CVE-2026-40887 @vendure/core has a SQL Injection vulnerability

Vendure is an open-source headless commerce platform. Starting in version 1.7.4 and prior to versions 2.3.4, 3.5.7, and 3.6.2, an unauthenticated SQL injection vulnerability exists in the Vendure Shop API. A user-controlled query string parameter is interpolated directly into a raw SQL expression...

Improper TLS Certificate Verification

github.com/traefik/traefik/v3 is vulnerable to improper TLS certificate verification. The vulnerability is due to incorrect handling of the proxy-ssl-verify annotation, which disables TLS verification when enabled, allowing an attacker to perform man-in-the-middle attacks on HTTPS backends...

SUSE CVE-2026-40253

openCryptoki is a PKCS11 library and provides tooling for Linux and AIX. In versions 3.26.0 and below, the BER/DER decoding functions in the shared common library asn1.c accept a raw pointer but no buffer length parameter, and trust attacker-controlled BER length fields without validating them...

PraisonAI: SQL Injection via unvalidated `table_prefix` in 9 conversation store backends (incomplete fix for CVE-2026-40315)

The fix for CVE-2026-40315 added input validation to SQLiteConversationStore only. Nine sibling backends — MySQL, PostgreSQL, async SQLite/MySQL/PostgreSQL, Turso, SingleStore, Supabase, SurrealDB — pass tableprefix straight into f-string SQL. Same root cause, same code pattern, same exploitation...

GHSA-RG3H-X3JW-7JM5 PraisonAI: SQL Injection via unvalidated `table_prefix` in 9 conversation store backends (incomplete fix for CVE-2026-40315)

The fix for CVE-2026-40315 added input validation to SQLiteConversationStore only. Nine sibling backends — MySQL, PostgreSQL, async SQLite/MySQL/PostgreSQL, Turso, SingleStore, Supabase, SurrealDB — pass tableprefix straight into f-string SQL. Same root cause, same code pattern, same exploitation...

Insertion of Sensitive Information Into Sent Data

Overview github.com/hashicorp/vault/vault is a tool for securely accessing secrets. Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data through the CheckToken request handling in vault/requesthandling.go. An attacker can cause Vault to forward a...

PT-2026-37121

Name of the Vulnerable Software and Affected Versions praisonai versions prior to 4.6.9 praisonaiagents versions prior to 1.6.9 Description Multiple backends in the multi-agent teams system fail to validate input, leading to arbitrary SQL execution. Specifically, nine backends—MySQL, PostgreSQL,...

DEBIAN-CVE-2026-40253

openCryptoki is a PKCS11 library and provides tooling for Linux and AIX. In versions 3.26.0 and below, the BER/DER decoding functions in the shared common library asn1.c accept a raw pointer but no buffer length parameter, and trust attacker-controlled BER length fields without validating them...

CVE-2026-40253

openCryptoki is a PKCS11 library and provides tooling for Linux and AIX. In versions 3.26.0 and below, the BER/DER decoding functions in the shared common library asn1.c accept a raw pointer but no buffer length parameter, and trust attacker-controlled BER length fields without validating them...

CVE-2026-40253

openCryptoki (PKCS#11 library) is affected in versions 3.26.0 and earlier due to BER/DER decoding in the shared asn1.c lacking a buffer length parameter and trusting BER lengths, enabling out-of-bounds reads when malformed BER objects are provided via C_CreateObject, C_UnwrapKey, token loading, o...

CVE-2026-40253 openCryptoki: Memory safety vulnerabilities in BER/DER decoders in asn1.c

openCryptoki is a PKCS11 library and provides tooling for Linux and AIX. In versions 3.26.0 and below, the BER/DER decoding functions in the shared common library asn1.c accept a raw pointer but no buffer length parameter, and trust attacker-controlled BER length fields without validating them...

CVE-2026-40253

openCryptoki is a PKCS11 library and provides tooling for Linux and AIX. In versions 3.26.0 and below, the BER/DER decoding functions in the shared common library asn1.c accept a raw pointer but no buffer length parameter, and trust attacker-controlled BER length fields without validating them...

PT-2026-33373

Name of the Vulnerable Software and Affected Versions openCryptoki versions prior to 3.26.1 Description The BER/DER decoding functions in the shared common library asn1.c accept a raw pointer without a buffer length parameter and trust attacker-controlled BER length fields without validating them...

GHSA-9PP3-53P2-WW9V @vendure/core has a SQL Injection vulnerability

Summary An unauthenticated SQL injection vulnerability exists in the Vendure Shop API. A user-controlled query string parameter is interpolated directly into a raw SQL expression without parameterization or validation, allowing an attacker to execute arbitrary SQL against the database. This affec...

PT-2026-33235

Name of the Vulnerable Software and Affected Versions @vendure/core versions prior to 2.3.4 @vendure/core versions 3.0.0 through 3.5.6 @vendure/core versions 3.6.0 through 3.6.1 Description An unauthenticated SQL injection exists in the Shop API and an authenticated SQL injection exists in the...

CVE-2026-35492

Kedro-Datasets PartitionedDataset has a path traversal vulnerability prior to 9.3.0, where partition IDs were concatenated with the dataset base path without validation, potentially allowing writing outside the dataset directory on local FS or storage backends (S3, GCS, etc.). The issue affects a...

Authorizer: CQL/N1QL Injection in Cassandra and Couchbase Backends via fmt.Sprintf String Interpolation

Vulnerability Details CWE: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic All 66+ CQL queries in internal/storage/db/cassandradb/ use fmt.Sprintf to interpolate user-controlled values directly into CQL query strings without parameterization. Unauthenticated endpoints...

CVE-2026-34750 Payload has Insufficient Filename Validation in Client-Upload Signed-URL Endpoints

Payload is a free and open source headless content management system. Prior to version 3.78.0 in @payloadcms/storage-azure, @payloadcms/storage-gcs, @payloadcms/storage-r2, and @payloadcms/storage-s3, the client-upload signed-URL endpoints for S3, GCS, Azure, and R2 did not properly sanitize...

Amazon Linux 2023 : gvfs, gvfs-archive, gvfs-client (ALAS2023-2026-1475)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1475 advisory. A flaw was found in the FTP GVfs backend. A malicious FTP server can exploit this vulnerability by providing an arbitrary IP address and port in its passive mode PASV response. The client...

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection in the Extension backend process. An attacker can execute arbitrary commands with root privileges on affected nodes by injecting malicious data into the flannel.alpha.coreos.com/backend-data annotation, which is then...