CVE-2026-8786

A vulnerability has been found in Tencent WeKnora up to 0.3.6. Affected by this issue is the function getKnowledgeBaseForInitialization of the file internal/handler/initialization.go of the component Config API Endpoint. The manipulation of the argument kbId leads to authorization bypass. It is...

PT-2026-41634

A vulnerability has been found in Tencent WeKnora up to 0.3.6. Affected by this issue is the function getKnowledgeBaseForInitialization of the file internal/handler/initialization.go of the component Config API Endpoint. The manipulation of the argument kbId leads to authorization bypass. It is...

Tencent WeKnora 授权问题漏洞

Tencent WeKnora is an enterprise-level LLM knowledge base and RAG platform developed by Tencent, a Chinese technology company. Versions of Tencent WeKnora prior to 0.3.6 contained an authorization vulnerability. This vulnerability stemmed from the function getKnowledgeBaseForInitialization in the...

PostgreSQL SSL/GSS init causes denial of service, via uncontrolled recursion

...

Amazon Linux 2023 : aws-cfn-bootstrap (ALAS2023-2026-1662)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1662 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks...

Exploit for Insecure Default Initialization of Resource in Praison Praisonai

CVE-2026-44338 PraisonAI Authentication Bypass Lab Local Dock...

Exploit for Insecure Default Initialization of Resource in Praison Praisonai

⚠️ Security Research & Legal Disclaimer 📌 Purpose of This...

Use of Password Hash With Insufficient Computational Effort

Overview electerm is an open-sourced terminal/ssh/telnet/serialport/sftp client Affected versions of this package are vulnerable to Use of Password Hash With Insufficient Computational Effort due to the encrypt process. An attacker can compromise the confidentiality and integrity of synced bookma...

GHSA-G29V-Q6H7-76WH electerm's encrypt method not safe enough

Impact Insecure sync encryption: deterministic AES-192-CBC with a fixed zero IV, constant KDF salt, and no MAC leads to confidentiality and integrity failures for synced bookmark/profile data. Attackers can crack common passwords across installs and perform undetected ciphertext bit-flips to alte...

electerm's encrypt method not safe enough

Impact Insecure sync encryption: deterministic AES-192-CBC with a fixed zero IV, constant KDF salt, and no MAC leads to confidentiality and integrity failures for synced bookmark/profile data. Attackers can crack common passwords across installs and perform undetected ciphertext bit-flips to alte...

CVE-2025-62628

Unsafe OpenSSL initialization within some AMD optional tools may allow a local user-privileged attacker to inject a malicious DLL, potentially resulting in arbitrary code execution...

OPENSUSE-SU-2026:20752-1 Security update for alloy

This update for alloy fixes the following issues Security issues: - CVE-2026-4427: github.com/jackc/pgproto3/v2: improper validation of field length allows a malicious PostgreSQL server to crash a client application via a DataRow message bsc1259919. - CVE-2026-25934: github.com/go-git/go-git/v5:...

CVE-2025-62628

Unsafe OpenSSL initialization within some AMD optional tools may allow a local user-privileged attacker to inject a malicious DLL, potentially resulting in arbitrary code execution...

CVE-2025-62628

Unsafe OpenSSL initialization within some AMD optional tools may allow a local user-privileged attacker to inject a malicious DLL, potentially resulting in arbitrary code execution...

CVE-2025-62628

Unsafe OpenSSL initialization within some AMD optional tools may allow a local user-privileged attacker to inject a malicious DLL, potentially resulting in arbitrary code execution...

EUVD-2025-209847

Unsafe OpenSSL initialization within some AMD optional tools may allow a local user-privileged attacker to inject a malicious DLL, potentially resulting in arbitrary code execution...

CVE-2025-62628

The CVE-2025-62628 issue is tied to unsafe OpenSSL initialization in AMD Manageability Software / AMD optional tools . The root cause is initialization that allows a local, privileged attacker to inject a malicious DLL , potentially leading to arbitrary code execution . Documentation consistently...

PT-2026-40940

Unsafe OpenSSL initialization within some AMD optional tools may allow a local user-privileged attacker to inject a malicious DLL, potentially resulting in arbitrary code execution...

PT-2026-41204

Name of the Vulnerable Software and Affected Versions electerm versions prior to 3.9.5 Description Insecure sync encryption occurs due to the use of deterministic AES-192-CBC with a fixed zero IV Initialization Vector, a constant KDF Key Derivation Function salt, and the absence of a MAC Message...

Vvveb 安全漏洞

Vvveb is a powerful and easy-to-use CMS developed by Givan’s individual developers. It is used to build websites, blogs, or e-commerce stores. Versions of Vvveb prior to 1.0.8.3 contained security vulnerabilities. These vulnerabilities stemmed from the Base::init function being repeatedly called ...