CVEReports
CVEReports

Automated vulnerability intelligence platform. Comprehensive reports for high-severity CVEs generated by AI.

Product

  • Home
  • Sitemap
  • RSS Feed

Company

  • About
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CVEReports. All rights reserved.

Made with love by Amit Schendel & Alon Barad

CVEReports
•about 1 hour ago•GHSA-RJWR-M7QX-3FJR
8.6

GHSA-RJWR-M7QX-3FJR: Code Generation Injection in oapi-codegen

An arbitrary code generation injection vulnerability in the oapi-codegen OpenAPI toolchain allows remote attackers to inject executable Go statements into compiled outputs via manipulated specifications.

Alon Barad
Alon Barad
2 views•7 min read
•about 2 hours ago•CVE-2026-55646
6.5

CVE-2026-55646: Remote Denial of Service via Memory Exhaustion in vLLM Speech-to-Text Endpoints

A severe denial-of-service (DoS) vulnerability exists in the speech-to-text API endpoints of the vLLM serving engine from version 0.22.0 to 0.23.0. The flaw is triggered by the direct deserialization and reading of uploaded files into RAM prior to validating file-size limits. An authenticated attacker can exploit this behavior by submitting large file payloads, causing resource starvation and forcing the operating system kernel to terminate the serving process.

Alon Barad
Alon Barad
2 views•5 min read
•about 3 hours ago•CVE-2026-34760
5.9

CVE-2026-34760: Adversarial Prompt Injection via Unweighted Audio Downmixing in vLLM

An improper input validation vulnerability (CWE-20) exists in vLLM versions 0.5.5 through 0.17.2 when processing multi-channel audio tracks. By relying on librosa's flat arithmetic mean instead of physical downmixing standards, vLLM blends sub-audible low-frequency or surround channels with equal weight. This enables an attacker to inject adversarial prompt sequences that bypass human moderation but are parsed clearly by speech-to-text models.

Amit Schendel
Amit Schendel
3 views•8 min read
•about 8 hours ago•GHSA-GGXF-9F6J-W742
5.3

GHSA-GGXF-9F6J-W742: Use-After-Free in Diesel SQLite Deserialization

A memory unsoundness vulnerability exists in the Diesel ORM crate when deserializing SQLite databases from raw bytes. The flaw is caused by a failure to bind the lifetime of the input buffer to the lifetime of the connection object, resulting in a Use-After-Free condition in the underlying libsqlite3 C library when subsequent queries are executed.

Alon Barad
Alon Barad
4 views•6 min read
•about 9 hours ago•CVE-2026-52870
7.6

CVE-2026-52870: Broken Object-Level Authorization (BOLA) in Model Context Protocol (MCP) Python SDK

CVE-2026-52870 is a high-severity Broken Object-Level Authorization (BOLA) / Missing Authorization vulnerability (CWE-862) discovered in the experimental tasks feature of the Model Context Protocol (MCP) Python SDK. Under affected versions (< 1.27.2), default handlers registered via server.experimental.enable_tasks() allowed connected clients to enumerate, access, and terminate active tasks belonging to other user sessions due to a lack of session ownership validation. This compromised multi-tenant isolation, allowing authenticated users to extract execution data and cancel running jobs across concurrent connections. The vulnerability has been resolved in version 1.27.2 through session-scoping of task identifiers and transport session pinning.

Amit Schendel
Amit Schendel
4 views•6 min read
•about 10 hours ago•GHSA-48QW-824M-86PR
7.7

GHSA-48QW-824M-86PR: Privilege Escalation and Sandbox Escape in ArcadeDB Server

A high-severity privilege escalation and sandbox escape vulnerability exists in ArcadeDB Server prior to version 26.7.1. This flaw permits an authenticated user with read-only privileges to execute arbitrary JVM code in a sandboxed JavaScript context via the API command endpoint. By utilizing reflection on bound Java objects, an attacker can bypass the GraalVM guest environment's whitelist, access the Java ClassLoader, and perform arbitrary file reads on the host filesystem.

