WordPress Knowledge Base for Documentation, FAQs with AI Assistance plugin <= 16.011.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Knowledge Base for Documentation, FAQs with AI Assistance versions = 16.011.0...

January 29, 2026—KB5074105 (OS Builds 26200.7705 and 26100.7705) Preview

January 29, 2026—KB5074105 OS Builds 26200.7705 and 26100.7705 Preview ​​​​​This non-security update for Windows 11, version 25H2 and 24H2 KB5074105, improves functionality, performance, and reliability. To learn more about differences between security updates, optional non-security preview...

SolarWinds Web Help Desk security vulnerabilities

SolarWinds Web Help Desk is a service desk and asset management software provided by the American company SolarWinds. This software supports centralized knowledge bases, IT asset management, project and task management functions. There is a security vulnerability in SolarWinds Web Help Desk, whic...

Azure File Sync Agent v22.0 Release – December 2025 (KB5056967)

Update Rollup for Azure File Sync agent version 22.0.0.0. For more details, see the associated Microsoft Knowledge Base article...

Azure File Sync Agent v22.0 Release – December 2025 (KB5056967)

Update Rollup for Azure File Sync agent version 22.0.0.0. For more details, see the associated Microsoft Knowledge Base article...

Azure File Sync Agent v22.0 Release – December 2025 (KB5056967)

Update Rollup for Azure File Sync agent version 22.0.0.0. For more details, see the associated Microsoft Knowledge Base article...

Multi-Agent End-To-End Vulnerability Management for Mitigating Recurring Vulnerabilities

Software vulnerability management has become increasingly critical as modern systems scale in size and complexity. However, existing automated approaches remain insufficient. Traditional static analysis methods struggle to precisely capture contextual dependencies, especially when vulnerabilities...

CVE-2026-0723

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an individual with existing knowledge of a victim's credential ID to bypass two-factor authentication by submitting forged device...

CVE-2026-0723

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an individual with existing knowledge of a victim's credential ID to bypass two-factor authentication by submitting forged device...

@3w5h/knowledge_query (=1.0.30), @3w5h/utils (>=1.0.0 <=1.0.7) +576 more potentially affected by CVE-2026-23965 via sm-crypto (>=0.0.9 <=0.3.8)

sm-crypto NPM version =0.0.9, =1.0.0, =0.1.0, =4.4.42, =0.0.2, =2.2.6, =2.2.6, =2.2.6, =2.3.10, =2.1.4, =2.2.6, =2.2.6, =2.2.6, =2.1.15, =2.3.9 and more Source cves: CVE-2026-23965 Source advisory: OSV:GHSA-HPWG-XG7M-3P6M...

VoidLink Linux Malware Framework Built with AI Assistance Reaches 88,000 Lines of Code

The recently discovered sophisticated Linux malware framework known as VoidLink is assessed to have been developed by a single person with assistance from an artificial intelligence AI model. That's according to new findings from Check Point Research, which identified operational security blunder...

EUVD-2026-3292

SiYuan vulnerable to Arbitrary file Read / SSRF...

CVE-2026-23875

CrawlChat is an open-source, AI-powered platform that transforms technical documentation into intelligent chatbots. Prior to version 0.0.8, a non-existing permission check for the CrawlChat's Discord bot allows non-manage guild users to put malicious content onto the collection knowledge base...

CVE-2026-23522

LobeChat is an open source chat application platform. Prior to version 2.0.0-next.193, knowledgeBase.removeFilesFromKnowledgeBase tRPC ep allows authenticated users to delete files from any knowledge base without verifying ownership. userId filter in the database query is commented out, so it's...

EUVD-2026-3318

Lobe Chat has IDOR in Knowledge Base File Removal that Allows Cross User File Deletion...

Lobe Chat has IDOR in Knowledge Base File Removal that Allows Cross User File Deletion

Summary knowledgeBase.removeFilesFromKnowledgeBase tRPC ep allows authenticated users to delete files from any knowledge base without verifying ownership. Details userId filter in the database query is commented out, so it's enabling attackers to delete other users' KB files if they know the...

GHSA-J7XP-4MG9-X28R Lobe Chat has IDOR in Knowledge Base File Removal that Allows Cross User File Deletion

Summary knowledgeBase.removeFilesFromKnowledgeBase tRPC ep allows authenticated users to delete files from any knowledge base without verifying ownership. Details userId filter in the database query is commented out, so it's enabling attackers to delete other users' KB files if they know the...

CVE-2026-23875

CrawlChat is an open-source, AI-powered platform that transforms technical documentation into intelligent chatbots. Prior to version 0.0.8, a non-existing permission check for the CrawlChat's Discord bot allows non-manage guild users to put malicious content onto the collection knowledge base...

CVE-2026-23875

CVE-2026-23875 affects CrawlChat prior to version 0.0.8. The issue is a missing permission check in the Discord bot component, allowing non-administrative guild users to add content to the collection knowledge base by using the jigsaw emoji reaction. This could let regular users insert or influen...

CVE-2026-23875

CrawlChat is an open-source, AI-powered platform that transforms technical documentation into intelligent chatbots. Prior to version 0.0.8, a non-existing permission check for the CrawlChat's Discord bot allows non-manage guild users to put malicious content onto the collection knowledge base...