CVE-2026-8757 adenhq hive Delete Request routes_sessions.py _read_events_tail path traversal

A vulnerability was found in adenhq hive up to 0.11.0. This affects the function readeventstail of the file core/framework/server/routessessions.py of the component Delete Request Handler. Performing a manipulation results in path traversal. The attack may be initiated remotely. The exploit has...

EUVD-2026-30703

A vulnerability was found in adenhq hive up to 0.11.0. This affects the function readeventstail of the file core/framework/server/routessessions.py of the component Delete Request Handler. Performing a manipulation results in path traversal. The attack may be initiated remotely. The exploit has...

CVE-2026-8757

A vulnerability was found in adenhq hive up to 0.11.0. This affects the function readeventstail of the file core/framework/server/routessessions.py of the component Delete Request Handler. Performing a manipulation results in path traversal. The attack may be initiated remotely. The exploit has...

CVE-2026-8757

CVE-2026-8757 affects adenhq hive up to 0.11.0. The vulnerability lies in the Delete Request Handler’s function “read events tail” inside core/framework/server/routes_sessions.py, enabling path traversal via manipulation. It is exploitable remotely and an exploit has been published. Public source...

hive 路径遍历漏洞

Hive is a multi-agent workflow execution engine developed by Aden. Versions of Hive prior to 0.11.0 contained a path traversal vulnerability. This vulnerability stemmed from the readeventstail function in the Delete Request Handler component, where the routessessions.py file exhibited path...

LITE-SOC: Lightweight Security Operations Center Simulator for Cybersecurity Education

This innovative practice WIP paper describes LITE-SOC, a lightweight web-based Security Operations Center SOC simulator designed for instructor-led cybersecurity education. SOC analysts must triage large volumes of alerts, separate genuine threats from false positives, and communicate decisions...

CVE-2026-44564

Open WebUI (self-hosted offline AI platform) contains a vulnerability in the ydoc:document:update Socket.IO handler that allows read-only users to modify in-memory Yjs documents. The handler validates room membership but does not verify write permission, and read-only users join the document room...

CR Injection in SSE Encoder Enables Event Splitting via cow_sse:event/1

...

CVE-2026-44217

sse-channel is an SSE-implementation which can be used to any node.js http request/response stream. Prior to 4.0.1, implementations that allow user-provided values to be passed to event, retry or id fields are susceptible to event spoofing, where an attacker could inject arbitrary messages into t...

CVE-2026-44666

creationtimestamp| type| source ---|---|--- 2026-05-15 00:00:39+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mltznm4m4d2f 2026-05-15 00:00:58+00:00| seen| https://infosec.exchange/users/offseq/statuses/116575648891629346 2026-05-15 01:47:07+00:00| seen|...

@samanhappy/mcphub: SSE Endpoint Accepts Arbitrary Username from URL Path Without Authentication, Enabling User Impersonation

Summary A critical identity spoofing vulnerability in MCPHub allows any unauthenticated user to impersonate any other user — including administrators — on SSE Server-Sent Events and MCP transport endpoints. The server accepts a username from the URL path parameter and creates an internal user...

GHSA-WF8Q-WVV8-P8JF @samanhappy/mcphub: SSE Endpoint Accepts Arbitrary Username from URL Path Without Authentication, Enabling User Impersonation

Summary A critical identity spoofing vulnerability in MCPHub allows any unauthenticated user to impersonate any other user — including administrators — on SSE Server-Sent Events and MCP transport endpoints. The server accepts a username from the URL path parameter and creates an internal user...

CVE-2025-39790

creationtimestamp| type| source ---|---|--- 2026-05-14 10:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-134-10...

ROOT-APP-GOBINARY-CVE-2025-32445 CVE-2025-32445 in rootio-github.com/argoproj/argo-events - Patched by Root

Root has patched CVE-2025-32445 in the rootio-github.com/argoproj/argo-events package for Root:Go. Multiple fixed versions available...

EUVD-2026-30217

The My Calendar – Accessible Event Manager plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.7.9. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers,...

CVE-2026-7525

The My Calendar – Accessible Event Manager plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.7.9. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers,...

CVE-2026-44442

creationtimestamp| type| source ---|---|--- 2026-05-14 00:00:41+00:00| seen| https://infosec.exchange/users/offseq/statuses/116569986785870789 2026-05-14 00:00:42+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mlrj6rfwru2j 2026-05-14 21:07:08+00:00| seen|...

CVE-2026-0236 Prisma Browser: Code Injection Enables Security Controls Bypass

A code injection vulnerability in Palo Alto Networks Prisma® Browser on macOS fails to properly restrict access to its AppleScript interface allowing a locally authenticated non-admin user to leverage this exposed Apple Event handler to send unauthorized commands to the browser...

SUSE CVE-2022-49006

In the Linux kernel, the following vulnerability has been resolved: tracing: Free buffers when a used dynamic event is removed After 65536 dynamic events have been added and removed, the "type" field of the event then uses the first type number that is available not currently used by other events...

CVE-2026-31156

creationtimestamp| type| source ---|---|--- 2026-05-13 11:00:14+00:00| seen| Telegram/teG4DVBc85RVRMJm4el6jDQBtDWo8ajupjsz6y3TMCUVzzM 2026-05-13 15:00:06+00:00| seen| Telegram/cc4rNasGAf6eBRoD2kZTJIxW5lr85DmN8AZG7mw1GXsUUwc 2026-05-15 13:02:47+00:00| seen| https://t.me/bdufstecru/3165...