Skip to content

Commit fd8d251

Browse files
committed
add: AVE-1999-0214
1 parent 94a0f72 commit fd8d251

2 files changed

Lines changed: 37 additions & 5 deletions

File tree

vulns/1999/AVE-1999-0214.toml

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -4,21 +4,21 @@ published = ""
44
remediation = "Refer to vendor advisory and upgrade to fixed version."
55
score = 0.0
66
severity = "UNKNOWN"
7-
sources = ["redhat"]
8-
title = "CVE-1999-0804 漏洞"
7+
sources = ["exploitdb"]
8+
title = "CVE-1999-0027 漏洞"
99
updated = ""
1010

1111
[exploit]
1212
exp_urls = []
1313
poc_urls = []
1414

1515
[id]
16-
aliases = ["CVE-1999-0804"]
16+
aliases = ["CVE-1999-0027"]
1717
ave_id = "AVE-1999-0214"
18-
cve_id = "CVE-1999-0804"
18+
cve_id = "CVE-1999-0027"
1919

2020
[meta]
21-
collected_at = "2026-07-11T00:12:04.667954695+00:00"
21+
collected_at = "2026-07-11T00:07:56.584880467+00:00"
2222
status = "completed"
2323

2424
[references]

vulns/2026/AVE-2026-0053.toml

Lines changed: 32 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,32 @@
1+
[id]
2+
ave_id = "AVE-2026-0053"
3+
cve_id = "CVE-2026-49471"
4+
aliases = ["CVE-2026-49471", "GHSA-37h2-6p4f-mp3q"]
5+
6+
[basic]
7+
title = "Serena AI 编程助手 Web 面板未授权访问致远程代码执行漏洞"
8+
description = "Serena 是一款 AI 编程助手,其内置 Web 管理面板默认在固定端口(TCP 24282)启动 Flask API 服务,未实施任何身份认证、CSRF 防护或 Host 头验证。攻击者可通过 DNS 重绑定攻击绕过浏览器同源策略,向本地 API 发送恶意请求写入持久化记忆存储。结合默认启用的 execute_shell_command 函数(shell=True),可触发完整的远程代码执行链,完全控制受害者主机。"
9+
severity = "HIGH"
10+
score = 7.5
11+
remediation = "升级至 Serena 官方已修复版本;或在配置中设置 web_dashboard: false 禁用 Web 面板;或通过防火墙限制 127.0.0.1 仅有本地访问 24282 端口。"
12+
published = "2026-07-10"
13+
updated = "2026-07-10"
14+
sources = ["ghsa"]
15+
16+
[affected]
17+
vendor = "Serena"
18+
product = "Serena AI Coding Agent"
19+
20+
[exploit]
21+
poc_urls = ["https://github.com/user-attachments/files/27755382/verify_vuln.py"]
22+
exp_urls = []
23+
24+
[references]
25+
urls = [
26+
"https://nvd.nist.gov/vuln/detail/CVE-2026-49471",
27+
"https://github.com/advisories/GHSA-37h2-6p4f-mp3q"
28+
]
29+
30+
[meta]
31+
status = "completed"
32+
collected_at = "2026-07-10T12:52:47Z"

0 commit comments

Comments
 (0)