CVE-2026-40351

FastGPT is an AI Agent building platform. In versions prior to 4.14.9.5, the password-based login endpoint uses TypeScript type assertion without runtime validation, allowing an unauthenticated attacker to pass a MongoDB query operator object e.g., "$ne": "" as the password field. This NoSQL...

CVE-2026-40320

Giskard is an open-source testing framework for AI models. In versions prior to 1.0.2b1, the ConformityCheck class rendered the rule parameter through Jinja2's default Template constructor, silently interpreting template expressions at runtime. If check definitions are loaded from an untrusted...

jq: Missing runtime type checks for _strindices lead to crash and limited memory disclosure

...

PT-2026-37014

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.14 Description A redaction bypass exists that allows authenticated gateway clients with config read access to receive unredacted secrets. This occurs through the sourceConfig and runtimeConfig alias fields,...

FastGPT 安全漏洞

FastGPT is an open-source knowledge base question-answering system based on large language models developed by Labring. Versions of FastGPT prior to 4.14.9.5 contained a security vulnerability. This vulnerability stemmed from the use of TypeScript type assertions in password-based login endpoints...

PT-2026-33519

FastGPT is an AI Agent building platform. In versions prior to 4.14.9.5, the password-based login endpoint uses TypeScript type assertion without runtime validation, allowing an unauthenticated attacker to pass a MongoDB query operator object e.g., "$ne": "" as the password field. This NoSQL...

Oracle Linux 8 : .NET / 9.0 (ELSA-2026-8475)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-8475 advisory. 9.0.116-1.0.1 - Add support for Oracle Linux 9.0.116-1 - Update to .NET SDK 9.0.116 and Runtime 9.0.15 - Resolves: RHEL-163389 Tenable has extracted th...

Oracle Linux 9 : .NET / 9.0 (ELSA-2026-8474)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-8474 advisory. 9.0.116-1.0.1 - Add support for Oracle Linux 9.0.116-1 - Update to .NET SDK 9.0.116 and Runtime 9.0.15 - Resolves: RHEL-163394 Tenable has extracted th...

Oracle Linux 10 : .NET / 9.0 (ELSA-2026-8472)

The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-8472 advisory. 9.0.116-1.0.1 - Add support for Oracle Linux 9.0.116-1 - Update to .NET SDK 9.0.116 and Runtime 9.0.15 - Resolves: RHEL-163396 Tenable has extracted t...

Oracle Linux 9 : .NET / 10.0 (ELSA-2026-8471)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-8471 advisory. 10.0.106-1.0.1 - Add support for Oracle Linux 10.0.106-1 - Update to .NET SDK 10.0.106 and Runtime 10.0.6 - Resolves: RHEL-163384 Tenable has extracted...

Oracle Linux 8 : .NET / 10.0 (ELSA-2026-8473)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-8473 advisory. 10.0.106-1.0.1 - Add support for Oracle Linux 10.0.106-1 - Update to .NET SDK 10.0.106 and Runtime 10.0.6 - Resolves: RHEL-163381 Tenable has extracted...

Oracle Linux 10 : .NET / 8.0 (ELSA-2026-8470)

The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-8470 advisory. 8.0.126-1.0.1 - Add support for Oracle Linux 8.0.126-1 - Update to .NET SDK 8.0.126 and Runtime 8.0.26 - Resolves: RHEL-163417 Tenable has extracted t...

Oracle Linux 10 : .NET / 10.0 (ELSA-2026-8467)

The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-8467 advisory. 10.0.106-1.0.1 - Add support for Oracle Linux 10.0.106-1 - Update to .NET SDK 10.0.106 and Runtime 10.0.6 - Resolves: RHEL-163385 Tenable has extracte...

[SECURITY] Fedora 44 Update: plasma-workspace-6.6.4-1.fc44

Plasma 6 libraries and runtime components...

[SECURITY] Fedora 44 Update: kf6-kimageformats-6.25.0-2.fc44

This framework provides additional image format plugins for QtGui. As such it is not required for the compilation of any other software, but may be a runtime requirement for Qt-based software to support certain image formats...

charms-sdk (>=0.3.0 <=0.6.3), kzg-rs (>=0.2.3-sp1-4.0.0 <=0.2.5) +77 more potentially affected by unknown CVE via p3-symmetric (>=0.1.0 <=0.4.3)

p3-symmetric CARGO version =0.1.0, =0.3.0, =0.2.3-sp1-4.0.0, =0.20.0, =0.11.0, =5.2.2, =5.2.5, =5.2.2, =0.1.0, =0.4.0, =0.1.0, =0.4.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.4.3-succinct and more Source cves: unknown CVE Source advisory: OSV:GHSA-3G92-F9CH-QJCM...

Paperclip: Malicious skills able to exfiltrate and destroy all user data

Summary An arbitrary code execution vulnerability in the workspace runtime service allows any agent to execute shell commands on the server, exposing all environment variables including API keys, JWT secrets, and database credentials. Details A malicious skill can instruct the agent to exploit th...

GHSA-W8HX-HQJV-VJCQ Paperclip: Malicious skills able to exfiltrate and destroy all user data

Summary An arbitrary code execution vulnerability in the workspace runtime service allows any agent to execute shell commands on the server, exposing all environment variables including API keys, JWT secrets, and database credentials. Details A malicious skill can instruct the agent to exploit th...

Arbitrary Code Injection

Overview flowise-components is a Flowiseai Components Affected versions of this package are vulnerable to Arbitrary Code Injection through the pythonCodeValidator and the Python execution paths in AirtableAgent.ts and CSVAgent.ts. An attacker can supply LLM-generated Python code that smuggles in...

Important: Red Hat Security Advisory: .NET 10.0 security update

An update for .NET 10.0 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...