SUSE CVE-2026-30861

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. From version 0.2.5 to before version 0.2.10, an unauthenticated remote code execution RCE vulnerability exists in the MCP stdio configuration validation. The application allows unrestricted user...

CVE-2026-30861

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. From version 0.2.5 to before version 0.2.10, an unauthenticated remote code execution RCE vulnerability exists in the MCP stdio configuration validation. The application allows unrestricted user...

CVE-2026-30861

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. From version 0.2.5 to before version 0.2.10, an unauthenticated remote code execution RCE vulnerability exists in the MCP stdio configuration validation. The application allows unrestricted user...

CVE-2026-30861

Technical details about CVE-2026-30861 are not provided in the connected documents. The initial description mentions the vulnerability and patch, but no deeper technical specifics. Monitor for updates and rely on official advisories for remediation.

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the ValidateStdioConfig process. An attacker can execute arbitrary commands with application privileges by bypassing argument validation using the -p flag in npx node. This allows full system compromise through...

ai.hyacinth.framework:core-service-trigger-server (>=0.5.0 <=0.5.24), ai.stainless:grails-tika (=0.1.0) +4897 more potentially affected by CVE-2026-27727 via com.mchange:mchange-commons-java (>=0.2.10 <=0.3.2)

com.mchange:mchange-commons-java MAVEN version =0.2.10, =0.5.0, =0.0.1, =0.2, =0.3, =0.2, =0.2, =0.3, =0.3, =0.3, =0.3, =0.3, =0.2, =0.3, =0.3, =0.6 and more Source cves: CVE-2026-27727 Source advisory: SNYK:JAVA-COMMCHANGE-15353394...

aiodatalayer (>=1.0.0 <=2.3.1), aiotieba-reviewer (>=0.5.0 <=0.6.2) +57 more potentially affected by CVE-2025-65896 via asyncmy (>=0.2.10 <=0.2.11)

asyncmy PYPI version =0.2.10, =1.0.0, =0.5.0, =1.0.8, =2.0.9, =1.0.8, =0.1.0, =1.0.0, =1.3.9, =0.1.1, =0.1.0, =0.2.0, =1.0.0, =0.1.0, =0.1.0, =0.1.3 and more Source cves: CVE-2025-65896 Source advisory: OSV:GHSA-QHQW-RRW9-25RM...

EUVD-2025-200319

SQL injection vulnerability in long2ice assyncmy thru 0.2.10 allows attackers to execute arbitrary SQL commands via crafted dict keys...

GHSA-QHQW-RRW9-25RM asyncmy is vulnerable to SQL injection via crafted dict keys

SQL injection vulnerability in long2ice asyncmy thru 0.2.10 allows attackers to execute arbitrary SQL commands via crafted dict keys...

asyncmy is vulnerable to SQL injection via crafted dict keys

SQL injection vulnerability in long2ice asyncmy thru 0.2.10 allows attackers to execute arbitrary SQL commands via crafted dict keys...

CVE-2025-65896

SQL injection vulnerability in long2ice assyncmy thru 0.2.10 allows attackers to execute arbitrary SQL commands via crafted dict keys...

PT-2025-48749

Name of the Vulnerable Software and Affected Versions long2ice assyncmy versions through 0.2.10 Description A SQL injection issue exists in long2ice assyncmy. Attackers can execute arbitrary SQL commands by using specially crafted dictionary keys. Recommendations At the moment, there is no...

CVE-2025-65896

CVE-2025-65896 affects the long2ice assyncmy Python package up through version 0.2.10, where a SQL injection is possible via crafted dict keys in escape_dict. The issue can enable arbitrary SQL commands with network access and no user interaction, with a CVSS v3.1 base score of 9.8 (CRITICAL). Co...

Fedora: Security Advisory (FEDORA-2025-a9d9780cbb)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2025-ada7909175)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 41 : sudo-rs (2025-ada7909175)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-ada7909175 advisory. Update to version 0.2.10. This release includes fixes for CVE-2025-64170 and CVE-2025-64517. Tenable has extracted the preceding description block...

Fedora 42 : sudo-rs (2025-4388808bbf)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-4388808bbf advisory. Update to version 0.2.10. This release includes fixes for CVE-2025-64170 and CVE-2025-64517. Tenable has extracted the preceding description block...

Fedora 43 : sudo-rs (2025-a9d9780cbb)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-a9d9780cbb advisory. Update to version 0.2.10. This release includes fixes for CVE-2025-64170 and CVE-2025-64517. Tenable has extracted the preceding description block...

EUVD-2025-150364

sudo-rs doesn't record authenticating user properly in timestamp...

UBUNTU-CVE-2025-64517

sudo-rs is a memory safe implementation of sudo and su written in Rust. With Defaults targetpw or Defaults rootpw enabled, the password of the target account or root account instead of the invoking user is used for authentication. sudo-rs starting in version 0.2.5 and prior to version 0.2.10...