265335 matches found
CVE-2026-55615
Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.5, Neo4jChatAgent passes LLM-generated Cypher queries straight to the Neo4j driver with no validation, no statement-type allowlist, and no opt-out gate. The query text is influenceable by prompt...
The vulnerability in the drivers/bluetooth/btnxpuart.c module of Linux operating systems allows a hacker to cause a service failure.
The vulnerability in the drivers/bluetooth/btnxpuart.c module of Linux operating systems is related to incorrect resource management. Exploiting this vulnerability can allow an attacker to cause service failures...
CVE-2026-55615 Langroid: Neo4jChatAgent executes LLM-generated Cypher without validation (prompt-to-Cypher injection; config-conditional RCE), mirroring the SQLChatAgent bug fixed in CVE-2026-25879
Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.5, Neo4jChatAgent passes LLM-generated Cypher queries straight to the Neo4j driver with no validation, no statement-type allowlist, and no opt-out gate. The query text is influenceable by prompt...
CVE-2026-55615
Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.5, Neo4jChatAgent passes LLM-generated Cypher queries straight to the Neo4j driver with no validation, no statement-type allowlist, and no opt-out gate. The query text is influenceable by prompt...
Malicious code in pxpure8 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a40ae433e9fa90bfbb449d343c281375329a44c0dacf080a91a0c1717579b679 The package's main entry pure.js consists of a single behavior: it creates a element pointing at https://cdn.jsdelivr.net/npm/px8my/px.js no version...
Malicious code in validator-string (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 41a95b09ecd097cf7db1496950d26195169adb7ad2d8065a3458771389094be4 Package name validator-string impersonates the widely-used npm package validator and copies its README, homepage, and API surface. package.json...
cpm-poc-sdwebui-ext
cpm-poc-sdwebui-ext Research artifact — JHU EN.601.441/641 CP...
CVE-2026-57032
An Improper Handling of Undefined Parameters vulnerability in the packet forwarding engine pfe of Juniper Networks Junos OS on EX Series devices allows an authenticated attacker with low privileges to cause a Denial-of-Service DoS. If an attempt is made to subscribe to an unsupported telemetry...
CVE-2026-57019
An Improper Validation of Specified Quantity in Input vulnerability in the Packet Forwarding Engine pfe of Juniper Networks Junos OS on MX Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service DoS. When a specific packet is received from device in the same broadcast...
CVE-2026-58144 Cotonti Siena 0.9.26 Stored XSS via PFS Module ntitle Parameter
Cotonti Siena 0.9.26 and earlier contains a stored cross-site scripting vulnerability that allows authenticated users with PFS access to inject arbitrary script payloads by supplying malicious HTML in the ntitle parameter processed through the TXT filter in pfs.main.php. Attackers can create a...
CVE-2026-57032 Junos OS: EX Series: Subscribing to an unsupported telemetry sensor path causes fxpc process crash
An Improper Handling of Undefined Parameters vulnerability in the packet forwarding engine pfe of Juniper Networks Junos OS on EX Series devices allows an authenticated attacker with low privileges to cause a Denial-of-Service DoS. If an attempt is made to subscribe to an unsupported telemetry...
CVE-2026-57032
CVE-2026-57032 describes an improper handling of undefined parameters in the packet forwarding engine (pfe) of Juniper Networks Junos OS on EX Series devices. When attempting to subscribe to an unsupported telemetry sensor path on EX2300, EX3400, EX4000, EX4100, and EX4400 via gRPC, the Front Pan...
CVE-2026-57032
An Improper Handling of Undefined Parameters vulnerability in the packet forwarding engine pfe of Juniper Networks Junos OS on EX Series devices allows an authenticated attacker with low privileges to cause a Denial-of-Service DoS. If an attempt is made to subscribe to an unsupported telemetry...
EUVD-2026-42723
An Improper Handling of Undefined Parameters vulnerability in the packet forwarding engine pfe of Juniper Networks Junos OS on EX Series devices allows an authenticated attacker with low privileges to cause a Denial-of-Service DoS. If an attempt is made to subscribe to an unsupported telemetry...
Exploit for CVE-2026-12400
CVE-2026-12400 — FlowForms IDOR: Unauthorized Form Modificatio...
CVE-2026-57019 Junos OS: MX Series: Specific traffic causes an FPC to reset
An Improper Validation of Specified Quantity in Input vulnerability in the Packet Forwarding Engine pfe of Juniper Networks Junos OS on MX Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service DoS. When a specific packet is received from device in the same broadcast...
CVE-2026-57019
CVE-2026-57019 affects Junos OS on MX Series. An issue in the Packet Forwarding Engine (pfe) due to improper validation of a specified quantity in input can allow an unauthenticated adjacent attacker to cause a Denial-of-Service by triggering an FPC major error and a reset, impacting traffic unti...
CVE-2026-57019
An Improper Validation of Specified Quantity in Input vulnerability in the Packet Forwarding Engine pfe of Juniper Networks Junos OS on MX Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service DoS. When a specific packet is received from device in the same broadcast...
EUVD-2026-42706
An Improper Validation of Specified Quantity in Input vulnerability in the Packet Forwarding Engine pfe of Juniper Networks Junos OS on MX Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service DoS. When a specific packet is received from device in the same broadcast...
YesWiki Vulnerable to Authenticated PHP Object Injection in BazarImportAction via unserialize
Details Sink tools/bazar/services/CSVManager.php line 372-399: public function importEntryarray $importedEntries, string $formId: ?array if !$this-importdone // ... foreach $importedEntries as $entry $entry = unserializebase64decode$entry; // false argument; arbitrary classes are instantiated. Th...