Posts of last 24 hours
A vulnerability was found in MyScale MyScaleDB up to 1.8.0. It has been declared as problematic. This vulnerability affects the function SegmentId::getCacheKey in the library src/VectorIndex/Common/SegmentId.h. The manipulation results in insufficient verification of data authenticity.
This vulnerability is known as CVE-2026-13513. It is possible to launch the attack remotely. Furthermore, an exploit is available.
The pull request to fix this issue awaits acceptance.
https://vuldb.com/vuln/374521
A vulnerability was found in Databend up to 1.2.881 on HTTP. It has been classified as problematic. This affects the function ClientSessionManager::state_key of the file src/query/service/src/servers/http/v1/session/client_session_manager.rs of the component Tenant Handler. The manipulation leads to authorization bypass.
This vulnerability is traded as CVE-2026-13512. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
The pull request to fix this issue awaits acceptance.
https://vuldb.com/vuln/374520
A vulnerability was found in VoltAgent up to 2.1.17 and classified as problematic. Affected by this issue is the function handleGetMemoryConversation of the file packages/server-core/src/handlers/memory.handlers.ts of the component Memory REST API. Executing a manipulation of the argument conversationId can lead to improper authorization.
This vulnerability appears as CVE-2026-13511. The attack may be performed from remote. In addition, an exploit is available.
The pull request to fix this issue awaits acceptance.
https://vuldb.com/vuln/374519
A vulnerability has been found in SimStudioAI sim up to 0.6.92 and classified as problematic. Affected by this vulnerability is an unknown functionality in the library apps/sim/lib/core/security/deployment.ts of the component Password Protection Handler. Performing a manipulation results in use of weak hash.
This vulnerability is reported as CVE-2026-13510. The attack is possible to be carried out remotely. Moreover, an exploit is present.
The pull request to fix this issue awaits acceptance.
https://vuldb.com/vuln/374518
A vulnerability, which was classified as critical, was found in RAGapp up to 0.1.5. Affected is the function FileHandler.upload_file/FileHandler.remove_file of the file src/ragapp/backend/controllers/files.py of the component Knowledge File Handler. Such manipulation leads to path traversal.
This vulnerability is documented as CVE-2026-13509. The attack can be executed remotely. Additionally, an exploit exists.
The pull request to fix this issue awaits acceptance.
https://vuldb.com/vuln/374517
A vulnerability, which was classified as critical, has been found in khoj-ai khoj up to 2.0.0-beta.28. This impacts an unknown function of the file src/khoj/routers/api_chat.py of the component Conversation Sharing Handler. This manipulation of the argument conversation.agent causes incorrect authorization.
This vulnerability is registered as CVE-2026-13508. Remote exploitation of the attack is possible. Furthermore, an exploit is available.
The pull request to fix this issue awaits acceptance.
https://vuldb.com/vuln/374516
A vulnerability classified as problematic was found in volcengine OpenViking up to 0.3.21. This affects the function str_to_uint64 of the file openviking/storage/vectordb/utils/str_to_uint64.py of the component Local VectorDB Primary-key Label Handler. The manipulation of the argument ID results in insufficient verification of data authenticity.
This vulnerability is cataloged as CVE-2026-13507. The attack may be launched remotely. There is no exploit available.
The pull request to fix this issue awaits acceptance.
https://vuldb.com/vuln/374515
A vulnerability classified as critical has been found in zephyrproject zephyr up to 4.4.x. The impacted element is the function getaddrinfo of the file subsys/net/lib/sockets/getaddrinfo.c. The manipulation of the argument ai_arr[] leads to use after free.
This vulnerability is listed as CVE-2026-10646. The attack may be initiated remotely. There is no available exploit.
It is recommended to upgrade the affected component.
https://vuldb.com/vuln/374514
A vulnerability described as problematic has been identified in zephyrproject zephyr up to 4.4.x. The affected element is the function unicast_client_ep_qos_state of the file subsys/bluetooth/audio/bap_unicast_client.c. Executing a manipulation can lead to null pointer dereference.
This vulnerability is tracked as CVE-2026-10593. The attack is only possible within the local network. No exploit exists.
Upgrading the affected component is recommended.
https://vuldb.com/vuln/374513
A vulnerability marked as critical has been reported in zephyrproject zephyr up to 4.4.x. Impacted is the function recvmsg of the file subsys/net/lib/sockets/sockets_inet.c of the component Supervisor Mode. Performing a manipulation results in out-of-bounds write.
This vulnerability is identified as CVE-2026-10643. The attack is only possible with local access. There is not any exploit available.
It is suggested to upgrade the affected component.
https://vuldb.com/vuln/374512