418 matches found
CVE-2026-55477
3X-UI is a web control panel for managing Xray-core servers. Prior to 3.3.1, an authenticated administrator can abuse the database import functionality to achieve arbitrary file write on the host by modifying Xray configuration values stored in the database. This can be leveraged to obtain code...
CVE-2026-55477 Authenticated Arbitrary File Write via Database Import and Xray Log Path Manipulation
3X-UI is a web control panel for managing Xray-core servers. Prior to 3.3.1, an authenticated administrator can abuse the database import functionality to achieve arbitrary file write on the host by modifying Xray configuration values stored in the database. This can be leveraged to obtain code...
CVE-2026-55477
3X-UI before version 3.3.1 is affected. An authenticated administrator can abuse the database import functionality to write arbitrary files on the host by altering Xray configuration values stored in the database, enabling code execution and persistent access as the Xray process user (including r...
EUVD-2026-39432
3X-UI is a web control panel for managing Xray-core servers. Prior to 3.3.1, an authenticated administrator can abuse the database import functionality to achieve arbitrary file write on the host by modifying Xray configuration values stored in the database. This can be leveraged to obtain code...
poc_regex
pocregex pocregex: Extract th...
CVE-2026-41173
The AWS X-Ray Remote Sampler package provides a sampler which can get sampling configurations from AWS X-Ray. Prior to 0.1.0-alpha.8, OpenTelemetry.Sampler.AWS reads unbounded HTTP response bodies from a configured AWS X-Ray remote sampling endpoint into memory. AWSXRaySamplerClient.DoRequestAsyn...
CVE-2026-41173
OpenTelemetry.Sampler.AWS is affected by an unbounded HTTP response body read in the AWS X-Ray remote sampler prior to 0.1.0-alpha.8. The AWSXRaySamplerClient.DoRequestAsync call reads the entire HTTP response into memory (ReadAsStringAsync) without size limits, enabling an attacker controlling o...
PT-2026-34721
Name of the Vulnerable Software and Affected Versions OpenTelemetry.Sampler.AWS versions prior to 0.1.0-alpha.8 OpenTelemetry.Resources.AWS versions prior to 1.15.1 Description OpenTelemetry.Sampler.AWS and OpenTelemetry.Resources.AWS read unbounded HTTP response bodies from configured endpoints...
xray-poc-converter
Xray POC Converter Skill This skill converts POC content from...
MINI-8XRF-96XW-WW2F
Bulletin has no description...
CVE-2026-24874
Access of Resource Using Incompatible Type 'Type Confusion' vulnerability in themrdemonized xray-monolith.This issue affects xray-monolith: before 2025.12.30...
CVE-2026-24874
Access of Resource Using Incompatible Type 'Type Confusion' vulnerability in themrdemonized xray-monolith.This issue affects xray-monolith: before 2025.12.30...
CVE-2026-24874
Access of Resource Using Incompatible Type 'Type Confusion' vulnerability in themrdemonized xray-monolith.This issue affects xray-monolith: before 2025.12.30...
CVE-2026-24874 Type confusion in xray-monolith
Access of Resource Using Incompatible Type 'Type Confusion' vulnerability in themrdemonized xray-monolith.This issue affects xray-monolith: before 2025.12.30...
CVE-2026-24874 Type confusion in xray-monolith
Access of Resource Using Incompatible Type 'Type Confusion' vulnerability in themrdemonized xray-monolith.This issue affects xray-monolith: before 2025.12.30...
CVE-2026-24874
Access of Resource Using Incompatible Type 'Type Confusion' vulnerability in themrdemonized xray-monolith.This issue affects xray-monolith: before 2025.12.30...
EUVD-2026-4810
Access of Resource Using Incompatible Type 'Type Confusion' vulnerability in themrdemonized xray-monolith.This issue affects xray-monolith: before 2025.12.30...
CVE-2026-24874
CVE-2026-24874 describes a Type Confusion vulnerability in the “xray-monolith” project (affected version range: before 2025.12.30). The CVE is rated CRITICAL (CVSS 3.1: 9.1) with Network attack vector, no user interaction, and impact to confidentiality and integrity (both HIGH). Root cause identi...
PT-2026-4963
Access of Resource Using Incompatible Type 'Type Confusion' vulnerability in themrdemonized xray-monolith.This issue affects xray-monolith: before 2025.12.30...
Malicious code in ctosec-appsec-wb-xray-adapters (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 71bd5cbfd64c9f4eec926fb0345f7a31ed5a012dfcf6182a0a550c2d3ad93240 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...