CVE-2026-45374 CodeWhale: task_create Insecure Defaults Enable RCE via Prompt Injection in Project Files

CodeWhale is a DeepSeek + MiMo coding agent in terminal. Prior to 0.8.26, the taskcreate tool spawns durable sub-agents that inherit two insecure defaults, allowshell defaults to true config.rs:1499: self.allowshell.unwraportrue and autoapprove defaults to true taskmanager.rs:297: autoapprove:...

EUVD-2020-22460

Malware in sbrugna...

CVE-2025-24315

Unauthenticated attackers can add devices of other users to their scenes or arbitrary scenes of other arbitrary users...

CVE-2024-11720 Frontend Admin by DynamiApps <= 3.24.5 - Unauthenticated Stored Cross-Site Scripting

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via submission forms in all versions up to, and including, 3.24.5 due to insufficient input sanitization and output escaping on the new Taxonomy form. This makes it possible for unauthenticated...

CVE-2022-36452

A vulnerability in the web conferencing component of Mitel MiCollab through 9.5.0.101 could allow an unauthenticated attacker to upload malicious files. A successful exploit could allow an attacker to execute arbitrary code within the context of the application...