SUSE CVE-2026-30861

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. From version 0.2.5 to before version 0.2.10, an unauthenticated remote code execution RCE vulnerability exists in the MCP stdio configuration validation. The application allows unrestricted user...

CVE-2026-30861

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. From version 0.2.5 to before version 0.2.10, an unauthenticated remote code execution RCE vulnerability exists in the MCP stdio configuration validation. The application allows unrestricted user...

CVE-2026-30861

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. From version 0.2.5 to before version 0.2.10, an unauthenticated remote code execution RCE vulnerability exists in the MCP stdio configuration validation. The application allows unrestricted user...

CVE-2026-30861

Technical details about CVE-2026-30861 are not provided in the connected documents. The initial description mentions the vulnerability and patch, but no deeper technical specifics. Monitor for updates and rely on official advisories for remediation.

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the ValidateStdioConfig process. An attacker can execute arbitrary commands with application privileges by bypassing argument validation using the -p flag in npx node. This allows full system compromise through...

aiodatalayer (>=1.0.0 <=2.3.1), aiotieba-reviewer (>=0.5.0 <=0.6.2) +57 more potentially affected by CVE-2025-65896 via asyncmy (>=0.2.10 <=0.2.11)

asyncmy PYPI version =0.2.10, =1.0.0, =0.5.0, =1.0.8, =2.0.9, =1.0.8, =0.1.0, =1.0.0, =1.3.9, =0.1.1, =0.1.0, =0.2.0, =1.0.0, =0.1.0, =0.1.0, =0.1.3 and more Source cves: CVE-2025-65896 Source advisory: OSV:GHSA-QHQW-RRW9-25RM...

EUVD-2025-200319

SQL injection vulnerability in long2ice assyncmy thru 0.2.10 allows attackers to execute arbitrary SQL commands via crafted dict keys...

GHSA-QHQW-RRW9-25RM asyncmy is vulnerable to SQL injection via crafted dict keys

SQL injection vulnerability in long2ice asyncmy thru 0.2.10 allows attackers to execute arbitrary SQL commands via crafted dict keys...

asyncmy is vulnerable to SQL injection via crafted dict keys

SQL injection vulnerability in long2ice asyncmy thru 0.2.10 allows attackers to execute arbitrary SQL commands via crafted dict keys...

CVE-2025-65896

SQL injection vulnerability in long2ice assyncmy thru 0.2.10 allows attackers to execute arbitrary SQL commands via crafted dict keys...

PT-2025-48749

Name of the Vulnerable Software and Affected Versions long2ice assyncmy versions through 0.2.10 Description A SQL injection issue exists in long2ice assyncmy. Attackers can execute arbitrary SQL commands by using specially crafted dictionary keys. Recommendations At the moment, there is no...

CVE-2025-65896

CVE-2025-65896 affects the long2ice assyncmy Python package up through version 0.2.10, where a SQL injection is possible via crafted dict keys in escape_dict. The issue can enable arbitrary SQL commands with network access and no user interaction, with a CVSS v3.1 base score of 9.8 (CRITICAL). Co...

Fedora: Security Advisory (FEDORA-2025-ada7909175)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EUVD-2025-150364

sudo-rs doesn't record authenticating user properly in timestamp...

UBUNTU-CVE-2025-64517

sudo-rs is a memory safe implementation of sudo and su written in Rust. With Defaults targetpw or Defaults rootpw enabled, the password of the target account or root account instead of the invoking user is used for authentication. sudo-rs starting in version 0.2.5 and prior to version 0.2.10...

CVE-2025-64517 sudo-rs doesn't record authenticating user properly in timestamp

sudo-rs is a memory safe implementation of sudo and su written in Rust. With Defaults targetpw or Defaults rootpw enabled, the password of the target account or root account instead of the invoking user is used for authentication. sudo-rs starting in version 0.2.5 and prior to version 0.2.10...

CVE-2025-64517 sudo-rs doesn't record authenticating user properly in timestamp

sudo-rs is a memory safe implementation of sudo and su written in Rust. With Defaults targetpw or Defaults rootpw enabled, the password of the target account or root account instead of the invoking user is used for authentication. sudo-rs starting in version 0.2.5 and prior to version 0.2.10...

UBUNTU-CVE-2025-64170

sudo-rs is a memory safe implementation of sudo and su written in Rust. Starting in version 0.2.7 and prior to version 0.2.10, if a user begins entering a password but does not press return for an extended period, a password timeout may occur. When this happens, the keystrokes that were entered a...

CVE-2025-64170 sudo-rs: Partial password reveal is possible after timeout

sudo-rs is a memory safe implementation of sudo and su written in Rust. Starting in version 0.2.7 and prior to version 0.2.10, if a user begins entering a password but does not press return for an extended period, a password timeout may occur. When this happens, the keystrokes that were entered a...

CVE-2025-64170 sudo-rs: Partial password reveal is possible after timeout

sudo-rs is a memory safe implementation of sudo and su written in Rust. Starting in version 0.2.7 and prior to version 0.2.10, if a user begins entering a password but does not press return for an extended period, a password timeout may occur. When this happens, the keystrokes that were entered a...