1089 matches found
ABB System 800xA, Symphony Plus IEC 61850
SUMMARY This vulnerability was privately reported relating to ABB’s implementation of the IEC 61850 communication stack for MMS client applications used in some Automation control system products. Note: IEC 61850 communication typically supports MMS and GOOSE protocols. Some ABB products support...
PraisonAI has critical RCE via `type: job` workflow YAML
praisonai workflow run loads untrusted YAML and if type: job executes steps through JobWorkflowExecutor in jobworkflow.py. This supports: - run: → shell command execution via subprocess.run - script: → inline Python execution via exec - python: → arbitrary Python script execution A malicious YAML...
CVE-2026-40021
Apache Log4net's XmlLayout https://logging.apache.org/log4net/manual/configuration/layouts.htmllayout-list and XmlLayoutSchemaLog4J https://logging.apache.org/log4net/manual/configuration/layouts.htmllayout-list , in versions before 3.3.0, fail to sanitize characters forbidden by the XML 1.0...
UBUNTU-CVE-2026-40023
Apache Log4cxx's XMLLayout https://logging.apache.org/log4cxx/1.7.0/classlog4cxx11xml11XMLLayout.html , in versions before 1.7.0, fails to sanitize characters forbidden by the XML 1.0 specification https://www.w3.org/TR/xml/charsets in log messages, NDC, and MDC property keys and values, producin...
Server-side Request Forgery (SSRF)
Overview @frontmcp/adapters is an Adapters for the FrontMCP framework Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the initialize process. An attacker can access internal network resources or sensitive local files by submitting a crafted OpenAPI...
Malicious code in ssf-desktop-api-specification (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b0b483f1c94deb76e7655d38cf4abdc31f984c39ed008ad293ea7614387704d3 The package ssf-desktop-api-specification was found to contain malicious code...
MAL-2026-1855 Malicious code in ssf-desktop-api-specification (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b0b483f1c94deb76e7655d38cf4abdc31f984c39ed008ad293ea7614387704d3 The package ssf-desktop-api-specification was found to contain malicious code...
Cross-site Scripting (XSS)
Vega is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to the attachment of vega library and a vega.View instance to the global window, and the allowance of user-defined Vega JSON definitions, which can lead to arbitrary JavaScript code execution. An attacker can exploit this...
CVE-2026-31801 zot create-only policy allows overwrite attempts of existing latest tag (update permission not required)
zot is ancontainer image/artifact registry based on the Open Container Initiative Distribution Specification. From 1.3.0 to 2.1.14, zot’s dist-spec authorization middleware infers the required action for PUT /v2/name/manifests/reference as create by default, and only switches to update when the t...
CVE-2026-31801
zot is ancontainer image/artifact registry based on the Open Container Initiative Distribution Specification. From 1.3.0 to 2.1.14, zot’s dist-spec authorization middleware infers the required action for PUT /v2/name/manifests/reference as create by default, and only switches to update when the t...
PT-2026-24461
Name of the Vulnerable Software and Affected Versions zot versions 1.3.0 through 2.1.14 Description zot is a container image/artifact registry based on the Open Container Initiative Distribution Specification. The dist-spec authorization middleware incorrectly infers the required action for PUT...
Expired Pointer Dereference
Overview Magick.NET-Q8-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...
Improper Following of Specification by Caller
Overview @bsv/sdk is a BSV Blockchain Software Development Kit Affected versions of this package are vulnerable to Improper Following of Specification by Caller in the Peer class, used by the processInitialRequest and processInitialResponse methods. An attacker can cause a signature to be...
CVE-2026-1977
A security vulnerability has been detected in isaacwasserman mcp-vegalite-server up to 16aefed598b8cd897b78e99b907f6e2984572c61. Affected by this vulnerability is the function eval of the component visualizedata. Such manipulation of the argument vegalitespecification leads to code injection. The...
CVE-2026-1977 isaacwasserman mcp-vegalite-server visualize_data eval code injection
A security vulnerability has been detected in isaacwasserman mcp-vegalite-server up to 16aefed598b8cd897b78e99b907f6e2984572c61. Affected by this vulnerability is the function eval of the component visualizedata. Such manipulation of the argument vegalitespecification leads to code injection. The...
CVE-2026-1977
A security vulnerability has been detected in isaacwasserman mcp-vegalite-server up to 16aefed598b8cd897b78e99b907f6e2984572c61. Affected by this vulnerability is the function eval of the component visualizedata. Such manipulation of the argument vegalitespecification leads to code injection. The...
Data Visualization MCP Server 代码注入漏洞
The Data Visualization MCP Server is a context-based protocol server developed by Isaac Wasserman, designed for data visualization purposes. The Data Visualization MCP Server has a code injection vulnerability, which stems from incorrect handling of the vegalitespecification parameter, potentiall...
PT-2026-6671
Name of the Vulnerable Software and Affected Versions isaacwasserman mcp-vegalite-server versions prior to 16aefed598b8cd897b78e99b907f6e2984572c61 Description A security issue exists in the eval function of the visualize data component. Manipulation of the vegalite specification argument can lea...
CVE-2026-23060
In the Linux kernel, the following vulnerability has been resolved: crypto: authencesn - reject too-short AAD assoclen8 to match ESP/ESN spec authencesn assumes an ESP/ESN-formatted AAD. When assoclen is shorter than the minimum expected length, cryptoauthencesndecrypt can advance past the end of...
curl: MQTT Protocol Packet Injection via Unchecked CONNACK Remaining Length
I'm not sure if this is a vulnerability or intended behavior, but I noticed that curl MQTT implementation accepts CONNACK packets with Remaining Length values greater than 2, which appears to violate the MQTT v3.1.1 specification. According to the MQTT spec, CONNACK packets should have a Remainin...