CVE-2026-40287

PraisonAI is a multi-agent teams system. Versions 4.5.138 and below are vulnerable to arbitrary code execution through automatic, unsanitized import of a tools.py file from the current working directory. Components including call.py importtoolsfromfile, toolresolver.py loadlocaltools, and CLI...

CVE-2026-39891

PraisonAI is a multi-agent teams system. Prior to 4.5.115, the createagentcentrictools function returns tools like acpcreatefile that process file content using template rendering. When user input from agent.start is passed directly into these tools without escaping, template expressions in the...

CVE-2026-44339

PraisonAI is a multi-agent teams system. Prior to praisonai version 4.6.37 and praisonaiagents version 1.6.37, praisonaiagents resolves unresolved tool names against module globals and main after it fails to match the declared tool list and the registry. With the default agent configuration,...

arsenal-tools

Arsenal — CTF & Pentest Toolkit Collection de 198 outils of...

Chromium: CVE-2026-10916 Insufficient validation of untrusted input in DevTools

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

CVE-2026-33814 affecting package azurelinux-image-tools for versions less than 1.4.0-2

CVE-2026-33814 affecting package azurelinux-image-tools for versions less than 1.4.0-2. A patched version of the package is available...

Kali-setup

🛠️ kali-setup A single bash script that pulls in the 20 most-...

[SECURITY] Fedora 44 Update: perl-ExtUtils-Builder-0.020-1.fc44

Writing extensions for various build tools can be a daunting task. This module tries to abstract steps of build processes into reusable building blocks for creating platform and build system agnostic executable descriptions of work...

EUVD-2026-34699

Inappropriate implementation in DevTools in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension. Chromium security severity: Low...

EUVD-2026-34471

Insufficient validation of untrusted input in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...

Malicious code in wdb-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 146faaf0d97c6a533a969bc3f3f117811f9317dc865ed4ab37f1679842ddeaae This package was compromised as part of the IronWorm campaign. This campaign executes a malicious binary payload during installation via a...

Wordfence Intelligence Weekly WordPress Vulnerability Report (May 25, 2026 to May 31, 2026)

Last week, there were 278 vulnerabilities disclosed in 185 WordPress Plugins and 70 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 94 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilitie...

Lazarus Group Uses npm Brandjacking Campaign to Target Developers

North Korean Lazarus Group targets npm developers with brandjacking packages that mimic trusted tools, drop malware and put credentials at risk...

[slackware-security] net-tools

New net-tools packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/net-tools-201811030eebece-i586-4slack15.0.txz: Rebuilt. This update fixes a security issue: interface.c: Stack-based Buffer Overfl...

PT-2026-46806

Out of bounds read in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Low...

PT-2026-46163

Name of the Vulnerable Software and Affected Versions Acer Connect M6E 5G Portable WiFi Router affected versions not specified Description Engineering diagnostics and factory-level diagnostic software are exposed on retail builds. This allows malicious applications to obtain write privileges to...

Important: Red Hat Security Advisory: Red Hat Web Terminal Operator 1.13.0 release.

Red Hat Web Terminal Operator 1.13.0 has been released. The Web Terminal provides a way to access a fully in-browser terminal emulator within the OpenShift Console. Command-line tools for interacting with the OpenShift cluster are pre-installed...

Important: Red Hat Security Advisory: Red Hat Web Terminal Operator 1.15.0 release.

Red Hat Web Terminal Operator 1.15.0 has been released. The Web Terminal provides a way to access a fully in-browser terminal emulator within the OpenShift Console. Command-line tools for interacting with the OpenShift cluster are pre-installed...

Important: Red Hat Security Advisory: Red Hat Web Terminal Operator 1.11.1 release.

Red Hat Web Terminal Operator 1.11.1 has been released. The Web Terminal provides a way to access a fully in-browser terminal emulator within the OpenShift Console. Command-line tools for interacting with the OpenShift cluster are pre-installed...

Important: Red Hat Security Advisory: Red Hat Web Terminal Operator 1.14.0 release.

Red Hat Web Terminal Operator 1.14.0 has been released. The Web Terminal provides a way to access a fully in-browser terminal emulator within the OpenShift Console. Command-line tools for interacting with the OpenShift cluster are pre-installed...