CVE-2026-23866

Incomplete validation of AI rich response messages for Instagram Reels in WhatsApp for iOS v2.25.8.0 to v2.26.15.72 and WhatsApp for Android v2.25.8.0 to v2.26.7.10 could have allowed a user to trigger processing of media content from an arbitrary URL on another user’s device, including triggerin...

PT-2026-28534

Name of the Vulnerable Software and Affected Versions AVideo versions up to and including 26.0 Description The AVideo platform’s AI plugin contains a flaw in the save.json.php endpoint. This endpoint loads AI response objects using the $ REQUEST'id' parameter, which is controlled by the attacker,...

Improper Neutralization of Input Used for LLM Prompting

Overview omni-cortex is a Give Claude Code a perfect memory - auto-logs everything, searches smartly, and gets smarter over time Affected versions of this package are vulnerable to Improper Neutralization of Input Used for LLM Prompting. LLM prompt construction fails to sanitize user-controlled...

EUVD-2025-20993

Malicious code in bioql PyPI...

CVE-2025-6211

A vulnerability in the DocugamiReader class of the run-llama/llamaindex repository, up to version 0.12.28, involves the use of MD5 hashing to generate IDs for document chunks. This approach leads to hash collisions when structurally distinct chunks contain identical text, resulting in one chunk...

CVE-2025-6211

A vulnerability in the DocugamiReader class of the run-llama/llamaindex repository, up to version 0.12.28, involves the use of MD5 hashing to generate IDs for document chunks. This approach leads to hash collisions when structurally distinct chunks contain identical text, resulting in one chunk...

Mattermost Server 9.11.x < 9.11.10 / 10.4.x < 10.4.4 / 10.5.x < 10.5.2 / 10.6.0 (MMSA-2024-00410)

The version of Mattermost Server installed on the remote host is prior to 9.11.10, 10.4.4, or 10.5.2 / 10.6.0. It is, therefore, affected by a vulnerability as referenced in the MMSA-2024-00410 advisory. - Mattermost versions 10.5.x = 10.5.1, 10.4.x = 10.4.3, 9.11.x = 9.11.9 fail to prevent...

CVE-2025-24839

Mattermost versions 10.5.x = 10.5.1, 10.4.x = 10.4.3, 9.11.x = 9.11.9 fail to prevent Wrangler posts from triggering AI responses. This vulnerability allows users without access to the AI bot to activate it by attaching the activateai override property to a post via the Wrangler plugin, provided...

Malicious code in spiderai (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 cfee8e74f278d45135c11ee4ff3f18180cb2423e333934a8ba994f5e8ec48b9a Every time the user sends a message to the AI, the user IP, message as well as the response are exfiltrated to a hardcoded telegram channel. This behaviour is...