Zpbrent

picklescan before 1.0.3 contains a scanning bypass vulnerability in the scan pytorch function that allows attackers to embed malicious magic numbers via dynamic eval using the reduce trick. Attackers can craft malicious PyTorch payloads that evade picklescan detection while remaining executable, enabling arbitrary code execution when loaded with torch.load().

**Name of the Vulnerable Software and Affected Versions** ZeptoClaw versions prior to 0.7.6 **Description** ZeptoClaw, a personal AI assistant, is affected by multiple security issues related to workspace boundary enforcement. These include a Dangling Symlink Component Bypass, a Time-of-Check-to-Time-of-Use (TOCTOU) race condition between validation and use, and a Hardlink Alias Bypass. The Dangling Symlink Component Bypass occurs because path validation may fail to detect unresolved symlink components during traversal checks, potentially allowing operations to escape workspace boundaries. The TOCTOU vulnerability arises from a time gap between path validation and subsequent filesystem operations, where a concurrent filesystem change could swap path components after validation, leading to a race-based workspace escape. The Hardlink Alias Bypass allows a file within the workspace to be a hardlink to an inode outside the trusted boundary, potentially enabling unauthorized access to external content through a seemingly in-scope path. These issues could lead to unauthorized cross-path boundary access. Proof-of-concept exploits demonstrate how to create dangling symlinks, manipulate paths during the validation-to-use window, and leverage hardlinks to bypass security checks. **Recommendations** Versions prior to 0.7.6 should be updated to version 0.7.6 to address these vulnerabilities.

**Name of the Vulnerable Software and Affected Versions** ZeptoClaw versions prior to 0.7.6 **Description** ZeptoClaw is a personal AI assistant. The generic webhook channel trusts identity fields (`sender`, `chat id`) provided in the request body without proper validation, and applies authorization checks to these untrusted values. Because authentication is optional and defaults to disabled (`auth token: None`), an attacker who can reach the `POST /webhook` endpoint can spoof an allowlisted sender and choose arbitrary `chat id` values. This enables high-risk message spoofing and potential IDOR-style session/chat routing abuse. The vulnerability stems from the system treating user-provided JSON identity as authoritative identity, and the lack of verification of sender authenticity beyond the payload value. The `chat id` is also attacker-controlled, allowing manipulation of routing and session association. **Recommendations** Versions prior to 0.7.6 should be updated to version 0.7.6 or later.

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.14 Description The Feishu extension allowed the `sendMediaFeishu` function to interpret attacker-controlled `mediaUrl` values as local filesystem paths, enabling direct file reading. An attacker influencing tool calls, potentially through prompt injection, could exfiltrate local files by providing paths like `/etc/passwd` as the `mediaUrl`. The fix removes direct local file reads and uses hardened helpers with local-root restrictions for media loading. Recommendations Upgrade to OpenClaw version 2026.2.14 or newer.

**Name of the Vulnerable Software and Affected Versions** NVIDIA NeMo Framework (affected versions not specified) **Description** The issue is related to improper control of code generation, which could be exploited through remote code execution. A successful exploit might lead to code execution and data tampering. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: TorchGeo (affected versions not specified) Description: The issue is related to incorrect code generation management in the TorchGeo library, which handles geospatial data. This can allow a remote attacker to execute arbitrary code. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Azure Command Line Integration (CLI) (affected versions not specified) **Description** The issue is related to an elevation of privilege vulnerability in the Azure Command Line Integration (CLI). It is associated with a failure to properly clean up data at the management level. Exploitation of this issue could allow a remote attacker to elevate their privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** The Quotes and Tips by BestWebSoft WordPress plugin versions prior to 1.45 **Description** The issue concerns the improper validation of image files uploaded by high privilege users, such as admins, allowing them to upload arbitrary files on the server, even in cases where they should not be allowed to, like in multisite setups. **Recommendations** For versions prior to 1.45, update to version 1.45 or later to resolve the issue. As a temporary workaround, consider restricting the upload capabilities of high privilege users to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** NocoDB versions prior to 0.202.9 **Description** A stored cross-site scripting vulnerability exists within the Formula virtual cell comments functionality. The `nc-gui/components/virtual-cell/Formula.vue` displays a `v-html` tag with the value of `urls` whose contents are processed by the function `replaceUrlsWithLink()`. This function recognizes the pattern `URI::(XXX)` and creates a hyperlink tag `<a>` with `href=XXX`. However, it leaves all the other contents outside of the pattern `URI::(XXX)` unchanged. This allows attackers to create a malicious table with a formula field whose payload is `<img src=1 onerror="malicious javascripts"URI::(XXX)`. The attackers can then share this table with others by enabling public viewing, and the victims who open the shared link can be attacked. The vulnerability can be exploited to steal the credentials of NocoDB users who click the malicious link. **Recommendations** For NocoDB versions prior to 0.202.9, update to version 0.202.9 or later to fix the stored cross-site scripting vulnerability. As a temporary workaround, consider disabling the `replaceUrlsWithLink()` function or restricting access to the Formula virtual cell comments functionality until a patch is available. Avoid using the `urls` value in the `v-html` tag until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** PaddlePaddle versions prior to 2.6.0 **Description** The issue is related to a nullptr dereference in the `paddle.crop` function, which can cause a runtime crash and a denial of service. **Recommendations** For versions prior to 2.6.0, update to version 2.6.0 or later to resolve the issue. As a temporary workaround, consider disabling the `paddle.crop` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** PaddlePaddle versions prior to 2.6.0 **Description** The issue is related to a flaw in `paddle.argmin` and `paddle.argmax` that can cause a runtime crash and a denial of service. This flaw can lead to a denial of service. **Recommendations** For versions prior to 2.6.0, update to version 2.6.0 or later to resolve the issue. As a temporary workaround, consider disabling the `paddle.argmin` and `paddle.argmax` functions until a patch is available.

