Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

23272
Total
1655
Critical
7315
High
7384
Medium
CVE ID Severity Score Description Published
CVE-2026-54771 HIGH 8.1 Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.3, a Langroid application exposing a chat interface to untrusted users may allow direct … Jul 10, 2026
CVE-2026-54769 CRITICAL 10.0 Langroid is a framework for building large-language-model-powered applications. Versions prior to 0.65.2 are vulnerable to a critical Sandbox Escape leading to Remote Code Execution (RCE) … Jul 10, 2026
CVE-2026-54760 UNKNOWN Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.1, the `SQLChatAgent` SQL-injection mitigation, with default `allow_dangerous_operations=False`, combines a raw-text regex blocklist (`_DANGEROUS_SQL_PATTERNS`) … Jul 10, 2026
CVE-2026-50181 HIGH 7.1 Langroid is a framework for building large-language-model-powered applications. Prior to version 0.64.0, Langroid's `ReadFileTool` and `WriteFileTool` appear to treat `curr_dir` as the intended working-directory boundary … Jul 10, 2026
CVE-2026-50180 UNKNOWN Langroid is a framework for building large-language-model-powered applications. Prior to version 0.64.0, `SQLChatAgent` in `langroid` ships a `_validate_query` defense-in-depth layer whose `_DANGEROUS_SQL_PATTERNS` regex blocklist enumerates … Jul 10, 2026
CVE-2026-15317 MEDIUM 6.3 A security flaw has been discovered in Sipeed PicoClaw up to 0.2.9. Affected by this vulnerability is the function WebFetchTool.Execute of the file pkg/tools/integration/web.go of … Jul 10, 2026
CVE-2026-15311 LOW 3.5 A vulnerability was identified in NousResearch hermes-agent up to 2026.5.29.2. Affected by this issue is the function MatrixAdapter._markdown_to_html of the file gateway/platforms/matrix.py of the component … Jul 10, 2026
CVE-2026-12598 HIGH 8.1 The LoginPress Pro plugin for WordPress is vulnerable to authentication bypass in versions up to and including 6.2.3 via the Spotify Social Login addon. This … Jul 10, 2026
CVE-2026-12597 HIGH 8.1 The LoginPress Pro plugin for WordPress is vulnerable to Authentication Bypass via the GitHub OAuth callback in versions up to, and including, 6.2.3. The vulnerability … Jul 10, 2026
CVE-2026-12595 HIGH 8.1 The LoginPress Pro plugin for WordPress is vulnerable to Authentication Bypass via Unverified OAuth Email in all versions up to and including 6.2.3. The vulnerability … Jul 10, 2026
CVE-2026-59858 HIGH 7.8 Vim is an open source, command line text editor. Prior to 9.2.0735, the C omni-completion script in runtime/autoload/ccomplete.vim interpolates the typeref: or typename: extension field … Jul 09, 2026
CVE-2026-59857 MEDIUM 5.5 Vim is an open source, command line text editor. Prior to 9.2.0725, the single-byte branch of spell_soundfold_sal() in src/spell.c translates a word through a spell … Jul 09, 2026
CVE-2026-59856 HIGH 7.8 Vim is an open source, command line text editor. Prior to 9.2.0736, the PHP omni-completion script in runtime/autoload/phpcomplete.vim interpolates a class or trait name, taken … Jul 09, 2026
CVE-2026-59855 UNKNOWN SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, Asset.render in app/src/asset/index.ts interpolates the unsanitized this.path value into HTML assigned to innerHTML, allowing … Jul 09, 2026
CVE-2026-59854 MEDIUM 4.9 SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, POST /api/file/globalCopyFiles accepts attacker-supplied absolute source paths and relies on util.IsSensitivePath in kernel/util/path.go, whose … Jul 09, 2026
CVE-2026-59853 MEDIUM 6.5 SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, the /api/storage/getCriteria endpoint returns saved search criteria from data/storage/criteria.json without the publish-access filtering used … Jul 09, 2026
CVE-2026-59834 HIGH 7.5 SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, the block search endpoint POST /api/search/fullTextSearchBlock concatenates attacker-controlled paths values into SQL predicates used … Jul 09, 2026
CVE-2026-59833 UNKNOWN SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, SiYuan renders note and package content to HTML through the Lute engine with sanitization … Jul 09, 2026
CVE-2026-59832 HIGH 7.7 SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, the /snippets/*filepath route handler serveSnippets in kernel/server/serve.go joins a single-decoded request path with the … Jul 09, 2026
CVE-2026-59831 MEDIUM 4.4 GitHub CLI (gh) is GitHub’s official command line tool. From 2.10.0 through 2.95.0, connecting to a malicious Codespace with gh codespace jupyter can allow command … Jul 09, 2026
CVE-2026-57501 NONE Zen is a firefox-based browser. Prior to 1.21.5b, Zen's glance and split-view context-menu actions, Open link in glance and Split link in new tab, load … Jul 09, 2026
CVE-2026-44342 MEDIUM 5.3 New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Prior to 0.12.0-alpha.1, the email and WeChat account binding … Jul 09, 2026
CVE-2026-33655 HIGH 7.7 New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Prior to 0.12.0-alpha.1, the default SSRF protection configuration did … Jul 09, 2026
CVE-2026-59828 MEDIUM 5.3 Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, post revisions that should be hidden from regular users could be leaked … Jul 09, 2026
CVE-2026-58144 MEDIUM 5.4 Cotonti Siena 0.9.26 and earlier contains a stored cross-site scripting vulnerability that allows authenticated users with PFS access to inject arbitrary script payloads by supplying … Jul 09, 2026