CVE-2026-48116 AnythingLLM: RCE via ripgrep --pre argument injection in filesystem-search-files agent skill

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, the filesystem-search-files agent skill passes its LLM-controlled pattern parameter to ripgrep as a positional argument without a -- end-of-options separato...

PT-2026-44552

Name of the Vulnerable Software and Affected Versions AnythingLLM versions prior to 1.13.0 Description The filesystem-search-files agent skill passes an LLM-controlled pattern parameter to ripgrep as a positional argument without a -- end-of-options separator. Because ripgrep parses any argument...

Security Beta update 5.2.0 Beta1 for Multi-Linux Manager Client Tools

This update fixes the following issues: spacecmd: Version 5.2.6-0 Update translation strings uyuni-tools: Version 5.2.5-0 Remove migrate command Remove template script from mgradm: use the one in the image Split the TFTP server into a separate container Explicitly start proxy pods after operation...

SUSE-SU-2026:1140-1 Security Beta update 5.2.0 Beta1 for Multi-Linux Manager Client Tools

This update fixes the following issues: spacecmd: - Version 5.2.6-0 Update translation strings uyuni-tools: - Version 5.2.5-0 Remove migrate command Remove template script from mgradm: use the one in the image Split the TFTP server into a separate container Explicitly start proxy pods after...

CVE-2023-49564 Authentication Bypass

The CBIS/NCS Manager API is vulnerable to an authentication bypass. By sending a specially crafted HTTP header, an unauthenticated user can gain unauthorized access to API functions. This flaw allows attackers to reach restricted or sensitive endpoints of the HTTP API without providing any valid...

Missing Encryption of Sensitive Data

Overview Affected versions of this package are vulnerable to Missing Encryption of Sensitive Data due to the ordering of code used to start an MCP server container. An attacker can read secrets without needing access to the secrets store itself by gaining access to the home folder of the user who...

VulnCheck KEV: CVE-2022-0074

Untrusted Search Path vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server Container allows Privilege Escalation. This affects versions from 1.6.15 before 1.7.16.1...

PT-2024-40984 · Unknown · Cdi-Uploadserver-Container +7

Name of the Vulnerable Software and Affected Versions: cdi-apiserver-container affected versions not specified cdi-cloner-container affected versions not specified cdi-controller-container affected versions not specified cdi-importer-container affected versions not specified cdi-operator-containe...

PT-2024-40979 · Unknown +1 · Virt-Exportserver-Container +9

Name of the Vulnerable Software and Affected Versions: kubevirt versions prior to 1.1.1 virt-api-container versions prior to 1.1.1 virt-controller-container versions prior to 1.1.1 virt-exportproxy-container versions prior to 1.1.1 virt-exportserver-container versions prior to 1.1.1...

GHSA-2GGP-CMVM-F62F ScanCode.io command injection in docker image fetch process

Command Injection in docker fetch process Summary A possible command injection in the docker fetch process as it allows to append malicious commands in the dockerreference parameter. Details In the function scanpipe/pipes/fetch.py:fetchdockerimage1 the parameter dockerreference is user...

Litespeed Technologie OpenLiteSpeed 代码问题漏洞

Litespeed Technologie OpenLiteSpeed is an open source web server from Litespeed Technologie. A code issue vulnerability exists in LiteSpeed Technologies OpenLiteSpeed versions prior to 1.6.15 through 1.7.16.1, which stems from its Web Server Container allowing untrusted path searches leading to a...

February 11, 2020—KB4532691 (OS Build 17763.1039)

February 11, 2020—KB4532691 OS Build 17763.1039 Note This release also contains updates for Microsoft HoloLens OS Build 17763.1039 released February 11, 2020. Microsoft will release an update directly to the Windows Update Client to improve Windows Update reliability on Microsoft HoloLens that ha...

UltraFXP v1.07 - Memory Corruption Vulnerability

Document Title: =============== UltraFXP v1.07 - Memory Corruption Vulnerability Release Date: ============= 2011-08-14 Vulnerability Laboratory ID VL-ID: ==================================== 161 Product & Service Introduction: =============================== FTP-Client / FXP-Client...