Nanobot code issues and vulnerabilities

Nanobot is a lightweight personal AI assistant open-source by Data Intelligence Lab@HKU. Versions of Nanobot prior to 0.2.1 contained code vulnerabilities. These vulnerabilities stemmed from server-side request forgeing issues in the Microsoft Teams channel processing program. This could allow...

WordPress Hostel plugin <= 1.1.6 - Reflected Cross-Site Scripting via 'shortcode_id' Parameter vulnerability

Reflected Cross-Site Scripting via 'shortcodeid' Parameter vulnerability discovered by Bee - FPT University in WordPress Plugin Hostel versions = 1.1.6...

TitanCA: Lessons from Orchestrating LLM Agents to Discover 100+ CVEs

Software vulnerabilities remain one of the most persistent threats to modern digital infrastructure. While static application security testing SAST tools have long served as the first line of defense, they suffer from high false-positive rates. This article presents TitanCA, a collaborative proje...

OpenHarness 安全漏洞

OpenHarness is a lightweight development and runtime framework for Data Intelligence Lab@HKU, open source in nature. There is a security vulnerability in OpenHarness; this vulnerability stems from incomplete path normalization in the permission checker, which may lead to access to sensitive files...

ChatGPT under scrutiny as Florida investigates campus shooting

Chatbots don't kill people. But they can help others do so. On April 9, Florida Attorney General James Uthmeier announced that his office is investigating OpenAI over the role ChatGPT might have played in a deadly shooting at Florida State University, saying: "Subpoenas are coming." The campus...

nanobot 安全漏洞

Nanobot is a lightweight personal AI assistant open-source by Data Intelligence Lab@HKU. Versions of Nanobot prior to 0.1.5 contained a security vulnerability; this vulnerability stemmed from the WebSocket server not verifying the Origin header, which could lead to cross-site WebSocket hijacking...

CampusConnect 安全漏洞

CampusConnect is a university social networking application developed by CampusConnect in Ireland. Versions of CampusConnect prior to 14.3.5 contained a security vulnerability due to the use of hard-coded encryption keys...

CVE-2026-1879

A vulnerability was detected in Harvard University IQSS Dataverse up to 6.8. This affects an unknown function of the file /ThemeAndWidgets.xhtml of the component Theme Customization. Performing a manipulation of the argument uploadLogo results in unrestricted upload. Remote exploitation of the...

CVE-2026-1879

CVE-2026-1879 affects Harvard IQSS Dataverse (up to 6.8) in the Theme Customization component, specifically the ThemeAndWidgets.xhtml file. A manipulation of the argument uploadLogo enables unrestricted file upload, enabling remote exploitation. The exploit is public, and upgrading to version 6.1...

nanobot 安全漏洞

Nanobot is a lightweight personal AI assistant open-source by Data Intelligence Lab@HKU. Versions of Nanobot prior to 0.1.6 contained a security vulnerability. This vulnerability stemmed from an indirect prompt injection issue in the email channel processing module, which could allow remote...

CVE-2026-3982

A vulnerability was determined in itsourcecode University Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /viewresult.php. Executing a manipulation of the argument vr can lead to cross site scripting. The attack can be executed remotely. The exploit h...

CVE-2026-4474

A flaw has been found in itsourcecode University Management System 1.0. Impacted is an unknown function of the file /adminsinglestudentupdate.php. This manipulation of the argument stname causes cross site scripting. The attack may be initiated remotely. The exploit has been published and may be...

CVE-2026-4356

A flaw has been found in itsourcecode University Management System 1.0. Affected is an unknown function of the file /addresult.php. Executing a manipulation of the argument vr can lead to cross site scripting. The attack may be launched remotely. The exploit has been published and may be used...

CVE-2026-3944

A vulnerability was determined in itsourcecode University Management System 1.0. This vulnerability affects unknown code of the file /attadd.php. This manipulation of the argument Name causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be...

EUVD-2026-13590

A flaw has been found in itsourcecode University Management System 1.0. Impacted is an unknown function of the file /adminsinglestudentupdate.php. This manipulation of the argument stname causes cross site scripting. The attack may be initiated remotely. The exploit has been published and may be...

CVE-2026-4474

A flaw has been found in itsourcecode University Management System 1.0. Impacted is an unknown function of the file /adminsinglestudentupdate.php. This manipulation of the argument stname causes cross site scripting. The attack may be initiated remotely. The exploit has been published and may be...

CVE-2026-4474

A flaw has been found in itsourcecode University Management System 1.0. Impacted is an unknown function of the file /adminsinglestudentupdate.php. This manipulation of the argument stname causes cross site scripting. The attack may be initiated remotely. The exploit has been published and may be...

CVE-2026-4474 itsourcecode University Management System admin_single_student_update.php cross site scripting

A flaw has been found in itsourcecode University Management System 1.0. Impacted is an unknown function of the file /adminsinglestudentupdate.php. This manipulation of the argument stname causes cross site scripting. The attack may be initiated remotely. The exploit has been published and may be...

CVE-2026-4474

The CVE-2026-4474 entry concerns itsourcecode University Management System 1.0. The vulnerability lies in the admin_single_student_update.php function, where manipulation of the st_name argument enables cross-site scripting (XSS). The attack can be initiated remotely and exploit code has been pub...

CVE-2026-4474 itsourcecode University Management System admin_single_student_update.php cross site scripting

A flaw has been found in itsourcecode University Management System 1.0. Impacted is an unknown function of the file /adminsinglestudentupdate.php. This manipulation of the argument stname causes cross site scripting. The attack may be initiated remotely. The exploit has been published and may be...