8 matches found
CVE-2026-14151
Inappropriate implementation in AI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Low...
CVE-2026-13508
A flaw has been found in khoj-ai khoj up to 2.0.0-beta.28. This impacts an unknown function of the file src/khoj/routers/apichat.py of the component Conversation Sharing Handler. This manipulation of the argument conversation.agent causes incorrect authorization. Remote exploitation of the attack...
CVE-2026-13508
Affects khoj-ai khoj versions up to 2.0.0-beta.28; vulnerable component is the Conversation Sharing Handler in src/khoj/routers/api_chat.py, where manipulation of conversation.agent leads to incorrect authorization. The issue enables remote exploitation (exploit published) with attack vector over...
PT-2026-53164
Name of the Vulnerable Software and Affected Versions khoj-ai khoj versions prior to 2.0.0-beta.29 Description A flaw in the Conversation Sharing Handler component within the file src/khoj/routers/api chat.py allows for incorrect authorization. This occurs through the manipulation of the...
Moonshot AI Kimi AI 安全漏洞
Moonshot AI Kimi AI is an artificial intelligence assistant developed by the company Moonshot AI. It features long-text comprehension, multi-modal interaction, intelligent search capabilities, and agent functions. Version 1.0 of Moonshot AI Kimi AI contains a security vulnerability. This...
PT-2026-45184
A security flaw has been discovered in Aider-AI Aider 0.86.3. Affected by this vulnerability is the function editor coder.run of the file auth.py of the component Architect Mode. Performing a manipulation results in code injection. Remote exploitation of the attack is possible. The exploit has be...
PT-2026-31492
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 147.0.7727.55 Description A use after free issue existed in PrivateAI within Google Chrome. A remote attacker could potentially perform a sandbox escape by convincing a user to interact with a crafted HTML page...
EUVD-2026-12373
A flaw has been found in vanna-ai vanna up to 2.0.2. This impacts the function removetrainingdata of the file src/vanna/legacy/google/bigqueryvector.py. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used...