CVE-2026-5631

creationtimestamp| type| source ---|---|--- 2026-04-06 09:16:06+00:00| published-proof-of-concept| Telegram/5ijLrALAuqXYdoOjryiznkXUmcGfws-2xPX0cuo3yo2hM 2026-04-06 10:58:16+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mit47mt5u52j...

gpt-researcher-mcp (>=0.1.0 <=0.1.5), iflow-mcp-joshualelon-deep-research-mcp (=0.1.0) +1 more potentially affected by CVE-2026-5631 via gpt-researcher (=0.14.8)

gpt-researcher PYPI version =0.14.8 is affected by a known vulnerability. The following packages have a transitive dependency on gpt-researcher and may be impacted: - gpt-researcher-mcp =0.1.0, =2.1.6, =2.1.8 Source cves: CVE-2026-5631 Source advisory: SNYK:PYTHON-GPTRESEARCHER-15917487...

CVE-2026-5631 assafelovic gpt-researcher ws Endpoint server_utils.py extract_command_data code injection

A vulnerability has been found in assafelovic gpt-researcher up to 3.4.3. This affects the function extractcommanddata of the file backend/server/serverutils.py of the component ws Endpoint. Such manipulation of the argument args leads to code injection. The attack may be performed from remote. T...

EUVD-1999-1009

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2016-5631

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Memcached...

CVE-2025-5631

creationtimestamp| type| source ---|---|--- 2025-06-05 04:00:35+00:00| published-proof-of-concept| Telegram/zv9JWZhXyWGVTukOVqho47sHM0os5LdGN6IAfmTAUbcmk...

CVE-2025-5631

A vulnerability was found in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. It has been classified as critical. Affected is an unknown function of the file /publicposts.php. The manipulation of the argument post leads to sql injection. It is possible to launch the attack...

CVE-2025-5631 code-projects/anirbandutta9 Content Management System/News-Buzz publicposts.php sql injection

A vulnerability was found in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. It has been classified as critical. Affected is an unknown function of the file /publicposts.php. The manipulation of the argument post leads to sql injection. It is possible to launch the attack...

CVE-2020-5631

Stored cross-site scripting vulnerability in CMONOS.JP ver2.0.20191009 and earlier allows remote attackers to inject arbitrary script via unspecified vectors...

About Cross Site Scripting – Roundcube Webmail (CVE-2024-37383) vulnerability

About Cross Site Scripting - Roundcube Webmail CVE-2024-37383 vulnerability. Roundcube is a web-based email client with functionality comparable to desktop email clients such as Outlook Express or Mozilla Thunderbird. The vulnerability is caused by an error in the processing of SVG elements in th...

CVE-2024-5631

Longse NVR Network Video Recorder model NVR3608PGE2W, as well as products based on this device, are transmitting user's login and password to a remote control service without using any encryption. This enables an on-path attacker to eavesdrop the credentials and subsequently obtain access to the...

Ubuntu: Security Advisory (USN-6848-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : Roundcube vulnerabilities (USN-6848-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6848-1 advisory. Matthieu Faou and Denys Klymenko discovered that Roundcube incorrectly handled certain SVG images. A remote...

openSUSE: Security Advisory for roundcubemail (openSUSE-SU-2023:0345-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2012-5631

creationtimestamp| type| source ---|---|--- 2024-02-27 08:16:57+00:00| seen| https://t.me/ctinow/194074...

Debian: Security Advisory (DSA-5631-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Attacks, Vulnerabilities and Actors 23 October to 29 October 2023

For a detailed threat digest, download the pdf file here Summary HiveForce Labs has recently made several significant discoveries related to cybersecurity threats. Over the past week, we identified a total of seven executed attacks, two instances of adversary activity, and three exploited...

Winter Vivern Capitalizes on Zero-Day Flaw in Roundcube

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Winter Vivern cyberespionage group has been actively exploiting a zero-day vulnerability in the Roundcube webmail. The identified vulnerability, CVE-2023-5631, permits stored cross-site scripting...

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-5631 Roundcube Webmail Persistent Cross-Site Scripting XSS Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors an...

Nation State Hackers Exploiting Zero-Day in Roundcube Webmail Software

The threat actor known as Winter Vivern has been observed exploiting a zero-day flaw in Roundcube webmail software on October 11, 2023, to harvest email messages from victims' accounts. "Winter Vivern has stepped up its operations by using a zero-day vulnerability in Roundcube," ESET security...