SUSE CVE-2026-22687

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.5, after WeKnora enables the Agent service, it allows users to call the database query tool. Due to insufficient backend validation, an attacker can use prompt-based bypass...

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the stdioconfig.command or stdioconfig.args parameters in MCP stdio settings. An attacker can execute arbitrary system commands by injecting malicious values into these parameters. Remediation Upgrade...

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the stdioconfig.command or stdioconfig.args parameters in MCP stdio settings. An attacker can execute arbitrary system commands by injecting malicious values into these parameters. Remediation Upgrade...

CVE-2026-22687

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.5, after WeKnora enables the Agent service, it allows users to call the database query tool. Due to insufficient backend validation, an attacker can use prompt‑based bypass...

CVE-2026-22688 WeKnora has Command Injection in MCP stdio test

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.5, there is a command injection vulnerability that allows authenticated users to inject stdioconfig.command/args into MCP stdio settings, causing the server to execute...

CVE-2026-22688

WeKnora is vulnerable to a command-injection in MCP stdio settings (stdio_config.command/args) that can cause the server to execute subprocesses when a user is authenticated. Affected: WeKnora prior to v0.2.5; patched in v0.2.5. The issue is triggered via MCP stdio configuration values and has be...

CVE-2026-22688 WeKnora has Command Injection in MCP stdio test

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.5, there is a command injection vulnerability that allows authenticated users to inject stdioconfig.command/args into MCP stdio settings, causing the server to execute...

CVE-2026-22687 WeKnora vulnerable to SQL Injection

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.5, after WeKnora enables the Agent service, it allows users to call the database query tool. Due to insufficient backend validation, an attacker can use prompt‑based bypass...

CVE-2026-22687 WeKnora vulnerable to SQL Injection

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.5, after WeKnora enables the Agent service, it allows users to call the database query tool. Due to insufficient backend validation, an attacker can use prompt‑based bypass...

EUVD-2026-1880

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.5, after WeKnora enables the Agent service, it allows users to call the database query tool. Due to insufficient backend validation, an attacker can use prompt‑based bypass...

CVE-2026-22687 WeKnora vulnerable to SQL Injection

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.5, after WeKnora enables the Agent service, it allows users to call the database query tool. Due to insufficient backend validation, an attacker can use prompt‑based bypass...

CVE-2026-22687

WeKnora up to version 0.2.4 has a SQL Injection risk via the Agent service’s database_query tool due to insufficient backend validation, enabling prompt-based bypass to access sensitive server/database information. The vulnerability stems from backend checks that fail to constrain SQL inputs (e.g...

PT-2026-2242

Name of the Vulnerable Software and Affected Versions WeKnora versions prior to 0.2.5 Description WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.5, a command injection vulnerability exists that allows authenticated users t...

EUVD-2025-150364

sudo-rs doesn't record authenticating user properly in timestamp...

CVE-2025-64517

sudo-rs is a memory safe implementation of sudo and su written in Rust. With Defaults targetpw or Defaults rootpw enabled, the password of the target account or root account instead of the invoking user is used for authentication. sudo-rs starting in version 0.2.5 and prior to version 0.2.10...

EUVD-2007-2732

Malware in sbrugna...

EUVD-2022-7210

Malicious code in bioql PyPI...

CVE-2022-39352

OpenFGA is a high-performance authorization/permission engine inspired by Google Zanzibar. Versions prior to 0.2.5 are vulnerable to authorization bypass under certain conditions. You are affected by this vulnerability if you added a tuple with a wildcard assigned to a tupleset relation the right...

CVE-2025-25085 WordPress WP SimpleWeather plugin <= 0.2.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mattmcbrien WP SimpleWeather wp-simpleweather allows Stored XSS.This issue affects WP SimpleWeather: from n/a through = 0.2.5...

PT-2025-5922 · WordPress · Wp Simpleweather

Name of the Vulnerable Software and Affected Versions: WP SimpleWeather versions 0.2.5 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can inject...