24 matches found
CVE-2026-8795
A YAML injection vulnerability exists in the Windows.Collectors.Remapping artifact of Rapid7 Velociraptor before version 0.76.6. The hostname field in clientinfo.json inside a collection ZIP is inserted into a YAML template via Go's text/template without escaping. An attacker providing a crafted...
CVE-2026-8795
A YAML injection vulnerability exists in the Windows.Collectors.Remapping artifact of Rapid7 Velociraptor before version 0.76.6. The hostname field in clientinfo.json inside a collection ZIP is inserted into a YAML template via Go's text/template without escaping. An attacker providing a crafted...
CVE-2026-8795
A YAML injection vulnerability exists in the Windows.Collectors.Remapping artifact of Rapid7 Velociraptor before version 0.76.6. The hostname field in clientinfo.json inside a collection ZIP is inserted into a YAML template via Go's text/template without escaping. An attacker providing a crafted...
CVE-2026-8795
The issue affects Rapid7 Velociraptor’s Windows.Collectors.Remapping artifact prior to version 0.76.6. In collection ZIPs, the hostname field from client_info.json is inserted into a YAML template via Go's text/template without escaping. An attacker supplying a crafted collection ZIP can use lite...
EUVD-2026-35289
A YAML injection vulnerability exists in the Windows.Collectors.Remapping artifact of Rapid7 Velociraptor before version 0.76.6. The hostname field in clientinfo.json inside a collection ZIP is inserted into a YAML template via Go's text/template without escaping. An attacker providing a crafted...
CVE-2026-8795
A YAML injection vulnerability exists in the Windows.Collectors.Remapping artifact of Rapid7 Velociraptor before version 0.76.6. The hostname field in clientinfo.json inside a collection ZIP is inserted into a YAML template via Go's text/template without escaping. An attacker providing a crafted...
CVE-2026-8795
A YAML injection vulnerability exists in the Windows.Collectors.Remapping artifact of Rapid7 Velociraptor before version 0.76.6. The hostname field in clientinfo.json inside a collection ZIP is inserted into a YAML template via Go's text/template without escaping. An attacker providing a crafted...
PT-2026-47541
A YAML injection vulnerability exists in the Windows.Collectors.Remapping artifact of Rapid7 Velociraptor before version 0.76.6. The hostname field in client info.json inside a collection ZIP is inserted into a YAML template via Go's text/template without escaping. An attacker providing a crafted...
nebula-mesh: Host advanced overrides allow YAML injection into agent config.yml
internal/configgen/generator.go:86,108,119 interpolates the operator-supplied ListenHost and TunDevice fields raw into a text/template that produces the agent's config.yml. internal/web/advanced.go:20-35 accepts both with only strings.TrimSpace — no character or shape validation. Exploit An...
PT-2026-47619
internal/configgen/generator.go:86,108,119 interpolates the operator-supplied ListenHost and TunDevice fields raw into a text/template that produces the agent's config.yml. internal/web/advanced.go:20-35 accepts both with only strings.TrimSpace — no character or shape validation. Exploit An...
PT-2026-46126
Name of the Vulnerable Software and Affected Versions jupyter enterprise gateway versions prior to 3.3.0 Description Unsafe Jinja2 template rendering allows for Kubernetes manifest injection. The server interpolates untrusted environment variables such as KERNEL XXX into Kubernetes manifests...
BentoML 安全漏洞
BentoML is an open-source model service library developed by BentoML. It is used to build high-performance and scalable artificial intelligence applications using Python. Versions of BentoML prior to 1.4.39 contained a security vulnerability. This vulnerability stemmed from the lack of escaping f...
Astra Linux – Vulnerability in Ruby 2.5
A issue was discovered in RDoc versions 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. When parsing .rdocoptions used for configuration in RDoc as a YAML file, object injection and resulting remote code execution are possible because there are no restrictions on the classes that c...
CVE-2026-27598
Dagu is a workflow engine with a built-in Web user interface. In versions up to and including 1.16.7, the CreateNewDAG API endpoint POST /api/v1/dags does not validate the DAG name before passing it to the file store. An authenticated user with DAG write permissions can write arbitrary YAML files...
MiracleLinux 8 : ruby:3.1 (AXSA:2024-8503:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8503:01 advisory. ruby: RCE vulnerability with .rdocoptions in RDoc CVE-2024-27281 ruby: Buffer overread vulnerability in StringIO CVE-2024-27280 ruby: Arbitrary memo...
vulnerable-python-poc-exploit
Отчет по анализу уязвимостей Python приложения vulnerable...
DEBIAN-CVE-2024-27281
An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. When parsing .rdocoptions used for configuration in RDoc as a YAML file, object injection and resultant remote code execution are possible because there are no restrictions on the classes that can be...
SUSE CVE-2017-2810
An exploitable vulnerability exists in the Databook loading functionality of Tablib 0.11.4. A yaml loaded Databook can execute arbitrary python commands resulting in command execution. An attacker can insert python into loaded yaml to trigger this vulnerability...
CVE-2022-29215
CVE-2022-29215 affects the RegionProtect plugin. Versions prior to 1.1.0 contain a YAML injection vulnerability that can cause an instant server crash when passed arguments do not match. Version 1.1.0 includes a patch for this issue. As a workaround, restrict operator permissions to untrusted use...
CVE-2022-29215 Argument Injection in RegionProtect
RegionProtect is a plugin that allows users to manage certain events in certain regions of the world. Versions prior to 1.1.0 contain a YAML injection vulnerability that can cause an instant server crash if the passed arguments are not matched. Version 1.1.0 contains a patch for this issue. As a...