CVE-2026-34999

OpenViking 0.2.5, prior to 0.2.14, contains a missing authentication vulnerability in the bot proxy router that lets remote unauthenticated attackers access protected bot proxy functionality by sending requests to POST /bot/v1/chat and POST /bot/v1/chat/stream. Attackers can bypass authentication...

Brains (>=0.1.0 <=0.2.0), MFEKmath (>=0.1.0 <=0.1.1) +1577 more potentially affected by CVE-2026-33055 via tar (>=0.2.14 <=0.4.40)

tar CARGO version =0.2.14, =0.1.0, =0.1.0, =0.1.0, =0.10.2, =0.1.0, =0.1.2, =0.23.0, =0.23.0, =0.9.0, =1.2.0, =0.5.4, =0.5.4, =1.0.1 and more Source cves: CVE-2026-33055 Source advisory: OSV:RUSTSEC-2026-0068...

CVE-2025-45691

An Arbitrary File Read vulnerability exists in the ImageTextPromptValue class in Exploding Gradients RAGAS v0.2.3 to v0.2.14. The vulnerability stems from improper validation and sanitization of URLs supplied in the retrievedcontexts parameter when handling multimodal inputs...

CVE-2026-24897

Erugo is a self-hosted file-sharing platform. In versions up to and including 0.2.14, an authenticated low-privileged user can upload arbitrary files to any specified location due to insufficient validation of user‑supplied paths when creating shares. By specifying a writable path within the publ...

CVE-2026-24897 Authenticated Remote Code Execution via Arbitrary File Upload

Erugo is a self-hosted file-sharing platform. In versions up to and including 0.2.14, an authenticated low-privileged user can upload arbitrary files to any specified location due to insufficient validation of user‑supplied paths when creating shares. By specifying a writable path within the publ...

EUVD-2026-4975

Erugo is a self-hosted file-sharing platform. In versions up to and including 0.2.14, an authenticated low-privileged user can upload arbitrary files to any specified location due to insufficient validation of user‑supplied paths when creating shares. By specifying a writable path within the publ...

Erugo code issues and vulnerabilities

Erugo is an open-source file sharing platform developed by Erugo. Versions of Erugo 0.2.14 and earlier have code vulnerabilities. These vulnerabilities stem from insufficient path validation when creating shares. This allows low-privilege users to upload arbitrary files to designated locations,...

Integer overflow in solana_rbpf

From version 0.2.14 to 0.2.16 for Solana rBPF, function "relocate" in the file src/elf.rs has an integer overflow bug because the sym.stvalue is read directly from ELF file without checking. If the sym.stvalue is rather large, an integer overflow is triggered while calculating the variable "addr"...