CVE-2026-48116

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, the filesystem-search-files agent skill passes its LLM-controlled pattern parameter to ripgrep as a positional argument without a -- end-of-options separato...

CVE-2026-48116 AnythingLLM: RCE via ripgrep --pre argument injection in filesystem-search-files agent skill

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, the filesystem-search-files agent skill passes its LLM-controlled pattern parameter to ripgrep as a positional argument without a -- end-of-options separato...

CVE-2026-48116

AnythingLLM CVE-2026-48116: Prior to 1.13.0, the filesystem-search-files agent passes a user-controlled pattern to ripgrep as a positional argument without a -- end-of-options separator. ripgrep interprets arguments starting with - as options, so a pattern like --pre=/bin/sh can execute /bin/sh f...

Microsoft Graph Enterprise Intelligence Collector

This Metasploit auxiliary module interacts with the Microsoft Graph API to perform enterprise intelligence collection. It supports authentication using Azure AD application credentials or an existing access token and enables enumeration of Azure users, SharePoint sites, OneDrive files, and Exchan...

CVE-2020-36882 Flexsense DiskBoss Application Crash Denial of Service

Flexsense DiskBoss 7.7.14 allows unauthenticated attackers to upload arbitrary files via /Command/Search Files/Directory field, leading to a denial of service by crashing the application...

EUVD-2025-19434

Malicious code in bioql PyPI...

PT-2025-27259

Name of the Vulnerable Software and Affected Versions: Roo Code versions prior to 3.20.3 Description: The issue concerns the Roo Code agent's search files tool, which did not respect the setting to disable reads outside of the VS Code workspace. This allowed an attacker who could inject a prompt...

DiskBoss 7.7.14 Local Buffer Overflow

Exploit Title: DiskBoss 7.7.14 - 'Input Directory' Local Buffer Overflow PoC Vendor Homepage: https://www.diskboss.com/ Software Link Download: https://github.com/x00x00x00x00/diskboss7.7.14/raw/master/diskbosssetupv7.7.14.exe Exploit Author: Paras Bhatia Discovery Date: 2020-04-01 Vulnerable...

PT-2008-5548 · Microsoft · Windows Server 2008 +3

Name of the Vulnerable Software and Affected Versions: Microsoft Windows versions prior to the fixed version Description: A remote code execution issue exists due to improper memory handling during the saving of a search file. This allows attackers to execute arbitrary code via a crafted...

Microsoft Windows Explorercode execution

Problem while parsing saved search files .search-ms...

CVE-2008-1435

Windows Explorer in Microsoft Windows Vista up to SP1, and Server 2008, allows user-assisted remote attackers to execute arbitrary code via crafted saved-search .search-ms files that are not properly handled when saving, aka "Windows Saved Search Vulnerability."...