CVE-2026-25802

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to version 0.10.8-alpha.9, a potential unsafe operation occurs in component MarkdownRenderer.jsx, allowing for Cross-Site ScriptingXSS when the model outputs items containing...

CVE-2026-25802 New API has Potential XSS in its MarkdownRenderer component

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to version 0.10.8-alpha.9, a potential unsafe operation occurs in component MarkdownRenderer.jsx, allowing for Cross-Site ScriptingXSS when the model outputs items containing tag. Version...

CVE-2026-25802 New API has Potential XSS in its MarkdownRenderer component

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to version 0.10.8-alpha.9, a potential unsafe operation occurs in component MarkdownRenderer.jsx, allowing for Cross-Site ScriptingXSS when the model outputs items containing tag. Version...

CVE-2026-24708

An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova's Flat image backend to call qemu-img without a format restriction, resulting in a...

Astra Linux - уязвимость в linux-6.12

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: Add missing lock in cfg80211checkandendcac Callers of wdevchandef must hold the wiphy mutex. But the worker cfg80211propagatecacdonewk never takes the lock. Which triggers the warning below with the...

`Reader::open_mmap` unsoundly marks unsafe memmap operation as safe

maxminddb prior to version 0.27 declared Reader::openmmap as safe despite wrapping an inherently unsafe memmap2 operation with no extra step done to guarantee safety. This could have led to undefined behaviour if the file were to be modified on disk while the memory map was still active...

PT-2025-51673

Name of the Vulnerable Software and Affected Versions Linux kernel versions 6.18 and later Android Binder driver Rust implementation Description The first Common Vulnerabilities and Exposures CVE has been assigned to Rust code within the Linux kernel. The issue, identified as CVE-2025-68260,...

Unsafe ERC721 operations

Lines of code Vulnerability details Impact It is recommended to use safeTransfer and safeTransferFrom when transferring ERC721 and ERC20 token Tools Used Manual audit Recommended Mitigation Steps Use the safeTransfer and safeTransferFrom functions to transfer ERC721 and ERC20 tokens --- The text...