**Name of the Vulnerable Software and Affected Versions** jsgui-lang-essentials (affected versions not specified) **Description** The issue allows alteration of all Object attributes, including magical attributes such as `proto`, `constructor`, and `prototype`, leading to Prototype Pollution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Masuit.Tools.Core versions all **Description** The issue concerns Arbitrary Code Execution via the ReceiveVarData<T> function in the SocketClient.cs component. This occurs because the socket client transmission lacks appropriate restrictions or type bindings for the BinaryFormatter, allowing a payload to be passed via user-controllable input after the connection is established. **Recommendations** For all versions, consider disabling the ReceiveVarData<T> function in the SocketClient.cs component as a temporary workaround until a patch is available. Restrict access to the SocketClient.cs component to minimize the risk of exploitation. Avoid using the BinaryFormatter without proper restrictions or type bindings in the affected component until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** SinGooCMS.Utility (affected versions not specified) **Description** The issue concerns the socket client in the SinGooCMS.Utility package, which lacks appropriate restrictions or type bindings for the BinaryFormatter. This allows user-controllable input to pass in the payload after the socket client has been established. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** swiper versions prior to 6.5.1 **Description** The issue affects the package swiper, making versions prior to 6.5.1 susceptible to prototype pollution. **Recommendations** For versions prior to 6.5.1, update to version 6.5.1 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: copy-props versions prior to 2.0.5 Description: The issue concerns Prototype Pollution via the main functionality of the copy-props package. Recommendations: For versions prior to 2.0.5, update to version 2.0.5 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: react-dev-utils versions prior to 11.0.4 Description: The issue concerns a function, `getProcessForPort`, where an input argument is concatenated into a command string to be executed. This function is typically used from react-scripts in Create React App projects, where the usage is safe. However, when this function is manually invoked with user-provided values, there is the potential for command injection. If the function is consumed from react-scripts, this issue does not affect the user. Recommendations: For react-dev-utils versions prior to 11.0.4, as a temporary workaround, consider avoiding manual invocation of the `getProcessForPort` function with user-provided values until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** phpipam/phpipam versions prior to 1.5.2 **Description** The issue is related to Cross-site Scripting (XSS) - Stored, which occurs when an application stores user input and later displays it without proper validation, allowing an attacker to inject malicious scripts. This can lead to unauthorized actions on behalf of the user. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited. **Recommendations** For versions prior to 1.5.2, update to version 1.5.2 or later to resolve the issue. As a temporary workaround, consider restricting user input validation to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** phpipam versions prior to 1.5.2 **Description** The issue is related to a lack of protection against SQL query structure manipulation in the app/admin/custom-fields/edit-result.php script of the phpipam web application for IP address management. This is due to the handling of user fields with parameters such as `fieldType=set` and `fieldSize='1'`. The exploitation of this issue may allow a remote attacker to execute arbitrary SQL commands. **Recommendations** For versions prior to 1.5.2, update to version 1.5.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the `edit-result.php` script in the `app/admin/custom-fields` directory until a patch is applied. Avoid using the `fieldType` and `fieldSize` parameters in the affected script until the issue is resolved.