This page collects WhisperX intelligence signals tagged #injection-vulnerability. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A critical data injection vulnerability has been identified in the Zustand persist middleware used by depthOS, potentially allowing attackers to inject malicious workspace data through unvalidated localStorage reads. The flaw, located in `src/stores/depthOSStore.ts` (lines 612-644), stems from the middleware loading pe...
A critical sanitization gap in the Linux desktop notification pipeline of Claude Desktop code has been identified during a post-#583 security review, leaving the `notify-send` execution path vulnerable to two distinct injection vectors. The flaw, rated HIGH severity by the reviewing analyst, resides in the `send_linux_...