Browse All

OpenTelemetry Go's `ParseFile` function has a file descriptor leak (a reference to an open file that is never closed), where each call to parse a schema file leaves the file open in memory. In a long-running application that repeatedly parses schema files, these open files can accumulate until the process runs out of available file descriptors and crashes, causing a denial of service (unavailability).

Pterodactyl's Client API has a race condition (a security flaw where multiple requests happening simultaneously interfere with each other) that allows users to create more databases than their assigned limit. The vulnerability exists because the database locking mechanism in the code calls a Laravel function that doesn't actually lock anything, since it's missing a required terminal method like count() or get().

Claude HUD versions up to 0.0.12 contain a path traversal vulnerability (a flaw where attackers can access files outside intended directories by manipulating file paths) that lets attackers read any file the program can access by sending a malicious transcript_path value. Additionally, the vulnerability creates a cache file with weak permissions that records which files were accessed, leaving evidence even after the program stops running.

OpenTelemetry eBPF Instrumentation (OBI) has a vulnerability where its Java TLS monitoring code uses the wrong function to read memory pointers from user processes. A local process can trick it into reading kernel memory (memory that should be protected) instead of user memory, and that kernel data gets leaked into telemetry (monitoring data). This affects systems with Java TLS support enabled.

Three Mistral AI npm packages (@mistralai/mistralai, @mistralai/mistralai-azure, @mistralai/mistralai-gcp) were compromised in a supply chain attack (where malicious code is inserted into legitimate software dependencies) between May 11-12. However, the malicious code, called a dropper (a program designed to download and execute harmful payloads), was broken and failed to run because it referenced the wrong filename. The affected versions have been removed from npm.

In Strapi versions before 5.33.3, resetting a user's password did not automatically cancel existing refresh tokens (credentials that allow generating new access tokens without re-logging in), so an attacker with a stolen refresh token could continue accessing the account even after the legitimate user changed their password. This vulnerability affected the admin and users-permissions components and had a CVSS score (a 0-10 rating of how severe a vulnerability is) of 2.1, indicating low severity.

The `discover_pipeline_files()` function in ciguard (a tool used by AI agents to scan code repositories) followed symlinks (shortcuts that point to other directories) without proper restrictions, allowing an attacker to trick it into reading sensitive files outside the intended scan directory. An AI agent scanning a malicious folder with planted symlinks could accidentally expose secrets from system directories like ~/.aws/ or /etc/.

A vulnerability was found in Langchain-Chatchat (a chatbot framework) up to version 0.3.1.3 in the file upload handler component. The vulnerability involves insufficiently random values (meaning the system doesn't generate unpredictable numbers properly), which could be exploited by someone on the same local network, though the attack is difficult to carry out.

A vulnerability (CVE-2026-7846) exists in Langchain-Chatchat versions up to 0.3.1.3 in the OpenAI-Compatible File Upload API. The flaw involves a time-of-check time-of-use bug (a race condition where a file is checked for safety, then modified before it's actually used), triggered by manipulating the file.filename argument, though it requires local network access and is difficult to exploit.

A vulnerability (CVE-2026-7845) was discovered in Langchain-Chatchat version 0.3.1.3 and earlier, affecting a function that handles pasting images in the chat interface. An attacker on the same local network could exploit this flaw by manipulating image data to cause weak cryptographic hashing (weak hash, a security measure that's easy to break), though the attack is difficult to execute and requires significant technical skill.

A nil pointer dereference (accessing data at a null memory address) in Argo Workflows v4.0.4 causes the server to crash with an HTTP 500 error for SSO (single sign-on) users when RBAC delegation (role-based access control rules delegated to namespaces) is enabled. This happens specifically when a user's SSO claims match a namespace-level RBAC rule but not an SSO-namespace rule, causing a permanent denial of service (inability to use the system) for affected users.

LangChain (a framework for building AI agents and applications powered by large language models) versions before 1.1.14 had a TOCTOU vulnerability (time-of-check-time-of-use, where a security check and an action happen at different times with a gap in between) in its image token counting feature. An attacker could trick the system by making a hostname first resolve to a safe public IP address during a security check, then resolve to a private or localhost IP address during the actual network request, bypassing security protections.

LlamaIndex v0.14.21 is a maintenance release that fixes several bugs in the core library, including a KeyError (an error when looking up a value in a data structure that doesn't exist) in the DocumentSummaryIndex deletion function, handling of output formatting errors, and UTF-8 encoding issues in file operations. The release also updates dependencies across many embedding and indexing modules to keep the library's supporting code current.

A security flaw called CVE-2026-6600 was found in Langflow (an AI tool) up to version 1.8.3 that allows cross-site scripting (XSS, where attackers inject malicious code into web pages to trick users). The vulnerability is in a React component (a reusable piece of code in the user interface) that handles message editing, and it can be exploited remotely by someone with login access.

A vulnerability (CVE-2026-6597) was found in langflow-ai langflow version 1.8.3 and earlier, where a function called remove_api_keys/has_api_terms fails to properly protect stored credentials (API keys and authentication information), allowing attackers to access them remotely. The vendor was notified but did not respond, and the exploit details have been publicly released.

A vulnerability in `langchain-openai` (a library for connecting to OpenAI's API) allowed attackers to bypass SSRF protection (server-side request forgery, where an attacker tricks a server into making requests it shouldn't) through DNS rebinding (changing what a domain name points to between two lookups). The flaw was in the image token counting feature, which validated URLs in one step and then fetched them in another, giving attackers a window to redirect requests to private networks. The actual risk is limited because stolen data cannot be extracted, though attackers could probe whether internal services exist.

The RegexMatching check in giskard-checks has a ReDoS vulnerability (regular expression denial of service, where a specially crafted regex pattern causes the regex engine to hang by backtracking excessively through text). An attacker with write access to check definitions can craft malicious regex patterns that make the testing process hang indefinitely, disrupting automated testing environments like CI/CD pipelines (continuous integration/continuous deployment automation).

OpenClaw, a local AI assistant tool, had a security flaw where Git environment variables (special settings that control how Git works) were not being removed before running system commands, potentially allowing attackers to redirect Git operations to malicious locations. This vulnerability affected OpenClaw versions up to 2026.3.30.