CVE-2026-30351

A path traversal vulnerability in the UI/static component of leonvanzyl autocoder commit 79d02a allows attackers to read arbitrary files via sending crafted URL path containing traversal sequences...

CVE-2026-30352

A remote code execution RCE vulnerability in the /devserver/start endpoint of leonvanzyl autocoder commit 79d02a allows attackers to execute arbitrary code via providing a crafted command parameter...

CVE-2026-30350

An issue in the /store/items/search endpoint of Agent Protocol server commit e9a89f allows attackers to cause a Denial of Service DoS via a crafted POST request...

CVE-2026-41665

Integer overflow in scratch buffer initialization size calculation in Samsung Open Source ONE cause incorrect memory initialization for large intermediate tensors. Affected version is prior to commit 1.30.0...

CVE-2026-41667

Integer overflow in constant tensor data size calculation in Samsung Open Source ONE could cause incorrect buffer sizing for large constant nodes. Affected version is prior to commit 1.30.0...

CVE-2026-40448

Potential Integer overflow in tensor allocation size calculation could lead to insufficient memory allocation for large tensors in Samsung Open Source ONE. Affected version is prior to commit 1.30.0...

CVE-2026-30352

A remote code execution RCE vulnerability in the /devserver/start endpoint of leonvanzyl autocoder commit 79d02a allows attackers to execute arbitrary code via providing a crafted command parameter...

EUVD-2026-25863

A remote code execution RCE vulnerability in the /devserver/start endpoint of leonvanzyl autocoder commit 79d02a allows attackers to execute arbitrary code via providing a crafted command parameter...

Aegra 资源管理错误漏洞

Aegra is a large-scale model application platform developed by Aegra Corporation, designed for building and orchestrating multi-step intelligent agent processes. The Aegra commit e9a89f version contains a resource management vulnerability, which stems from improper handling of the...

CVE-2026-30352

A remote code execution RCE vulnerability in the /devserver/start endpoint of leonvanzyl autocoder commit 79d02a allows attackers to execute arbitrary code via providing a crafted command parameter...

CVE-2026-30351

A path traversal vulnerability in the UI/static component of leonvanzyl autocoder commit 79d02a allows attackers to read arbitrary files via sending crafted URL path containing traversal sequences...

PT-2026-35440

A remote code execution RCE vulnerability in the /devserver/start endpoint of leonvanzyl autocoder commit 79d02a allows attackers to execute arbitrary code via providing a crafted command parameter...

MAS-SZZ: Multi-Agentic SZZ Algorithm for Vulnerability-Inducing Commit Identification

Accurate vulnerability-inducing commit identification serves as a foundation for a series of software security tasks, such as vulnerability detection and affected version analysis. A straightforward solution is the SZZ algorithm, which traces back through the code history to identify the earliest...

PT-2026-35433

An issue in the /store/items/search endpoint of Agent Protocol server commit e9a89f allows attackers to cause a Denial of Service DoS via a crafted POST request...

EUVD-2026-25862

A path traversal vulnerability in the UI/static component of leonvanzyl autocoder commit 79d02a allows attackers to read arbitrary files via sending crafted URL path containing traversal sequences...

PT-2026-35439

A path traversal vulnerability in the UI/static component of leonvanzyl autocoder commit 79d02a allows attackers to read arbitrary files via sending crafted URL path containing traversal sequences...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the ExecuteSQL function. An attacker can execute arbitrary SQL commands by supplying crafted input to the application. Remediation A fix was pushed into the master branch but not yet published. References - GitHub Comm...

SUSE CVE-2026-31571

In the Linux kernel, the following vulnerability has been resolved: drm/i915: Unlink NV12 planes earlier unlinknv12plane will clobber parts of the plane state potentially already set up by planeatomiccheck, so we must make sure not to call the two in the wrong order. The problem happens when a...

CBL Mariner 2.0 Security Update: CBL-Mariner Releases (CVE-2026-40164)

The version of CBL-Mariner Releases installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-40164 advisory. - jq is a command-line JSON processor. Before commit 0c7d133c3c7e37c00b6d46b658a02244fdd3c784, j...

CBL Mariner 2.0 Security Update: CBL-Mariner Releases (CVE-2026-32316)

The version of CBL-Mariner Releases installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-32316 advisory. - jq is a command-line JSON processor. An integer overflow vulnerability exists through version...