EUVD-2026-5834

The Ecwid by Lightspeed Ecommerce Shopping Cart plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 7.0.7. This is due to a missing capability check in the 'savecustomuserprofilefields' function. This makes it possible for authenticated attackers, with...

CVE-2026-0598

A security flaw was identified in the Ansible Lightspeed API conversation endpoints that handle AI chat interactions. The APIs do not properly verify whether a conversation identifier belongs to the authenticated user making the request. As a result, an attacker with valid credentials could acces...

CVE-2026-0598

A security flaw was identified in the Ansible Lightspeed API conversation endpoints that handle AI chat interactions. The APIs do not properly verify whether a conversation identifier belongs to the authenticated user making the request. As a result, an attacker with valid credentials could acces...

CVE-2026-0598 Ansible-lightspeed: broken object level authorization leading to cross-user ai conversation context injection in ansible lightspeed api

A security flaw was identified in the Ansible Lightspeed API conversation endpoints that handle AI chat interactions. The APIs do not properly verify whether a conversation identifier belongs to the authenticated user making the request. As a result, an attacker with valid credentials could acces...

CVE-2026-0598 Ansible-lightspeed: broken object level authorization leading to cross-user ai conversation context injection in ansible lightspeed api

A security flaw was identified in the Ansible Lightspeed API conversation endpoints that handle AI chat interactions. The APIs do not properly verify whether a conversation identifier belongs to the authenticated user making the request. As a result, an attacker with valid credentials could acces...

EUVD-2026-5677

A security flaw was identified in the Ansible Lightspeed API conversation endpoints that handle AI chat interactions. The APIs do not properly verify whether a conversation identifier belongs to the authenticated user making the request. As a result, an attacker with valid credentials could acces...

CVE-2026-0598

A security flaw was identified in the Ansible Lightspeed API conversation endpoints that handle AI chat interactions. The APIs do not properly verify whether a conversation identifier belongs to the authenticated user making the request. As a result, an attacker with valid credentials could acces...

CVE-2026-0598

The connected PT-2026-6676 entry confirms a vulnerability in the Ansible Lightspeed API conversation endpoints used for AI chat interactions. Affected component: the conversation endpoints within Ansible Lightspeed API. Root cause:broken object-level authorization that fails to verify that the co...

PT-2026-6676

Name of the Vulnerable Software and Affected Versions Ansible Lightspeed affected versions not specified Description The Ansible Lightspeed API conversation endpoints, which manage AI chat interactions, do not adequately confirm if a conversation identifier corresponds to the authenticated user...

Important: Red Hat Security Advisory: Red Hat Lightspeed (formerly Insights) for Runtimes security update

An update is now available for Red Hat Lightspeed formerly Insights for Runtimes on RHEL 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Critical: Red Hat Security Advisory: Red Hat OpenShift Lightspeed 1.0.9 security update

Red Hat OpenShift Lightspeed 1.0.9 operand images, which provide security fixes and container updates. Red Hat OpenShift Lightspeed is a generative AI-based virtual assistant integrated into the OpenShift console. It can answer questions related to OpenShift and layered offerings. Security Fixes:...

lightspeed-stack (>=0.1.1 <=0.4.0), lightspeed-stack-providers (>=0.1.10 <=0.1.18) +5 more potentially affected by CVE-2026-25211 via llama-stack (>=0.2.10.1 <=0.3.5)

llama-stack PYPI version =0.2.10.1, =0.1.1, =0.1.10, =1.0.1, =0.3.4, =0.1.0, =0.2.0, =0.3.0a0 Source cves: CVE-2026-25211 Source advisory: SNYK:PYTHON-LLAMASTACK-15166608...

lightspeed-stack (>=0.1.1 <=0.4.2), lightspeed-stack-providers (>=0.1.10 <=0.4.3) +5 more potentially affected by CVE-2026-25211 via llama-stack (>=0.2.10.1 <=0.4.3)

llama-stack PYPI version =0.2.10.1, =0.1.1, =0.1.10, =1.0.1, =0.3.4, =0.1.0, =0.2.0, =0.3.0a0 Source cves: CVE-2026-25211 Source advisory: OSV:GHSA-XMFJ-7PP5-FXR6...

Important: Red Hat Security Advisory: Red Hat Lightspeed (formerly Insights) for Runtimes 1.0.0: new RHEL 9 container image security update

New Red Hat Lightspeed formerly Insights for Runtimes on RHEL 9 container images are now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

Important: Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.6 Container Release Update

An update is now available for Red Hat Ansible Automation Platform 2.6 Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams,...

EUVD-2005-1095

Malware in sbrugna...

EUVD-2022-25964

Malicious code in bioql PyPI...

EUVD-2025-30787

Malicious code in bioql PyPI...

EUVD-2025-8735

Malicious code in bioql PyPI...

lightspeed-stack (>=0.1.1 <=0.2.0), lightspeed-stack-providers (>=0.1.10 <=0.1.15) +3 more potentially affected by CVE-2025-55178 via llama-stack (>=0.2.10.1 <=0.2.18)

llama-stack PYPI version =0.2.10.1, =0.1.1, =0.1.10, =1.0.1, =0.2.2, =0.3.0a0 Source cves: CVE-2025-55178 Source advisory: OSV:GHSA-X75H-M6JJ-6CJ2...