EUVD-2026-33830

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.63.0, SQLChatAgent executes SQL produced by an LLM, which is influenceable by prompt injection. When configured with a database role that has privileges enabling code execution or filesystem access...

CVE-2026-25879 Langroid has Prompt to SQL Injection, Leading to RCE

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.63.0, SQLChatAgent executes SQL produced by an LLM, which is influenceable by prompt injection. When configured with a database role that has privileges enabling code execution or filesystem access...

CVE-2026-0099

In onNullBinding of HostEmulationManager.java, there is a possible way to launch an activity from the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

CVE-2026-44450

Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the MCP server creation endpoint validates the command field against an allowlist of binary names but forwards the args array to the child process without any validation. Every binary on the allowlist accepts an inline-code executi...

CVE-2026-0099

Technical details about CVE-2026-0099 are not publicly available in the provided connected documents. Monitor for updates from official sources; no further specifics (affected products, root cause, impact, or fixes) are disclosed here.

CVE-2026-0099

In onNullBinding of HostEmulationManager.java, there is a possible way to launch an activity from the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

CVE-2026-49135 CodexBar < 0.32.0 Insecure Temporary File Handling in Notarization Workflow

CodexBar prior to 0.32.0 contains an insecure temporary file handling vulnerability that allows local attackers to access sensitive credentials or tamper with build artifacts by exploiting predictable file paths in the release notarization workflow. Attackers with access to the same host can read...

CVE-2026-10269

A security vulnerability has been detected in decolua 9router up to 0.4.0. This issue affects the function isAuthenticated of the file src/dashboardGuard.js of the component HTTP Header Handler. The manipulation of the argument Host leads to improper authorization. The attack is possible to be...

EUVD-2024-54938

Improper Validation of Certificate with Host Mismatch vulnerability in Akınsoft QR Menü allows HTTP Response Splitting. This issue affects QR Menü: from s1.05.05 before v1.05.12...

K000161495: Rancher Local Path Provisioner vulnerability CVE-2025-62878

Security Advisory Description A malicious user can manipulate the parameters.pathPattern to create PersistentVolumes in arbitrary locations on the host node, potentially overwriting sensitive files or gaining access to unintended directories. CVE-2025-62878 Impact There is no impact; F5 products...

CVE-2026-10269 decolua 9router HTTP Header dashboardGuard.js isAuthenticated improper authorization

A security vulnerability has been detected in decolua 9router up to 0.4.0. This issue affects the function isAuthenticated of the file src/dashboardGuard.js of the component HTTP Header Handler. The manipulation of the argument Host leads to improper authorization. The attack is possible to be...

EUVD-2026-33685

A security vulnerability has been detected in decolua 9router up to 0.4.0. This issue affects the function isAuthenticated of the file src/dashboardGuard.js of the component HTTP Header Handler. The manipulation of the argument Host leads to improper authorization. The attack is possible to be...

CVE-2026-10269 decolua 9router HTTP Header dashboardGuard.js isAuthenticated improper authorization

A security vulnerability has been detected in decolua 9router up to 0.4.0. This issue affects the function isAuthenticated of the file src/dashboardGuard.js of the component HTTP Header Handler. The manipulation of the argument Host leads to improper authorization. The attack is possible to be...

CVE-2026-10268 janet-lang janet marsh.c unmarshal_one_fiber integer overflow

A weakness has been identified in janet-lang janet up to 1.41.0. This vulnerability affects the function unmarshalonefiber of the file src/core/marsh.c. Executing a manipulation can lead to integer overflow. It is possible to launch the attack on the local host. The exploit has been made availabl...

CVE-2026-10268

The CVE affects janet-lang Janet up to 1.41.0, specifically the unmarshal_one_fiber function in src/core/marsh.c. A manipulation can cause an integer overflow, with local-host exploitation possible. A public PoC exists, and the patch d9b1d711ea1fde52ac73a82088b512a3e17bad0d provides remediation. ...

EUVD-2026-33681

A weakness has been identified in janet-lang janet up to 1.41.0. This vulnerability affects the function unmarshalonefiber of the file src/core/marsh.c. Executing a manipulation can lead to integer overflow. It is possible to launch the attack on the local host. The exploit has been made availabl...

CVE-2026-34193

CVE-2026-34193 affects kernel software running inside a Guest/Host VM that can post improper commands to the GPU firmware. A logic error in address translation enables a compromised Host (Kernel) to perform arbitrary writes to firmware memory, potentially impacting data integrity by writing beyon...

CVE-2026-34193

Kernel software installed and running inside a Guest/Host VM may post improper commands to the GPU Firmware to trigger a write of data outside the intended GPU memory. A logic error in the address translation allowed a compromised Host Kernel to perform arbitrary writes to firmware memory...

CVE-2026-34193 GPU DDK - Arbitrary write via UFO updates due insufficient pointer validation in rgxfw_to_ptr()

Kernel software installed and running inside a Guest/Host VM may post improper commands to the GPU Firmware to trigger a write of data outside the intended GPU memory. A logic error in the address translation allowed a compromised Host Kernel to perform arbitrary writes to firmware memory...

SUSE-SU-2026:2204-1 Security update for busybox

This update for busybox fixes the following issue - CVE-2026-29004: a crafted DHCPv6 response can lead to a heap buffer overflow in the DHCPv6 client bsc1263989...