Aggregator

A vulnerability, which was classified as critical, has been found in khoj-ai khoj up to 2.0.0-beta.28. This impacts an unknown function of the file src/khoj/routers/api_chat.py of the component Conversation Sharing Handler. This manipulation of the argument conversation.agent causes incorrect authorization. This vulnerability is registered as CVE-2026-13508. Remote exploitation of the attack is possible. Furthermore, an exploit is available. The pull request to fix this issue awaits acceptance.

Submit #838838 / VDB-374517

A vulnerability classified as problematic was found in volcengine OpenViking up to 0.3.21. This affects the function str_to_uint64 of the file openviking/storage/vectordb/utils/str_to_uint64.py of the component Local VectorDB Primary-key Label Handler. The manipulation of the argument ID results in insufficient verification of data authenticity. This vulnerability is cataloged as CVE-2026-13507. The attack may be launched remotely. There is no exploit available. The pull request to fix this issue awaits acceptance.

Submit #838812 / VDB-374516

A vulnerability classified as critical has been found in zephyrproject zephyr up to 4.4.x. The impacted element is the function getaddrinfo of the file subsys/net/lib/sockets/getaddrinfo.c. The manipulation of the argument ai_arr[] leads to use after free. This vulnerability is listed as CVE-2026-10646. The attack may be initiated remotely. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability described as problematic has been identified in zephyrproject zephyr up to 4.4.x. The affected element is the function unicast_client_ep_qos_state of the file subsys/bluetooth/audio/bap_unicast_client.c. Executing a manipulation can lead to null pointer dereference. This vulnerability is tracked as CVE-2026-10593. The attack is only possible within the local network. No exploit exists. Upgrading the affected component is recommended.

Submit #838791 / VDB-374515

A vulnerability marked as critical has been reported in zephyrproject zephyr up to 4.4.x. Impacted is the function recvmsg of the file subsys/net/lib/sockets/sockets_inet.c of the component Supervisor Mode. Performing a manipulation results in out-of-bounds write. This vulnerability is identified as CVE-2026-10643. The attack is only possible with local access. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability labeled as problematic has been found in Flowise up to 3.1.2 on Windows. This issue affects some unknown processing of the component Environment Variable Handler. Such manipulation leads to improper handling of case sensitivity. This vulnerability is referenced as CVE-2026-58057. It is possible to launch the attack remotely. Furthermore, an exploit is available. The affected component should be upgraded.

A vulnerability identified as critical has been detected in RustDesk. This vulnerability affects unknown code of the component Control Message Handler. This manipulation causes incorrect authorization. The identification of this vulnerability is CVE-2026-58056. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. Applying a patch is the recommended action to fix this issue.

A vulnerability categorized as problematic has been discovered in nghttp2 up to 1.69.0. This affects an unknown part of the component HTTP Request Handler. The manipulation results in http request smuggling. This vulnerability was named CVE-2026-58055. The attack may be performed from remote. In addition, an exploit is available. It is advisable to implement a patch to correct this issue.

A vulnerability was found in 7-Zip up to 26.02 on Windows. It has been rated as problematic. Affected by this issue is some unknown functionality of the component File Content Handler. The manipulation leads to protection mechanism failure. This vulnerability is uniquely identified as CVE-2026-58052. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability was found in libssh2 up to 1.11.1. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component SSH Handler. Executing a manipulation can lead to integer overflow. This vulnerability is handled as CVE-2026-58050. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability was found in Nmap up to 7.99. It has been classified as critical. Affected is an unknown function of the file libnetutil/netutil.cc. Performing a manipulation results in integer underflow. This vulnerability is known as CVE-2026-58058. Remote exploitation of the attack is possible. Furthermore, an exploit is available. Upgrading the affected component is recommended.

A vulnerability was found in MyBB up to 1.8.40 and classified as critical. This impacts the function verify_usergroup of the component User Module. Such manipulation leads to improper privilege management. This vulnerability is traded as CVE-2026-58054. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability has been found in libssh2 up to 1.11.1 and classified as problematic. This affects an unknown function of the component SSH Handler. This manipulation causes uninitialized resource. This vulnerability appears as CVE-2026-58051. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability, which was classified as critical, was found in Gitea act_runner up to 0.262.0. The impacted element is an unknown function of the component Docker Backend. The manipulation results in improper privilege management. This vulnerability is reported as CVE-2026-58053. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability, which was classified as critical, has been found in FFmpeg. The affected element is an unknown function of the file libavcodec/rasc.c of the component Media Handler. The manipulation leads to out-of-bounds write. This vulnerability is documented as CVE-2026-58049. The attack can be initiated remotely. Additionally, an exploit exists. Applying a patch is the recommended action to fix this issue.

A vulnerability classified as problematic was found in nmedia Frontend File Manager Plugin up to 23.6 on WordPress. Impacted is the function sanitize_key of the file wp-config.php of the component AJAX Handler. Executing a manipulation of the argument wpfm_dir_path can lead to file inclusion. This vulnerability is registered as CVE-2026-8095. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is advised.

A vulnerability classified as critical has been found in zephyrproject zephyr up to 4.4.x. This issue affects the function uart_rx_enable of the file drivers/serial/uart_mchp_sercom_g1.c. Performing a manipulation results in out-of-bounds write. This vulnerability is cataloged as CVE-2026-10644. The attack must originate from the local network. There is no exploit available. It is recommended to upgrade the affected component.