NVD CVEs — 本日公開 (26 件)
CVE-2026-12595 8.1 HIGH
The LoginPress Pro plugin for WordPress is vulnerable to Authentication Bypass via Unverified OAuth Email in all versions up to and including 6.2.3. The vulnerability exists in the loginpress_on_discord_login() Discord OAuth callback handler, which accepts the email field returned by Discord's /user
CVE-2026-12597 8.1 HIGH
The LoginPress Pro plugin for WordPress is vulnerable to Authentication Bypass via the GitHub OAuth callback in versions up to, and including, 6.2.3. The vulnerability exists in the loginpress_on_github_login() function, which blindly trusts the first element (profile[0]['email']) of the array retur
CVE-2026-12598 8.1 HIGH
The LoginPress Pro plugin for WordPress is vulnerable to authentication bypass in versions up to and including 6.2.3 via the Spotify Social Login addon. This is due to the loginpress_on_spotify_login() function trusting the unverified 'email' field returned by Spotify's /v1/me endpoint and using it
CVE-2026-15311 3.5 LOW
A vulnerability was identified in NousResearch hermes-agent up to 2026.5.29.2. Affected by this issue is the function MatrixAdapter._markdown_to_html of the file gateway/platforms/matrix.py of the component Matrix Adapter. Such manipulation leads to cross site scripting. The attack can be executed r
CVE-2026-15317 6.3 MEDIUM
A security flaw has been discovered in Sipeed PicoClaw up to 0.2.9. Affected by this vulnerability is the function WebFetchTool.Execute of the file pkg/tools/integration/web.go of the component Guarded Web Fetch Flow. The manipulation results in server-side request forgery. The attack can be execute
CVE-2026-50180
Langroid is a framework for building large-language-model-powered applications. Prior to version 0.64.0, `SQLChatAgent` in `langroid` ships a `_validate_query` defense-in-depth layer whose `_DANGEROUS_SQL_PATTERNS` regex blocklist enumerates dangerous SQL primitives by specific function name. The li
CVE-2026-50181 7.1 HIGH
Langroid is a framework for building large-language-model-powered applications. Prior to version 0.64.0, Langroid's `ReadFileTool` and `WriteFileTool` appear to treat `curr_dir` as the intended working-directory boundary for file operations. However, the tools only change the process working directo
CVE-2026-54760
Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.1, the `SQLChatAgent` SQL-injection mitigation, with default `allow_dangerous_operations=False`, combines a raw-text regex blocklist (`_DANGEROUS_SQL_PATTERNS`) with a `sqlglot` SELECT-only statemen
CVE-2026-54769 10.0 CRITICAL
Langroid is a framework for building large-language-model-powered applications. Versions prior to 0.65.2 are vulnerable to a critical Sandbox Escape leading to Remote Code Execution (RCE) in its `TableChatAgent` and `VectorStore` capabilities. When these agents evaluate LLM-generated tool messages w
CVE-2026-54771 8.1 HIGH
Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.3, a Langroid application exposing a chat interface to untrusted users may allow direct tool invocation via raw JSON payloads, even when tools are registered with `use=False, handle=True`. Version 0
GitHub Security Advisories — 本日公開 (20 件)
GHSA-9c82-3f2r-v942
LOW
A vulnerability was detected in Sipeed PicoClaw up to 0.2.9. This vulnerability affects the...
GHSA-8f88-w9gq-227v
LOW
A weakness has been identified in Sipeed PicoClaw up to 0.2.9. Affected by this issue is some...
GHSA-f9rq-5867-x4mq
MEDIUM
A security vulnerability has been detected in Sipeed PicoClaw up to 0.2.9. This affects the...
GHSA-jfqv-gfxr-5hm7
LOW
A security flaw has been discovered in Sipeed PicoClaw up to 0.2.9. Affected by this...
GHSA-93m6-38r7-vqmh
LOW
A vulnerability was identified in NousResearch hermes-agent up to 2026.5.29.2. Affected by this...
GHSA-cvjp-944x-5rjq
HIGH
The LoginPress Pro plugin for WordPress is vulnerable to authentication bypass in versions up to...
GHSA-7h9c-8pxh-fg6v
MEDIUM
Cotonti Siena 0.9.26 and earlier contains a stored cross-site scripting vulnerability that allows...
GHSA-g678-2jj9-7fmj
HIGH
The LoginPress Pro plugin for WordPress is vulnerable to Authentication Bypass via the GitHub...
GHSA-m2h5-jwrw-x8mr
HIGH
The LoginPress Pro plugin for WordPress is vulnerable to Authentication Bypass via Unverified...
GHSA-ph29-g65g-m574
CRITICAL
Hermes WebUI before 0.51.788 contains an unauthenticated remote code execution vulnerability that...