74 matches found
CVE-2026-6811
Stack exhaustion vulnerability in the MongoDB PHP driver can cause application crashes when processing deeply nested BSON documents in unusual circumstances when the source of these BSON documents is not MongoDB Server...
Deserialization of Untrusted Data
Overview langchain is a Building applications with LLMs through composability Affected versions of this package are vulnerable to Deserialization of Untrusted Data when fetching and processing prompt manifests from external sources. An attacker can execute arbitrary code or manipulate application...
Deserialization of Untrusted Data
Overview langsmith is a Client library to connect to the LangSmith Observability and Evaluation Platform. Affected versions of this package are vulnerable to Deserialization of Untrusted Data when fetching and processing prompt manifests from external sources. An attacker can execute arbitrary co...
Deserialization of Untrusted Data
Overview langsmith is a Client library to connect to the LangSmith Observability and Evaluation Platform. Affected versions of this package are vulnerable to Deserialization of Untrusted Data when fetching and processing prompt manifests from external sources. An attacker can execute arbitrary co...
CVE-2026-8162
creationtimestamp| type| source ---|---|--- 2026-05-12 09:10:50+00:00| seen| https://bsky.app/profile/ulisesgascon.com/post/3mlngymcjjk27 2026-05-12 10:38:58+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mlnlwa47v52l 2026-05-12 11:56:57+00:00| seen|...
CVE-2026-5055
creationtimestamp| type| source ---|---|--- 2026-04-11 02:40:39+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mj6sqgkwlk2r 2026-04-11 03:21:45+00:00| seen| Telegram/oNJqzE-05Zhzc8NPQW-z5MMZ2uUFxP7FYrJiMTOKneUM6w 2026-04-11 05:00:55+00:00| seen|...
CVE-2026-4162
creationtimestamp| type| source ---|---|--- 2026-04-10 10:02:55+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mj52ydm6y32d 2026-04-10 11:16:18+00:00| published-proof-of-concept| Telegram/khgEEPiWkGL9WACMPfvZ8dGv1ooPTaC6hfehoeURB75s6dQ 2026-04-10 13:03:26+00:00| seen|...
CVE-2026-39307
PraisonAI is a multi-agent teams system. Prior to 1.5.113, The PraisonAI templates installation feature is vulnerable to a "Zip Slip" Arbitrary File Write attack. When downloading and extracting template archives from external sources e.g., GitHub, the application uses Python's zipfile.extractall...
CVE-2026-39307
Summary of CVE-2026-39307 PraisonAI templates installation uses Python’s zipfile.extractall() without validating that archive entries stay within the target extraction directory. This Zip Slip flaw existed prior to version 1.5.113 and could allow arbitrary file writes (potentially to system locat...
CVE-2026-4601
creationtimestamp| type| source ---|---|--- 2026-03-23 06:49:52+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhphskdlhb2e 2026-03-23 07:30:31+00:00| seen| https://infosec.exchange/users/offseq/statuses/116277315523815630 2026-03-23 07:30:34+00:00| seen|...
CVE-2026-27413
creationtimestamp| type| source ---|---|--- 2026-03-19 06:30:27+00:00| seen| https://infosec.exchange/users/offseq/statuses/116254430139875917 2026-03-19 06:30:29+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mhfeu7ojg42m 2026-03-19 06:36:27+00:00| seen|...
CVE-2026-32767
creationtimestamp| type| source ---|---|--- 2026-03-14 11:38:42+00:00| published-proof-of-concept| https://github.com/siyuan-note/siyuan/security/advisories/GHSA-j7wh-x834-p3r7 2026-03-20 01:30:32+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mhhekrmut22c 2026-03-20 01:30:33+00:0...
OA-System 安全漏洞
OA-System is an office automation system developed by Miazzy himself. There is a security vulnerability in OA-System, which stems from functions that come from sources outside the scope of trusted control...
CVE-2026-21628
creationtimestamp| type| source ---|---|--- 2026-03-05 10:24:08+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mgclf5gzfu2o 2026-03-05 10:30:32+00:00| seen| https://infosec.exchange/users/offseq/statuses/116176101773626475 2026-03-05 10:30:34+00:00| seen|...
MAL-2026-1122 Malicious code in @sanzxcode/libsignal-node (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 31f6946c2edfc02e3a350dd33240e415111649135472f9f5c1d4e22d74fa529d The package @sanzxcode/libsignal-node was found to contain malicious code. Source: ghsa-malware...
CVE-2026-27961
creationtimestamp| type| source ---|---|--- 2026-02-26 04:24:53+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mfqe2bychd2t 2026-02-26 05:02:35+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mfqg5pn7fb2e 2026-03-02 20:40:10+00:00| seen|...
CVE-2026-22553
creationtimestamp| type| source ---|---|--- 2026-02-24 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-055-01 2026-02-24 21:28:58+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mfn4dndg7f2s 2026-02-24 21:30:34+00:00| seen|...
GHSA-6C9J-X93C-RW6J
creationtimestamp| type| source ---|---|--- 2026-02-20 02:10:39+00:00| seen| https://gist.github.com/alon710/f4eee2d51384628d064473d1a040d3d4 2026-02-20 02:40:34+00:00| seen| https://bsky.app/profile/flarestart.bsky.social/post/3mfb3galb2g2s...
CVE-2026-1603
creationtimestamp| type| source ---|---|--- 2026-02-10 16:17:55+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mejegksy3522 2026-02-10 16:18:34+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mejehqfp3l2h 2026-02-11 04:00:00+00:00| seen|...
CVE-2026-25895
creationtimestamp| type| source ---|---|--- 2026-02-10 00:00:48+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mehntchb352m 2026-02-10 00:00:50+00:00| seen| https://infosec.exchange/users/offseq/statuses/116043392265377056 2026-04-24 22:00:05+00:00| published-proof-of-concept|...