CVE-2026-6729 HKUDS OpenHarness Session Key Collision Privilege Escalation

HKUDS OpenHarness prior to PR 159 remediation contains a session key derivation vulnerability that allows authenticated participants in shared chats or threads to hijack other users' sessions by exploiting a shared ohmo session key that lacks sender identity verification. Attackers can reuse...

mirai-exploit

Vulnerability Details CVE ID: CVE-2026-22812 Affe...

PraisonAI SQL Injection Vulnerability

PraisonAI is a low-code multi-intelligent body collaboration framework. PraisonAI suffers from a SQL injection vulnerability that stems from the getalluserthreads function constructing raw SQL queries using unescaped thread IDs, which can be exploited by an attacker to cause SQL injection and gai...

AlmaLinux 8 : perl:5.32 (ALSA-2026:8096)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:8096 advisory. perl: Perl threads have a working directory race condition where file operations may target unintended paths CVE-2025-40909 Tenable has extracted the preceding...

perl: Perl threads have a working directory race condition where file operations may target unintended paths

A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations...

RockyLinux 8 : perl:5.32 (RLSA-2026:8096)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:8096 advisory. perl: Perl threads have a working directory race condition where file operations may target unintended paths CVE-2025-40909 Tenable has extracted the preceding...

Moderate: perl:5.32 security update

Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Security Fixes: perl: Perl threads have a working directory race condition where file operations may target unintended paths CVE-2025-40909 For more details about the security...

CVE-2025-54602

An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930, and W1000. Improper synchronization on a global variable leads to a use-after-free. An attacker can trigger a race condition by invoking ...

Samsung多款产品 安全漏洞

SAMSUNG Mobile Processor and SAMSUNG Wearable Processor are both products of South Korean company Samsung. The SAMSUNG Mobile Processor is a series of mobile processors, while the SAMSUNG Wearable Processor is a series of wearable processors. Several Samsung products have security vulnerabilities...

CVE-2025-54602

CVE-2025-54602 concerns the Wi-Fi driver in Samsung’s Mobile Processor and Wearable Processor line (Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930, W1000). The root cause is improper synchronization on a global variable causing a use-after-free. An attacker can trigger a race con...

CVE-2025-54601

The CVE-2025-54601 affects the Wi‑Fi driver in Samsung’s Mobile Processor and Wearable Processor family (Exynos 980/850/1080/1280/1330/1380/1480/1580, W920, W930, W1000). Root cause: improper synchronization on a global variable that leads to a double free. Exploit vector: an attacker can trigger...

CVE-2018-25250 MyBB Last User's Threads in Profile Plugin 1.2 Persistent XSS

MyBB Last User's Threads in Profile Plugin 1.2 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts by crafting thread subjects with script tags. Attackers can create threads with script payloads in the subject field that execute when users...

CVE-2018-25250

CVE-2018-25250 affects the MyBB plugin “Last User’s Threads in Profile” version 1.2. The issue is a persistent XSS vulnerability whereby an attacker can inject malicious scripts by supplying script tags in the subject field of new threads. When users visit the attacker's profile page, the payload...

Electron 安全漏洞

Electron is an open-source JavaScript framework developed by users for creating cross-platform desktop applications. This framework is based on Node.js and Chromium, allowing the development of cross-platform desktop applications using HTML and CSS. There are security vulnerabilities in versions ...

CVE-2026-34934

CVE-2026-34934 is reserved, but connected data details a concrete vulnerability in PraisonAI. The GitHub advisory GHSA-9CQ8-3V94-434G reports a second-order SQL injection in PraisonAI’s get_all_user_threads flow. The flaw: get_all_user_threads builds raw SQL via f-strings using unescaped thread I...

CVE-2026-34934

PraisonAI is a multi-agent teams system. Prior to version 4.5.90, the getalluserthreads function constructs raw SQL queries using f-strings with unescaped thread IDs fetched from the database. An attacker stores a malicious thread ID via updatethread. When the application loads the thread list, t...

CVE-2026-34934 PraisonAI: Second-Order SQL Injection in `get_all_user_threads`

PraisonAI is a multi-agent teams system. Prior to version 4.5.90, the getalluserthreads function constructs raw SQL queries using f-strings with unescaped thread IDs fetched from the database. An attacker stores a malicious thread ID via updatethread. When the application loads the thread list, t...

CVE-2026-34934 PraisonAI: Second-Order SQL Injection in `get_all_user_threads`

PraisonAI is a multi-agent teams system. Prior to version 4.5.90, the getalluserthreads function constructs raw SQL queries using f-strings with unescaped thread IDs fetched from the database. An attacker stores a malicious thread ID via updatethread. When the application loads the thread list, t...

CVE-2026-34824

CVE-2026-34824 targets the Mesop Python-based UI framework. A vulnerability in the WebSocket handler from version 1.2.3 up to, but not including, 1.2.5 allows an unauthenticated attacker to flood the server with rapid WebSocket messages, causing unbounded thread creation. This thread exhaustion l...

CVE-2026-34824 Mesop: Unbounded Thread Creation in WebSocket Handler Leads to Denial of Service

Mesop is a Python-based UI framework that allows users to build web applications. From version 1.2.3 to before version 1.2.5, an uncontrolled resource consumption vulnerability exists in the WebSocket implementation of the Mesop framework. An unauthenticated attacker can send a rapid succession o...