CVE-2026-56695

OpenHarness ohmo gateway exposed by default to remote invocation via /resume and /summary, enabling attackers to enumerate and load arbitrary session snapshots by ID. This can grant access to private prompts, credentials, tool output, and file paths through shared gateway channels. Documented imp...

SUSE-SU-2026:21804-1 Security update for go1.26

This update for go1.26 fixes the following issues Security issues: - CVE-2026-33811: net: crash when handling long CNAME response bsc1264508. - CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1264506. - CVE-2026-39817: cmd/go: "go tool pack" does...

CVE-2026-39419 MaxKB: Sandbox Result Validation Bypass via Tool Output Spoofing

MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, an authenticated user can bypass sandbox result validation and spoof tool execution results by exploiting Python frame introspection to read the wrapper's UUID from its bytecode constants, then writing a forged resu...

CVE-2026-39419

MaxKB (enterprise open-source AI assistant)

PT-2026-30458

🚨 LIVE HIJACK ALERT — CVE-2026-55555. CVSS 9.3. langchain agents reading tool output as trusted input. attacker returns malicious prompt in tool result. agent executes it as instruction. investigating. 🧵...

EUVD-2023-0665

Malicious code in bioql PyPI...

Information Disclosure

kubernetes is vulnerable to Information Disclosure. The vulnerability exists in the equals function of roundtrippers.go which allows unauthenticated attackers to use another user's authenticated connection to read data in the API server logs and a client tool output such as kubectl...