10980 matches found
EUVD-2026-39432
3X-UI is a web control panel for managing Xray-core servers. Prior to 3.3.1, an authenticated administrator can abuse the database import functionality to achieve arbitrary file write on the host by modifying Xray configuration values stored in the database. This can be leveraged to obtain code...
CVE-2026-42389
This fix provides extra hardening for the 5.4.x branch by doing extra validation of incoming answers from authoritative servers...
CVE-2026-42389 Reject more queries with invalid header values
This fix provides extra hardening for the 5.4.x branch by doing extra validation of incoming answers from authoritative servers...
EUVD-2026-39388
This fix provides extra hardening for the 5.4.x branch by doing extra validation of incoming answers from authoritative servers...
CVE-2026-42389
This fix provides extra hardening for the 5.4.x branch by doing extra validation of incoming answers from authoritative servers...
CVE-2026-42389
This fix provides extra hardening for the 5.4.x branch by doing extra validation of incoming answers from authoritative servers...
CVE-2026-42389
CVE-2026-42389 fixes an issue by adding extra hardening in the 5.4.x branch through enhanced validation of incoming answers from authoritative servers (no exploited details provided in the documents).
EUVD-2026-38826
In the Linux kernel, the following vulnerability has been resolved: libceph: Fix potential out-of-bounds access in osdmapdecode When decoding osdstate and osdweight from an incoming osdmap in osdmapdecode, both are decoded for each osd, i.e., map-maxosd times. The cephdecodeneed check only accoun...
CVE-2026-12958
Missing symlink validation in Language Servers for AWS may allow an arbitrary file write outside of the workspace trust boundary. This may occur when a local user opens a workspace with a maliciously crafted symlink that resolves to a file path outside the workspace trust boundary. To remediate...
CVE-2026-12957
Improper trust boundary enforcement in Language Servers for AWS before version 1.65.0 on all supported platforms may allow a for arbitrary code execution. If a local user opens a maliciously crafted workspace, any commands within the project configuration files may be automatically executed. This...
CVE-2026-12958 Arbitrary file write in Language Servers for AWS
Missing symlink validation in Language Servers for AWS may allow an arbitrary file write outside of the workspace trust boundary. This may occur when a local user opens a workspace with a maliciously crafted symlink that resolves to a file path outside the workspace trust boundary. To remediate...
EUVD-2026-38489
Missing symlink validation in Language Servers for AWS may allow an arbitrary file write outside of the workspace trust boundary. This may occur when a local user opens a workspace with a maliciously crafted symlink that resolves to a file path outside the workspace trust boundary. To remediate...
CVE-2026-12958
CVE-2026-12958 affects Language Servers for AWS due to missing symlink validation, allowing arbitrary file write outside the workspace trust boundary when a user opens a workspace containing a crafted symlink. The issue is reported across multiple sources (CVE entry, NVD, and related databases). ...
EUVD-2026-38488
Improper trust boundary enforcement in Language Servers for AWS before version 1.65.0 on all supported platforms may allow a for arbitrary code execution. If a local user opens a maliciously crafted workspace, any commands within the project configuration files may be automatically executed. This...
CVE-2026-12957 Arbitrary Code Execution in Language Servers for AWS
Improper trust boundary enforcement in Language Servers for AWS before version 1.65.0 on all supported platforms may allow a for arbitrary code execution. If a local user opens a maliciously crafted workspace, any commands within the project configuration files may be automatically executed. This...
CVE-2026-12957
Improper trust boundary enforcement in Language Servers for AWS before version 1.65.0 on all supported platforms may allow a for arbitrary code execution. If a local user opens a maliciously crafted workspace, any commands within the project configuration files may be automatically executed. This...
PT-2026-51547
Name of the Vulnerable Software and Affected Versions Language Servers for AWS versions prior to 1.65.0 Description Improper trust boundary enforcement in the Model Context Protocol MCP server configurations within Amazon Q Developer allows for arbitrary code execution. If a local user opens a...
PT-2026-51548
Name of the Vulnerable Software and Affected Versions Language Servers for AWS versions prior to 1.69.0 Description Missing symlink validation may allow an arbitrary file write outside of the workspace trust boundary. This occurs when a local user opens a workspace containing a maliciously crafte...
CVE-2026-48746
vLLM is an inference and serving engine for large language models LLMs. From 0.3.0 until 0.22.0, a vulnerability in ASGI web servers and starlette's trust on those web servers enables an authentication bypass of the OpenAI API AuthenticationMiddleware. It allows to use the API without providing t...
Stop Your Legacy Infrastructure from Hijacking Your AI Agents
Earlier this month, I spoke at the Gartner Security & Risk Management Summit about a blind spot most security programs are still not accounting for - how attackers are circumventing AI security programs by using legacy infrastructure to hijack AI agents. AI adoption is moving faster than security...