3355 matches found
PraisonAI 安全漏洞
PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI prior to 4.5.90 contained security vulnerabilities. These vulnerabilities stemmed from the MCPToolIndex.searchtools function directly compiling the string provided by the caller into...
OpenPrinting CUPS 安全漏洞
OpenPrinting CUPS is an open-source printing system developed by OpenPrinting Inc., suitable for Linux® and other Unix®-based operating systems. OpenPrinting CUPS versions 2.4.16 and earlier contain security vulnerabilities. These vulnerabilities stem from a heap-based buffer overflow vulnerabili...
CVE-2026-34593
Ash Framework is a declarative, extensible framework for building Elixir applications. Prior to version 3.22.0, Ash.Type.Module.castinput/2 unconditionally creates a new Erlang atom via Module.concatvalue for any user-supplied binary string that starts with "Elixir.", before verifying whether the...
openssl-encrypt's readiness endpoint leaks database error details to unauthenticated callers
Summary The /ready endpoint in opensslencryptserver/server.py at lines 159-175 catches database errors and returns the full exception string in the response. Affected Code python except Exception as e: return "status": "notready", "reason": stre Impact Database exception messages can leak: -...
CVE-2026-23403
A flaw was found in AppArmor within the Linux kernel. This vulnerability, located in the verifyheader function, causes a memory leak by incorrectly handling namespace strings when multiple security profiles are processed. This can lead to a gradual depletion of system memory, potentially impactin...
Directory Traversal
Overview kedro is a Kedro helps you build production-ready data and analytics pipelines Affected versions of this package are vulnerable to Directory Traversal due to unsanitized version strings in versioned dataset path construction. The AbstractVersionedDataset.getversionedpath logic used durin...
Medium: rust-cargo-c
Issue Overview: A flaw in the gix-date library can generate invalid non-UTF8 strings, leading to undefined behavior when processed. The most likely impact from a successful attack is to data integrity, by the malicious data being able to corrupt data being hold in memory and to system availabilit...
CVE-2026-21717
A flaw was found in V8's string hashing mechanism within Node.js. A remote attacker can exploit this vulnerability by crafting requests containing integer-like strings. These specially crafted strings cause predictable hash collisions in V8's internal string table, particularly when processed by...
CVE-2026-34400
Alerta is a monitoring tool. Prior to version 9.1.0, the Query string search API q= was vulnerable to SQL injection via the Postgres query parser, which built WHERE clauses by interpolating user-supplied search terms directly into SQL strings via f-strings. This issue has been patched in version...
Apple macOS Integer Overflow Vulnerability
Apple macOS is a specialized operating system developed by Apple for Mac computers. An integer overflow vulnerability exists in Apple macOS, which can be exploited by an attacker to cause heap corruption when processing malicious strings...
PT-2026-36445
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the netfilter x tables component where names are not properly null-terminated. This occurs when names lacking a 0 character are passed to functions expecting C-strings...
EUVD-2026-17182
A flaw in V8's string hashing mechanism causes integer-like strings to be hashed to their numeric value, making hash collisions trivially predictable. By crafting a request that causes many such collisions in V8's internal string table, an attacker can significantly degrade performance of the...
binary-exploitation-writeups
Binary Exploitation Writeups A collection of pwn challenges c...
CVE-2026-21717
A flaw in V8's string hashing mechanism causes integer-like strings to be hashed to their numeric value, making hash collisions trivially predictable. By crafting a request that causes many such collisions in V8's internal string table, an attacker can significantly degrade performance of the...
UBUNTU-CVE-2026-21717
A flaw in V8's string hashing mechanism causes integer-like strings to be hashed to their numeric value, making hash collisions trivially predictable. By crafting a request that causes many such collisions in V8's internal string table, an attacker can significantly degrade performance of the...
CVE-2026-21717
CVE-2026-21717 affects multiple Node.js releases (nodejs20, nodejs22, nodejs24, nodejs25) with the root cause in V8 string hashing causing integer-like strings to hash to their numeric value, enabling hash collisions that can degrade Node.js process performance. Public details show nodejs24 is af...
CVE-2026-21717
A flaw in V8's string hashing mechanism causes integer-like strings to be hashed to their numeric value, making hash collisions trivially predictable. By crafting a request that causes many such collisions in V8's internal string table, an attacker can significantly degrade performance of the...
CVE-2026-21717
A flaw in V8's string hashing mechanism causes integer-like strings to be hashed to their numeric value, making hash collisions trivially predictable. By crafting a request that causes many such collisions in V8's internal string table, an attacker can significantly degrade performance of the...
CVE-2026-21717
A flaw in V8's string hashing mechanism causes integer-like strings to be hashed to their numeric value, making hash collisions trivially predictable. By crafting a request that causes many such collisions in V8's internal string table, an attacker can significantly degrade performance of the...
CVE-2026-21717
A flaw in V8's string hashing mechanism causes integer-like strings to be hashed to their numeric value, making hash collisions trivially predictable. By crafting a request that causes many such collisions in V8's internal string table, an attacker can significantly degrade performance of the...