CVE-2026-3789 Bytedesk SpringAIGiteeRestController SpringAIGiteeRestService.java getModels server-side request forgery

A vulnerability was detected in Bytedesk up to 1.3.9. Affected is the function getModels of the file source-code/src/main/java/com/bytedesk/ai/springai/providers/gitee/SpringAIGiteeRestService.java of the component SpringAIGiteeRestController. Performing a manipulation of the argument apiUrl...

CVE-2026-30859 WeKnora: Broken Access Control - Cross-Tenant Data Exposure

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.12, a broken access control vulnerability in the database query tool allows any authenticated tenant to read sensitive data belonging to other tenants, including API keys, mod...

CVE-2026-30859

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.12, a broken access control vulnerability in the database query tool allows any authenticated tenant to read sensitive data belonging to other tenants, including API keys, mod...

CVE-2026-30859

WeKnora prior to version 0.2.12 suffers broken access control in the database query tool, allowing any authenticated tenant to read data from other tenants (models, messages, embeddings) including API keys and model configurations due to failure to enforce tenant isolation on critical tables. The...

CVE-2026-30859 WeKnora: Broken Access Control - Cross-Tenant Data Exposure

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.12, a broken access control vulnerability in the database query tool allows any authenticated tenant to read sensitive data belonging to other tenants, including API keys, mod...

WeKnora has Broken Access Control - Cross-Tenant Data Exposure

Summary A broken access control vulnerability in the database query tool allows any authenticated tenant to read sensitive data belonging to other tenants, including API keys, model configurations, and private messages. The application fails to enforce tenant isolation on critical tables models,...

GHSA-2F4C-VRJQ-RCGV WeKnora has Broken Access Control - Cross-Tenant Data Exposure

Summary A broken access control vulnerability in the database query tool allows any authenticated tenant to read sensitive data belonging to other tenants, including API keys, model configurations, and private messages. The application fails to enforce tenant isolation on critical tables models,...

Transparent Tribe Uses AI to Mass-Produce Malware Implants in Campaign Targeting India

The Pakistan-aligned threat actor known as Transparent Tribe has become the latest hacking group to embrace artificial intelligence AI-powered coding tools to strike targets with various implants. The activity is designed to produce a "high-volume, mediocre mass of implants" that are developed...

Improved Leakage Abuse Attacks in Searchable Symmetric Encryption with EBPF Monitoring

Searchable Symmetric Encryption SSE allows users to search over encrypted data stored on untrusted servers, like cloud providers. While SSE hides the content of queries and documents, it still leaks patterns, such as how often a query is made. These leakages have been shown to enable leakage abus...

Before You Hand over the Wheel: Evaluating LLMs for Security Incident Analysis

Security incident analysis SIA poses a major challenge for security operations centers, which must manage overwhelming alert volumes, large and diverse data sources, complex toolchains, and limited analyst expertise. These difficulties intensify because incidents evolve dynamically and require...

PT-2026-23802

Name of the Vulnerable Software and Affected Versions WeKnora versions prior to 0.2.12 Description WeKnora is a framework for deep document understanding and semantic retrieval. A broken access control issue in the database query tool allows any authenticated tenant to read sensitive data belongi...

SecureRAG-RTL: A Retrieval-Augmented, Multi-Agent, Zero-Shot LLM-Driven Framework for Hardware Vulnerability Detection

Large language models LLMs have shown remarkable capabilities in natural language processing tasks, yet their application in hardware security verification remains limited due to scarcity of publicly available hardware description language HDL datasets. This knowledge gap constrains LLM performan...

📄 Honeywell Trend IQ4 Unauthenticated Add Admin

This Metasploit module exploits an insecure default configuration in Honeywell Trend IQ4 controllers. By default, these devices do not enforce authentication, allowing a remote user to enable the User Module and create a new administrative account. Note: This action permanently changes the device...

CVE-2026-26478

A shell command injection vulnerability in Mobvoi Tichome Mini smart speaker 012-18853 and 027-58389 allows remote attackers to send a specially crafted UDP datagram and execute arbitrary shell code as the root account...

Apple Security Update: iOS 18.7.6

Apple recommends to install security update iOS 18.7.6 on devices iPhone XS, iPhone XS Max, iPhone XR...

CAM-LDS: Cyber Attack Manifestations for Automatic Interpretation of System Logs and Security Alerts

Log data are essential for intrusion detection and forensic investigations. However, manual log analysis is tedious due to high data volumes, heterogeneous event formats, and unstructured messages. Even though many automated methods for log analysis exist, they usually still rely on domain-specif...

CVE-2025-62814

An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, and 2400. A NULL pointer dereference of fthandle in loadfwutcvector causes a denial of service...

Seeing AI Clearly: Building Visibility Across Modern AI Applications

AI applications span models, agents, and cloud environments in ways traditional security tools weren’t designed to understand. Here’s why visibility breaks — and how a new, implementation-agnostic approach helps teams safely adopt AI...

CVE-2025-62816

An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400, 1580, and 2500. Unvalidated VS4LVERTEXIOCBOOTUP input leads to a denial of service...

CVE-2025-62814

An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, and 2400. A NULL pointer dereference of fthandle in loadfwutcvector causes a denial of service...