CVE-2026-10300

A security vulnerability has been detected in SGLang 0.5.10.post1. Impacted is an unknown function of the file python/sglang/srt/lora/loramanager.py of the component Inference HTTP Endpoint. Such manipulation of the argument lorapath leads to reachable assertion. The attack can be launched...

SGLang security vulnerabilities

SGLang is a programming language and runtime system developed by SGL-project, aimed at accelerating large model inference. Version SGLang 0.5.10.post1 contains a security vulnerability. This vulnerability stems from an unknown function in the Inference HTTP Endpoint component file...

📄 Cybersecurity AI (CAI) Framework 0.5.10 Command Injection

Cybersecurity AI CAI Framework versions 0.5.10 and below suffer from a command injection vulnerability. Exploit Title: Cybersecurity AI CAI Framework 0.5.10 - Command Injection CVE: CVE-2026-25130 Date: 2026-02-03 Exploit Author: Mohammed Idrees Banyamer Author Country: Jordan Instagram:...

EUVD-2026-19915

FastFeedParser has an infinite redirect loop DoS via meta-refresh chain...

Uncontrolled Recursion

Overview fastfeedparser is a High performance RSS, Atom, JSON and RDF feed parser in Python Affected versions of this package are vulnerable to Uncontrolled Recursion through the parse function when processing HTML responses containing a tag, which leads to unbounded recursion without a redirect...

CVE-2026-39376

FastFeedParser is a high performance RSS, Atom and RDF parser. Prior to 0.5.10, when parse fetches a URL that returns an HTML page containing a tag, it recursively calls itself with the redirect URL — with no depth limit, no visited-URL deduplication, and no redirect count cap. An...

CVE-2026-39376 FastFeedParser has an infinite redirect loop DoS via meta-refresh chain

FastFeedParser is a high performance RSS, Atom and RDF parser. Prior to 0.5.10, when parse fetches a URL that returns an HTML page containing a tag, it recursively calls itself with the redirect URL — with no depth limit, no visited-URL deduplication, and no redirect count cap. An...

PT-2026-31006

FastFeedParser is a high performance RSS, Atom and RDF parser. Prior to 0.5.10, when parse fetches a URL that returns an HTML page containing a tag, it recursively calls itself with the redirect URL — with no depth limit, no visited-URL deduplication, and no redirect count cap. An...

CVE-2026-25130

Cybersecurity AI CAI is a framework for AI Security. In versions up to and including 0.5.10, the CAI Cybersecurity AI framework contains multiple argument injection vulnerabilities in its function tools. User-controlled input is passed directly to shell commands via subprocess.Popen with...

EUVD-2014-9087

Malware in sbrugna...

CVE-2024-8954

In composiohq/composio version 0.5.10, the API does not validate the x-api-key header's value during the authentication step. This vulnerability allows an attacker to bypass authentication by providing any random value in the x-api-key header, thereby gaining unauthorized access to the server...

CVE-2024-8954

CVE-2024-8954 affects composiohq/composio 0.5.10, where the API does not validate the x-api-key header during authentication. This allows an attacker to bypass authentication by supplying any value in x-api-key, resulting in unauthorized access to the server. The accompanying metrics indicate a h...

Composio 安全漏洞

Composio is a production-ready toolset for AI agents open-sourced by Composio. A security vulnerability exists in Composio version 0.5.10 that stems from the API not validating the value of the x-api-key header, which could lead to unauthorized access...

Wordpress Duplicator Elevation of Privilege Vulnerability

WordPress is the WordPress Software Foundation's suite of blogging platforms developed using the PHP language, which supports the hosting of personal blog sites on servers running PHP and MySQL.Duplicator is one of the extension plug-ins used to migrate/clone a site to another location. A securit...

WordPress Duplicator 0.5.8 Privilege Escalation

Exploit Title: Duplicator 0.5.8 Privilege Escalation Date: 21-11-2014 Software Link: https://wordpress.org/plugins/duplicator/ Exploit Author: Kacper Szurek Contact: http://twitter.com/KacperSzurek Website: http://security.szurek.pl/ Category: webapps 1. Description Every registered user can crea...

WordPress Plugin Duplicator 0.5.8 - Privilege Escalation

Exploit Title: Duplicator 0.5.8 Privilege Escalation Date: 21-11-2014 Software Link: https://wordpress.org/plugins/duplicator/ Exploit Author: Kacper Szurek Contact: http://twitter.com/KacperSzurek Website: http://security.szurek.pl/ Category: webapps 1. Description Every registered user can crea...