106040 matches found
Kompany MCP Server 命令注入漏洞
Kompany MCP Server is a collaboration tool for Eyal Individual Developers that connects an AI assistant to a task management platform. Kompany MCP Server suffers from a command injection vulnerability that stems from the incorrect manipulation of the parameter devscript in the file...
CVE-2026-3346
IBM Langflow Desktop 1.6.0 through 1.8.4 Lanflow is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...
Exploit for CVE-2026-31431
CVE-2026-31431-Copy-Fail---Vulnerability-Detection-Script Dete...
Exploit for CVE-2026-41940
cpanel-cve-2026-41940-fix One-shot detection and remediatio...
CVE-2026-36761
A stored cross-site scripting XSS vulnerability in the /msg/msgInner/save endpoint of JeeSite v5.15.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted input into the msgContent parameter...
Exploit for CVE-2026-31431
CVE-2026-31431 - Script de Verificacao e Mitigacao Este repos...
Exploit for CVE-2026-31431
CVE-2026-31431 Copy Fail Checker Verifica si un host Linux...
Exploit for CVE-2026-31431
Copy Fail - CVE-2026-31431 Detector and Mitigator !Bashhtt...
Exploit for CVE-2026-31431
CVE-2026-31431-exploitpy2py3 A script...
CVE-2026-42511
The BOOTP file field is written to the lease file without escaping embedded double-quotes, allowing injection of arbitrary dhclient.conf directives. When the lease file is subsequently re-parsed by dhclient, e.g., after a system restart, an attacker-controlled field from the lease is passed to...
CVE-2026-42511
The BOOTP file field is written to the lease file without escaping embedded double-quotes, allowing injection of arbitrary dhclient.conf directives. When the lease file is subsequently re-parsed by dhclient, e.g., after a system restart, an attacker-controlled field from the lease is passed to...
CVE-2026-42511 Remote code execution via malicious DHCP options
The BOOTP file field is written to the lease file without escaping embedded double-quotes, allowing injection of arbitrary dhclient.conf directives. When the lease file is subsequently re-parsed by dhclient, e.g., after a system restart, an attacker-controlled field from the lease is passed to...
CVE-2026-42511 Remote code execution via malicious DHCP options
The BOOTP file field is written to the lease file without escaping embedded double-quotes, allowing injection of arbitrary dhclient.conf directives. When the lease file is subsequently re-parsed by dhclient, e.g., after a system restart, an attacker-controlled field from the lease is passed to...
EUVD-2026-26350
The BOOTP file field is written to the lease file without escaping embedded double-quotes, allowing injection of arbitrary dhclient.conf directives. When the lease file is subsequently re-parsed by dhclient, e.g., after a system restart, an attacker-controlled field from the lease is passed to...
Cross-site Scripting (XSS)
Overview com.coravy.hudson.plugins.github:github is a Jenkins GitHub plugin Affected versions of this package are vulnerable to Cross-site Scripting XSS via JavaScript validation logic for the “GitHub hook trigger for GITScm polling” feature. An attacker can execute arbitrary JavaScript code by...
Use of Password Hash Instead of Password for Authentication
Overview org.jenkins-ci.plugins:script-security is a package that allows Jenkins administrators to control what in-process scripts can be run by less-privileged users. Affected versions of this package are vulnerable to Use of Password Hash Instead of Password for Authentication through the...
Exploit for CVE-2026-31431
This script is entirely genera...
CVE-2026-7447
SourceCodester Pet Grooming Management Software 1.0 contains a SQL injection in /admin/update_customer.php due to improper validation of parameter types/length/business rules. The flaw is exploitable remotely, with the exploit reportedly published. Affected software/component: SourceCodester Pet ...
exploit-db-skill
Exploit-DB Skill Cross-Platform Small cross-platform helper...
GHSA-537J-GQPC-P7FQ n8n Vulnerable to XSS via MCP OAuth client
Impact An unauthenticated attacker could register a malicious MCP OAuth client with a crafted clientname. If a victim user authorized the OAuth consent dialog and a second user subsequently revoked that access, a toast notification would render the injected script. Clicking the link would execute...