Joern 4.0.525

Joern is the bug hunter's workbench. With this tool, you can uncover attack surface, sloppy coding practices, and variants of known vulnerabilities using an interactive code analysis shell. Joern supports C, C++, LLVM bitcode, x86 binaries via Ghidra, JVM bytecode via Soot, and Javascript...

Joern 4.0.524

Joern is the bug hunter's workbench. With this tool, you can uncover attack surface, sloppy coding practices, and variants of known vulnerabilities using an interactive code analysis shell. Joern supports C, C++, LLVM bitcode, x86 binaries via Ghidra, JVM bytecode via Soot, and Javascript...

CVE-2026-39419 MaxKB: Sandbox Result Validation Bypass via Tool Output Spoofing

MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, an authenticated user can bypass sandbox result validation and spoof tool execution results by exploiting Python frame introspection to read the wrapper's UUID from its bytecode constants, then writing a forged resu...

CVE-2026-39419

MaxKB (enterprise open-source AI assistant)

CVE-2026-40217

A flaw was found in LiteLLM. A remote attacker can exploit this flaw by performing bytecode rewriting at the /guardrails/testcustomcode URI. This could lead to arbitrary code execution, allowing the attacker to run malicious code on the affected system. Mitigation Mitigation for this issue is...

GHSA-3926-2JVF-FG29 Duplicate Advisory: LiteLLM has a sandbox escape in custom-code guardrail

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-wxxx-gvqv-xp7p. This link is maintained to preserve external references. Original Description LiteLLM through 2026-04-08 allows remote attackers to execute arbitrary code via bytecode rewriting at the...

Duplicate Advisory: LiteLLM has a sandbox escape in custom-code guardrail

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-wxxx-gvqv-xp7p. This link is maintained to preserve external references. Original Description LiteLLM through 2026-04-08 allows remote attackers to execute arbitrary code via bytecode rewriting at the...

CVE-2026-40217

LiteLLM through 2026-04-08 allows remote attackers to execute arbitrary code via bytecode rewriting at the /guardrails/testcustomcode URI...

Arbitrary Code Injection

Overview litellm is a Library to easily interface with LLM API providers Affected versions of this package are vulnerable to Arbitrary Code Injection in the /guardrails/testcustomcode endpoint through bytecode rewriting. An attacker can execute arbitrary code by sending specially crafted requests...

CVE-2026-40217

LiteLLM through 2026-04-08 allows remote attackers to execute arbitrary code via bytecode rewriting at the /guardrails/testcustomcode URI...

CVE-2026-40217

LiteLLM (through 2026-04-08) is vulnerable to remote code execution via bytecode rewriting at /guardrails/test_custom_code. The CVSSv3.1 vector yields a high severity (8.8) with NETWORK attack, LOW privileges, no user interaction required. Affected component is unspecified beyond the URL vector; ...

CVE-2026-40217

LiteLLM through 2026-04-08 allows remote attackers to execute arbitrary code via bytecode rewriting at the /guardrails/testcustomcode URI...

PT-2026-31920

Name of the Vulnerable Software and Affected Versions LiteLLM versions through 2026-04-08 Description LiteLLM through 2026-04-08 allows remote attackers to execute arbitrary code via bytecode rewriting at the /guardrails/test custom code URI. Recommendations Update LiteLLM to a version later than...

LiteLLM 安全漏洞

LiteLLM is an open-source application developed by Berri AI. It allows for the invocation of all LLM APIs in the OpenAI format. Versions of LiteLLM dated before April 8, 2026, contain a security vulnerability. This vulnerability stems from the /guardrails/testcustomcode URI, which allows arbitrar...

SUSE CVE-2026-35093

A flaw was found in libinput. A local attacker who can place a specially crafted Lua bytecode file in certain system or user configuration directories can bypass security restrictions. This allows the attacker to run unauthorized code with the same permissions as the program using libinput, such ...

Linux Distros Unpatched Vulnerability : CVE-2026-35093

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in libinput. A local attacker who can place a specially crafted Lua bytecode file in certain system or user configuration directories can bypas...

EUVD-2026-17907

A flaw was found in libinput. A local attacker who can place a specially crafted Lua bytecode file in certain system or user configuration directories can bypass security restrictions. This allows the attacker to run unauthorized code with the same permissions as the program using libinput, such ...

CVE-2026-35093

A flaw was found in libinput. A local attacker who can place a specially crafted Lua bytecode file in certain system or user configuration directories can bypass security restrictions. This allows the attacker to run unauthorized code with the same permissions as the program using libinput, such ...

DEBIAN-CVE-2026-35093

A flaw was found in libinput. A local attacker who can place a specially crafted Lua bytecode file in certain system or user configuration directories can bypass security restrictions. This allows the attacker to run unauthorized code with the same permissions as the program using libinput, such ...

CVE-2026-35093

Vulnerability overview: CVE-2026-35093 affects libinput. A local attacker can place a crafted Lua bytecode file in certain system or user configuration directories, bypassing security restrictions and executing unauthorized code with the same permissions as the affected program (e.g., a graphical...