CVE-2026-32949

SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.7.0 contain a Server-Side Request Forgery SSRF vulnerability that allows an attacker to retrieve arbitrary system and application files from the server. An attacker can exploit the...

dnsmasq -- multiple vulnerabilities

Simon Kelley reports: Today, 11th May 2026 CERT is releasing a set of six CVEs for serious security vulnerabilities in dnsmasq. These are all long-standing bugs which apply to pretty much all non-ancient versions. Christopher Cullen and Molly Jaconski write, in Vulnerability Note VU471747:...

CVE-2026-32949

SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.7.0 contain a Server-Side Request Forgery SSRF vulnerability that allows an attacker to retrieve arbitrary system and application files from the server. An attacker can exploit the...

CVE-2026-32949 SQLBot: SSRF to Arbitrary File Read (AFR) via Rogue MySQL

SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.7.0 contain a Server-Side Request Forgery SSRF vulnerability that allows an attacker to retrieve arbitrary system and application files from the server. An attacker can exploit the...

CVE-2026-32949

SQLBot is vulnerable prior to version 1.7.0 to an SSRF leading to arbitrary local-file reads. An attacker can abuse /api/v1/datasource/check by supplying a forged MySQL data source with extraJdbc="local_infile=1". During connectivity verification, a rogue MySQL server issues a malicious LOAD DATA...

CVE-2026-32949 SQLBot: SSRF to Arbitrary File Read (AFR) via Rogue MySQL

SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.7.0 contain a Server-Side Request Forgery SSRF vulnerability that allows an attacker to retrieve arbitrary system and application files from the server. An attacker can exploit the...

EUVD-2025-30362

Malicious code in bioql PyPI...

Brave Desktop 1.69.153 Security Fixes

Implemented process hardening for the Brave VPN services on Windows. - Implemented a trusted source check for "Elevator::InstallVPNServices". - Updated code to use JSON serialization to escape all unsafe symbols in SpeedReader. - Limited extension features to allow listed extensions. Upgraded...

SUSE CVE-2024-43833

In the Linux kernel, the following vulnerability has been resolved: media: v4l: async: Fix NULL pointer dereference in adding ancillary links In v4l2asynccreateancillarylinks, ancillary links are created for lens and flash sub-devices. These are sub-device to sub-device links and if the async...

DEBIAN-CVE-2019-16235

Dino before 2019-09-10 does not properly check the source of a carbons message in module/xep/0280messagecarbons.vala...

CVE-2019-16237

Dino before 2019-09-10 does not properly check the source of an MAM message in module/xep/0313messagearchivemanagement.vala...

Code injection

Dino before 2019-09-10 does not properly check the source of a carbons message in module/xep/0280messagecarbons.vala...

CVE-2019-16237

Dino before 2019-09-10 does not properly check the source of an MAM message in module/xep/0313messagearchivemanagement.vala...

CVE-2019-16235

Dino (XMPP client) is affected by CVE-2019-16235, CVE-2019-16236 and CVE-2019-16237. The underlying issues are improper validation in Dino: CVE-2019-16235 for the source of message carbons, CVE-2019-16236 for roster push authorization, and CVE-2019-16237 for MAM message sources. Exploitation coul...

CVE-2019-16237

Dino before 2019-09-10 does not properly check the source of an MAM message in module/xep/0313messagearchivemanagement.vala...

Authentication Vulnerability in Coremail Mail System Server Side

Coremail mail system developed by Ying Shi Information Technology Co., Ltd. is a web application system, widely used in government agencies, enterprises and institutions and other departments. There is an authentication vulnerability in the server side of Coremail mail system. Because the server...

UBUNTU-CVE-2015-1297

The WebRequest API implementation in extensions/browser/api/webrequest/webrequestapi.cc in Google Chrome before 45.0.2454.85 does not properly consider a request's source before accepting the request, which allows remote attackers to bypass intended access restrictions via a crafted 1 app or 2...

OpenJDK: DatagramSocket connected socket missing source check (Libraries, 8039509)

It was discovered that the DatagramSocket implementation in OpenJDK failed to perform source address checks for packets received on a connected socket. A remote attacker could use this flaw to have their packets processed as if they were received from the expected source...