: !...

Analysis WordPress a js Backdoor-vulnerability warning-the black bar safety net

We were recently in a lot of WordPress sites to find a for a collection the administrator login credentials for the backdoor, the injured site is to insert a concealment code, when an administrator logs on, the code is triggered, the Administrator's login credentials are encrypted by the GET...

On elasticsearch1. 4. 3 The following version of the security vulnerabilities in the attack process reproducibility-vulnerability warning-the black bar safety net

elasticsearch1. 4. 3 The following are a few version you can execute groovy scripts, this is after the use can directly call the Windows cmd command and linux shell. Online there are some articles, but writing is not enough ground gas, and here I reproduce this vulnerability during the attack,...

Android new attack: Google Voice Search attack-vulnerability warning-the black bar safety net

Chinese University of Hong Kong researchers in the Preprint posted on the website of paper PDF, describes a novel permission to bypass attack method: Google Voice Search attack. An attacker can leverage a zero-permissions Android app VoicEmployer, front activationoperating system built-in voice...

Alog CMS system XSS arbitrary File Download read vulnerability-vulnerability warning-the black bar safety net

| Alog CMS Background any download any remove any of the columns of the directory 漏洞 文件 :admin/mod/uploadfile.mod.php $baseDir = SITEROOT.'static/upload/'; $currentDir = $GET'dir' ? $GET'dir' : $POST'dir' ? $POST'dir' : "; //without any filter $currentPath = $baseDir.$ currentDir; Any download...

dedecms 5.7 a word the back door using the exp-bug warning-the black bar safety net

author: a dance of the forest tx Twitter: http://t.qq.com/wulinlw Night to see this http://www.wooyun.org/bug.php?action=view&id=5 4 1 6 shopcar.class.php is implanted in the word @evalfilegetcontents'php://input'; Go to the official website under the set back, look at the following code,...

Webmaster content Alliance background Cookie spoofing exploit-vulnerability warning-the black bar safety net

Webmaster content Alliance is domestic the most widely used of a thief program, but its background verification is not strictly, by the cookie trick, you can bypass the authentication directly into the background, get a webshell in. Website content Alliance, presumably most webmasters are aware o...

DedeCms v5. 6 embed malicious code execution vulnerabilities and fixes-vulnerability warning-the black bar safety net

Published:2011-03-02 Affected version: DedeCms v5. 6 vulnerability description: In the upload software of the Local, the local address not be effectively verified, it can be maliciously used reference toby57 Test method: Registered members, upload software: the local address filled in...

Image upload formula deceptive vulnerability tutorials-vulnerability warning-the black bar safety net

For the reader: the script to attack the lovers, ASP programmer Pre-knowledge: none Image upload formula spoofing attacks Wen/ Yan into the This vulnerability applies to all only check the uploaded file format of the program, put the images into HTML code, after uploading the executable to do the...

A minute crack linux fedora5 password to modify version-bug warning-the black bar safety net

Figure 1 Figure 2 See Figure 3. The interface should be somewhat strange! Now we enter a single command / 1 Remember: enter the“slash”after press the“space”in the input 1, then press the“ENTER key” The input command is a carriage return, it will return as “Figure 2”of the interface! Then press th...

Crack X-file lock-bug warning-the black bar safety net

Listen to a friend description great all day following this company has the safety zoom, Phantom of the background, technical strength is good, so go to their forums saunter a turn, found a X-file lock, looks like a good look, try the next, uh, really good, 1 min less than it is I crack up...... ...

Perform file encryption FLASH file decryption method-vulnerability warning-the black bar safety net

Tools: OD Lordpe 1 6 hexadecimal editor Program: 多彩的夏天.exe Purpose: from the EXE file in the export the SWF, then you can be decompile and modify the operation Description: in order to study the need and the process. Disrespectful, please you understanding. 1, OD import program. Stop here 004B556...

Mozilla Firefox <= 1.5.0.4 (marquee) Denial of Service Exploit-vulnerability warning-the black bar safety net

html head titleCredit's go to n00b/title meta http-equiv="Content-Type" content="text/html; charset=iso-8 8 5 9-1" /head body marqueemarqueemarqueemarqueemarqueemarqueemarqueemarqueemarqueemarqueemarqueemarqueemarqueemarqueemarqueemarqueemarquee...