Alon Barad
Alon Barad
6 views•6 min read
•about 16 hours ago•CVE-2026-59950
7.6

CVE-2026-59950: Cross-Site WebSocket Hijacking in Model Context Protocol Python SDK

CVE-2026-59950 is a high-severity security vulnerability in the Model Context Protocol (MCP) Python SDK. Prior to version 1.28.1, the SDK's deprecated WebSocket server transport accepted incoming connection handshakes without performing validation on the Host or Origin headers. Because web browsers do not restrict WebSocket connections using the Same-Origin Policy (SOP), this enables malicious third-party websites to perform a Cross-Site WebSocket Hijacking (CSWSH) attack, executing unauthorized commands on behalf of the local user.

Alon Barad
Alon Barad
8 views•6 min read
•about 16 hours ago•CVE-2026-56271
9.8

CVE-2026-56271: Authentication Bypass via Hardcoded JWT Secrets in Flowise Enterprise Passport Middleware

CVE-2026-56271 represents a critical security flaw in Flowise, an open-source visual orchestration platform for Large Language Models (LLMs) and autonomous AI agents. The vulnerability occurs within the platform's enterprise passport authentication module, where default cryptographic parameters are used in the absence of explicit environment variables. Specifically, the middleware silently falls back to known, static hardcoded secrets ('auth_token' and 'refresh_token') and identifiers ('AUDIENCE' and 'ISSUER') to generate and verify session tokens. Consequently, remote unauthenticated attackers can construct arbitrary JSON Web Tokens (JWTs) signed with these hardcoded credentials to gain administrative entry to the application.

Alon Barad
Alon Barad
6 views•6 min read
•about 17 hours ago•GHSA-X9F9-R4M8-9XC2
8.4

GHSA-x9f9-r4m8-9xc2: Remote Code Execution via GraalVM Polyglot Sandbox Bypass in ArcadeDB Trigger Scripts

ArcadeDB is an open-source, multi-model database engine supporting graph, document, key-value, and vector models. In affected versions of ArcadeDB, the trigger script executor improperly configures GraalVM scripting engine permissions. By allowing the 'java.lang.*' package to be loaded within the scripting context, the sandbox environment can be bypassed. An authenticated user with schema administration privileges ('UPDATE_SCHEMA') can register a malicious script trigger that executes arbitrary Java host classes, leading to unauthenticated remote command execution under the context of the ArcadeDB server process.

Alon Barad
Alon Barad
6 views•6 min read
•about 17 hours ago•CVE-2026-20744
9.8

CVE-2026-20744: Improper Access Control in Le Circuit Électrique Charging Station Backend

A critical improper access control vulnerability (CWE-284) in the WebSocket upgrade endpoint of Le Circuit Électrique charging station backend allows remote, unauthenticated attackers to connect to the Charging Station Management System and impersonate charging stations.

Alon Barad
Alon Barad
5 views•8 min read
•about 17 hours ago•CVE-2026-55040
9.1

CVE-2026-55040: Microsoft SharePoint Server Security Feature Bypass Vulnerability

CVE-2026-55040 is a critical security feature bypass vulnerability in Microsoft SharePoint Server arising from a weak authentication mechanism (CWE-1390). An unauthenticated remote attacker can exploit this security flaw over a network to bypass authentication validation routines, gaining unauthorized access to the application and complete control over sensitive enterprise data assets without any user interaction.

Amit Schendel
Amit Schendel
18 views•5 min read
•about 20 hours ago•GHSA-VWJC-V7X7-CM6G
8.8

GHSA-VWJC-V7X7-CM6G: Authorization Bypass via SQL-Defined User Functions in ArcadeDB

A critical authorization bypass vulnerability in ArcadeDB allows authenticated, low-privilege users to define and execute arbitrary JavaScript code via standard SQL statements. By circumventing the security checks introduced in GHSA-48qw-824m-86pr, an attacker can leverage the un-sandboxed GraalVM script engine to perform Server-Side Request Forgery (SSRF) and trigger denial-of-service conditions on the host system.

Amit Schendel
Amit Schendel
6 views•6 min read
SeverityExploitPeriodCatalog
Sort

Or generate a custom report

Search for a CVE ID (e.g. CVE-2024-1234) to generate an AI-powered vulnerability analysis

Automated vulnerability intelligence. 2,109+ reports.