Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
22874
Total
1630
Critical
7150
High
7293
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-55616 | UNKNOWN | — | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-49757. Reason: This candidate is a duplicate of CVE-2026-49757. Notes: All CVE users … | Jul 10, 2026 |
| CVE-2026-55615 | UNKNOWN | — | Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.5, Neo4jChatAgent passes LLM-generated Cypher queries straight to the Neo4j driver with no validation, … | Jul 10, 2026 |
| CVE-2026-54771 | HIGH | 8.1 | Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.3, a Langroid application exposing a chat interface to untrusted users may allow direct … | Jul 10, 2026 |
| CVE-2026-54769 | CRITICAL | 10.0 | Langroid is a framework for building large-language-model-powered applications. Versions prior to 0.65.2 are vulnerable to a critical Sandbox Escape leading to Remote Code Execution (RCE) … | Jul 10, 2026 |
| CVE-2026-54760 | UNKNOWN | — | Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.1, the `SQLChatAgent` SQL-injection mitigation, with default `allow_dangerous_operations=False`, combines a raw-text regex blocklist (`_DANGEROUS_SQL_PATTERNS`) … | Jul 10, 2026 |
| CVE-2026-50181 | HIGH | 7.1 | Langroid is a framework for building large-language-model-powered applications. Prior to version 0.64.0, Langroid's `ReadFileTool` and `WriteFileTool` appear to treat `curr_dir` as the intended working-directory boundary … | Jul 10, 2026 |
| CVE-2026-50180 | UNKNOWN | — | Langroid is a framework for building large-language-model-powered applications. Prior to version 0.64.0, `SQLChatAgent` in `langroid` ships a `_validate_query` defense-in-depth layer whose `_DANGEROUS_SQL_PATTERNS` regex blocklist enumerates … | Jul 10, 2026 |
| CVE-2026-15317 | MEDIUM | 6.3 | A security flaw has been discovered in Sipeed PicoClaw up to 0.2.9. Affected by this vulnerability is the function WebFetchTool.Execute of the file pkg/tools/integration/web.go of … | Jul 10, 2026 |
| CVE-2026-15311 | LOW | 3.5 | A vulnerability was identified in NousResearch hermes-agent up to 2026.5.29.2. Affected by this issue is the function MatrixAdapter._markdown_to_html of the file gateway/platforms/matrix.py of the component … | Jul 10, 2026 |
| CVE-2026-12598 | HIGH | 8.1 | The LoginPress Pro plugin for WordPress is vulnerable to authentication bypass in versions up to and including 6.2.3 via the Spotify Social Login addon. This … | Jul 10, 2026 |
| CVE-2026-12597 | HIGH | 8.1 | The LoginPress Pro plugin for WordPress is vulnerable to Authentication Bypass via the GitHub OAuth callback in versions up to, and including, 6.2.3. The vulnerability … | Jul 10, 2026 |
| CVE-2026-12595 | HIGH | 8.1 | The LoginPress Pro plugin for WordPress is vulnerable to Authentication Bypass via Unverified OAuth Email in all versions up to and including 6.2.3. The vulnerability … | Jul 10, 2026 |
| CVE-2026-59858 | HIGH | 7.8 | Vim is an open source, command line text editor. Prior to 9.2.0735, the C omni-completion script in runtime/autoload/ccomplete.vim interpolates the typeref: or typename: extension field … | Jul 09, 2026 |
| CVE-2026-59857 | MEDIUM | 5.5 | Vim is an open source, command line text editor. Prior to 9.2.0725, the single-byte branch of spell_soundfold_sal() in src/spell.c translates a word through a spell … | Jul 09, 2026 |
| CVE-2026-59856 | HIGH | 7.8 | Vim is an open source, command line text editor. Prior to 9.2.0736, the PHP omni-completion script in runtime/autoload/phpcomplete.vim interpolates a class or trait name, taken … | Jul 09, 2026 |
| CVE-2026-59855 | UNKNOWN | — | SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, Asset.render in app/src/asset/index.ts interpolates the unsanitized this.path value into HTML assigned to innerHTML, allowing … | Jul 09, 2026 |
| CVE-2026-59854 | MEDIUM | 4.9 | SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, POST /api/file/globalCopyFiles accepts attacker-supplied absolute source paths and relies on util.IsSensitivePath in kernel/util/path.go, whose … | Jul 09, 2026 |
| CVE-2026-59853 | MEDIUM | 6.5 | SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, the /api/storage/getCriteria endpoint returns saved search criteria from data/storage/criteria.json without the publish-access filtering used … | Jul 09, 2026 |
| CVE-2026-59834 | HIGH | 7.5 | SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, the block search endpoint POST /api/search/fullTextSearchBlock concatenates attacker-controlled paths values into SQL predicates used … | Jul 09, 2026 |
| CVE-2026-59833 | UNKNOWN | — | SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, SiYuan renders note and package content to HTML through the Lute engine with sanitization … | Jul 09, 2026 |
| CVE-2026-59832 | HIGH | 7.7 | SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, the /snippets/*filepath route handler serveSnippets in kernel/server/serve.go joins a single-decoded request path with the … | Jul 09, 2026 |
| CVE-2026-59831 | MEDIUM | 4.4 | GitHub CLI (gh) is GitHub’s official command line tool. From 2.10.0 through 2.95.0, connecting to a malicious Codespace with gh codespace jupyter can allow command … | Jul 09, 2026 |
| CVE-2026-57501 | NONE | — | Zen is a firefox-based browser. Prior to 1.21.5b, Zen's glance and split-view context-menu actions, Open link in glance and Split link in new tab, load … | Jul 09, 2026 |
| CVE-2026-44342 | MEDIUM | 5.3 | New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Prior to 0.12.0-alpha.1, the email and WeChat account binding … | Jul 09, 2026 |
| CVE-2026-33655 | HIGH | 7.7 | New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Prior to 0.12.0-alpha.1, the default SSRF protection configuration did … | Jul 09, 2026 |