CVE-2026-44504 Aegra: Cross-user run injection in /threads/{thread_id}/runs (IDOR)

Aegra is a drop-in replacement for LangSmith Deployments. Prior to 0.9.7, with multiple authenticated users on a shared instance are vulnerable to a cross-tenant IDOR. Any authenticated attacker, given another user's threadid, can execute graph runs against the user's thread, read the user's full...

EUVD-2019-20024

Bootstrapy CMS contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through POST parameters. Attackers can inject SQL payloads into the threadid parameter of forum-thread.php, the subject parameter of...

Authorization Bypass Through User-Controlled Key

Overview chainlit is a Build Conversational AI. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key due to a missing authorization check when binding a WebSocket session to a user-supplied threadId. An attacker can exploit this weakness by providin...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988831)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988831 advisory. In the Linux kernel, the following vulnerability has been resolved: mm/slub: add missing TID updates on slab deactivation The fastpath in slaballocnode assumes that...

CVE-2025-50938

Cross site scripting XSS vulnerability in Hustoj 2025-01-31 via the TID parameter to thread.php...

PT-2025-33746 · Hustoj · Hustoj

Name of the Vulnerable Software and Affected Versions: Hustoj version 2025-01-31 Description: The software contains a cross site scripting XSS issue in the thread.php file through the TID parameter. Recommendations: As a mitigation, sanitize the TID parameter in the thread.php file...

CVE-2025-50938

Cross site scripting XSS vulnerability in Hustoj 2025-01-31 via the TID parameter to thread.php...

Liner 安全漏洞

Liner is an AI large language modeling platform from Liner. A security vulnerability exists in Liner version 2025-06-03 and earlier, which stems from improper access control of the spaceid, threadid, and messageid parameters, which could lead to the disclosure of sensitive information...

kernel: mm/slub: add missing TID updates on slab deactivation

In the Linux kernel, the following vulnerability has been resolved: mm/slub: add missing TID updates on slab deactivation The fastpath in slaballocnode assumes that c-slab is stable as long as the TID stays the same. However, two places in slaballoc currently don't update the TID when deactivatin...

PT-2024-11188 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue arises when the hardware register containing the server TID base holds invalid values, which can occur when the adapter is in a bad state, such as after an AER fatal error...

kernel: mm/slub: add missing TID updates on slab deactivation

In the Linux kernel, the following vulnerability has been resolved: mm/slub: add missing TID updates on slab deactivation The fastpath in slaballocnode assumes that c-slab is stable as long as the TID stays the same. However, two places in slaballoc currently don't update the TID when deactivatin...

An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c in the Linux kernel before 5.5.11. The slowpath lacks the required TID increment aka CID-fd4d9c7d0c71.

...

PT-2005-4658 · Ovbb · Ovbb

Name of the Vulnerable Software and Affected Versions: OvBB version 0.08a Description: The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the threadid parameter to "thread.php" and the userid parameter to "profile.php". The vendor has disputed these...