LangSmith SDK: Streaming token events bypass output redaction

Summary The LangSmith SDK's output redaction controls hideOutputs in JS, hideoutputs in Python do not apply to streaming token events. When an LLM run produces streaming output, each chunk is recorded as a newtoken event containing the raw token value. These events bypass the redaction pipeline...

GHSA-RR7J-V2Q5-CHGV LangSmith SDK: Streaming token events bypass output redaction

Summary The LangSmith SDK's output redaction controls hideOutputs in JS, hideoutputs in Python do not apply to streaming token events. When an LLM run produces streaming output, each chunk is recorded as a newtoken event containing the raw token value. These events bypass the redaction pipeline...

WordPress plugin My Calendar 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

PT-2026-34593

Name of the Vulnerable Software and Affected Versions LangSmith JavaScript SDK versions prior to 0.5.19 LangSmith Python SDK versions prior to 0.7.31 Description Output redaction controls do not apply to streaming token events. When a Large Language Model run produces streaming output, each chunk...

PT-2026-33370

Name of the Vulnerable Software and Affected Versions My Calendar versions prior to 3.7.7 Description An unauthenticated issue exists in the 'mc ajax mcjs action' AJAX endpoint, which is registered for unauthenticated users. The endpoint passes user-supplied arguments through the parse str functi...

CVE-2026-6388

creationtimestamp| type| source ---|---|--- 2026-04-15 23:27:35+00:00| seen| Telegram/ajbOyvFAewWZ2L70l5GRQuj2wRnDYaN4zfpEHfJh7NMuY 2026-04-16 00:53:14+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjl72wjbmn2z 2026-04-16 01:30:30+00:00| seen|...

Malicious code in fusion-events (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e8c8e696e51251f71e47adebced7b96e693530edba7546edfc180e21202e2048 The package fusion-events was found to contain malicious code. Source: ghsa-malware 88d534717a957da6a2dd2be4f5db4aa652489fa5ac3b30382f4a8e5e06865be2...

Malicious Package

Overview fusion-events is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MAL-2026-2692 Malicious code in fusion-events (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e8c8e696e51251f71e47adebced7b96e693530edba7546edfc180e21202e2048 The package fusion-events was found to contain malicious code. Source: ghsa-malware 88d534717a957da6a2dd2be4f5db4aa652489fa5ac3b30382f4a8e5e06865be2...

Injection

@nestjs/core is vulnerable to Injection. The vulnerability is due to unsanitized interpolation of user-controlled fields into Server-Sent Events output, which allows an attacker to inject arbitrary events, spoof event types, and manipulate the event stream...

CVE-2026-34002

creationtimestamp| type| source ---|---|--- 2026-04-15 00:01:54+00:00| seen| https://bsky.app/profile/slackers.it/post/3mjilqa5my42c 2026-04-15 00:01:58+00:00| seen| https://bsky.app/profile/slackers.it/post/3mjilqdjg3t2u 2026-04-19 02:01:28+00:00| seen|...

CVE-2026-27306

creationtimestamp| type| source ---|---|--- 2026-04-14 23:21:52+00:00| seen| Telegram/jHpVmdM968c9lFQ4KStSRALTqvtLmQ8NC1zLLnKyLbbys0E 2026-04-15 13:19:49+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mjjycyzdkv2y 2026-04-15 13:55:19+00:00| seen|...

CVE-2026-27245

creationtimestamp| type| source ---|---|--- 2026-04-14 20:07:48+00:00| seen| Telegram/vjfxnNTg64imjnjxPGtl8BfvNjTDmt0KKDhXRC5WEaV7Sg 2026-04-15 09:00:30+00:00| seen| https://infosec.exchange/users/offseq/statuses/116407902478004814 2026-04-15 09:00:32+00:00| seen|...

Directory Traversal

Overview excel-mcp-server is an Excel MCP Server for manipulating Excel files Affected versions of this package are vulnerable to Directory Traversal via the getexcelpath function. An attacker can read, write, overwrite, and create arbitrary files and directories on the host filesystem by supplyi...

GHSA-J98M-W3XP-9F56 excel-mcp-server has a Path Traversal issue

Summary A path traversal vulnerability exists in excel-mcp-server versions up to and including 0.1.7. When running in SSE or Streamable-HTTP transport mode the documented way to use this server remotely, an unauthenticated attacker on the network can read, write, and overwrite arbitrary files on...

PT-2026-33225

Name of the Vulnerable Software and Affected Versions excel-mcp-server versions prior to 0.1.8 Description A path traversal issue exists in excel-mcp-server when operating in SSE or Streamable-HTTP transport modes. An unauthenticated network attacker can read, write, and overwrite arbitrary files...

CVE-2026-39535

Missing Authorization vulnerability in fullworks Display Eventbrite Events widget-for-eventbrite-api allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Display Eventbrite Events: from n/a through = 6.5.6...

SUSE-SU-2026:21123-1 Security update for the Linux Kernel

The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-38542: RDMA/manaib: boundary check before installing cq callbacks bsc1226591. - CVE-2025-39817: efivarfs: Fix slab-out-of-bounds in...

CVE-2026-35537

creationtimestamp| type| source ---|---|--- 2026-04-11 13:05:01+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mj7vmva5fe2e 2026-04-11 13:50:07+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mj7y5gquzy2a...

CVE-2026-5495

creationtimestamp| type| source ---|---|--- 2026-04-11 03:00:41+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mj6tuab6wz2o 2026-04-11 03:21:49+00:00| seen| Telegram/-uyrs94fGKBZTNu2mzMK-L-9Rc5lrbCygfSEFHI7W39U14 2026-04-11 05:03:48+00:00| seen|...