PT-2026-34029

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, customer-thread editing is authorized through ThreadPolicy::edit, which checks mailbox access but does not apply the assigned-only restriction from ConversationPolicy. A user who cannot view a conversation can...

FreeScout 安全漏洞

FreeScout is a lightweight and powerful free open-source help desk and shared inbox built using PHP Laravel framework by FreeScout Inc. Versions of FreeScout prior to 1.8.215 contained security vulnerabilities. These vulnerabilities stemmed from client thread editing authorizing email access...

CVE-2026-6729 HKUDS OpenHarness Session Key Collision Privilege Escalation

HKUDS OpenHarness prior to PR 159 remediation contains a session key derivation vulnerability that allows authenticated participants in shared chats or threads to hijack other users' sessions by exploiting a shared ohmo session key that lacks sender identity verification. Attackers can reuse...

mirai-exploit

Vulnerability Details CVE ID: CVE-2026-22812 Affe...

PraisonAI SQL Injection Vulnerability

PraisonAI is a low-code multi-intelligent body collaboration framework. PraisonAI suffers from a SQL injection vulnerability that stems from the getalluserthreads function constructing raw SQL queries using unescaped thread IDs, which can be exploited by an attacker to cause SQL injection and gai...

AlmaLinux 8 : perl:5.32 (ALSA-2026:8096)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:8096 advisory. perl: Perl threads have a working directory race condition where file operations may target unintended paths CVE-2025-40909 Tenable has extracted the preceding...

perl: Perl threads have a working directory race condition where file operations may target unintended paths

A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations...

RockyLinux 8 : perl:5.32 (RLSA-2026:8096)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:8096 advisory. perl: Perl threads have a working directory race condition where file operations may target unintended paths CVE-2025-40909 Tenable has extracted the preceding...

Moderate: perl:5.32 security update

Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Security Fixes: perl: Perl threads have a working directory race condition where file operations may target unintended paths CVE-2025-40909 For more details about the security...

CVE-2025-54602

CVE-2025-54602 concerns the Wi-Fi driver in Samsung’s Mobile Processor and Wearable Processor line (Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930, W1000). The root cause is improper synchronization on a global variable causing a use-after-free. An attacker can trigger a race con...

CVE-2025-54602

An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930, and W1000. Improper synchronization on a global variable leads to a use-after-free. An attacker can trigger a race condition by invoking ...

Samsung多款产品 安全漏洞

SAMSUNG Mobile Processor and SAMSUNG Wearable Processor are both products of South Korean company Samsung. The SAMSUNG Mobile Processor is a series of mobile processors, while the SAMSUNG Wearable Processor is a series of wearable processors. Several Samsung products have security vulnerabilities...

CVE-2025-54601

CVE-2025-54601 affects Samsung Wi‑Fi drivers for Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, and W9xx/W1000; the root cause is improper synchronization on a global variable that enables a race condition and a double free when an ioctl is invoked co...

CVE-2018-25250 MyBB Last User's Threads in Profile Plugin 1.2 Persistent XSS

MyBB Last User's Threads in Profile Plugin 1.2 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts by crafting thread subjects with script tags. Attackers can create threads with script payloads in the subject field that execute when users...

CVE-2018-25250

CVE-2018-25250 affects the MyBB plugin “Last User’s Threads in Profile” version 1.2. The issue is a persistent XSS vulnerability whereby an attacker can inject malicious scripts by supplying script tags in the subject field of new threads. When users visit the attacker's profile page, the payload...

Electron 安全漏洞

Electron is an open-source JavaScript framework developed by users for creating cross-platform desktop applications. This framework is based on Node.js and Chromium, allowing the development of cross-platform desktop applications using HTML and CSS. There are security vulnerabilities in versions ...

CVE-2026-34934 PraisonAI: Second-Order SQL Injection in `get_all_user_threads`

PraisonAI is a multi-agent teams system. Prior to version 4.5.90, the getalluserthreads function constructs raw SQL queries using f-strings with unescaped thread IDs fetched from the database. An attacker stores a malicious thread ID via updatethread. When the application loads the thread list, t...

CVE-2026-34934

PraisonAI is a multi-agent teams system. Prior to version 4.5.90, the getalluserthreads function constructs raw SQL queries using f-strings with unescaped thread IDs fetched from the database. An attacker stores a malicious thread ID via updatethread. When the application loads the thread list, t...

CVE-2026-34934 PraisonAI: Second-Order SQL Injection in `get_all_user_threads`

PraisonAI is a multi-agent teams system. Prior to version 4.5.90, the getalluserthreads function constructs raw SQL queries using f-strings with unescaped thread IDs fetched from the database. An attacker stores a malicious thread ID via updatethread. When the application loads the thread list, t...

CVE-2026-34934

Summary: PraisonAI is affected by a second‑order SQL injection in the get_all_user_threads flow. The function builds raw SQL queries by interpolating unescaped thread IDs retrieved from the DB, enabling an attacker to inject via update_thread. When PraisonAI loads the thread list, the payload can...