CVE-2026-54149: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in 1Panel-dev MaxKB
MaxKB is an open-source AI assistant for enterprise. Prior to 2.10.0-lts, MaxKB tool import functionality in apps/tools/serializers/tool.py and MCP referencing mode in…
Read the full articleYou might also wanna read

WAF - WAF Release - 2026-04-07
This week's release introduces new detections for a critical Remote Code Execution (RCE) vulnerability in MCP Server (CVE-2026-23744), along

WAF - WAF Release - 2025-10-06
This week’s highlights prioritise an emergency Oracle E-Business Suite RCE rule deployed to block active, high-impact exploitation. Also add
Critical Pre-Auth RCE Vulnerability (CVE-2026-8037) Discovered in Progress Kemp LoadMaster — CVSS 9.8
Critical Progress Kemp LoadMaster Vulnerability Enables Pre-Auth Remote Code Execution – Patch Now Before Attackers Do + Video - "Undercode
undercodetesting.com·9d ago
WAF - WAF Release - 2026-04-21
This week's release introduces a new detection for a Remote Code Execution (RCE) vulnerability in Apache ActiveMQ (CVE-2026-34197) and an up
CVE-2026-8037: Critical Unauthenticated RCE in Progress Kemp LoadMaster Actively Exploited
CVE-2026-8037: Unauthenticated RCE in Progress Kemp LoadMaster – Patch Now or Get Pwned + Video - "Undercode Testing": Monitor hackers like
undercodetesting.com·6d agoThreat actors exploit Model Context Protocol to poison AI agents in enterprise deployments
Threat actors are abusing the Model Context Protocol (MCP) to poison AI agents, exploit rug pulls, and trigger STDIO command injection acros
hendryadrian.com·20d agoThreat actors exploit Model Context Protocol to poison AI agents in enterprise deployments
Threat actors are abusing the Model Context Protocol (MCP) to poison AI agents, exploit rug pulls, and trigger STDIO command injection acros
hendryadrian.com·20d ago
Comments
Sign in to join the conversation.
No comments yet. Be the first.