•about 12 hours ago•CVE-2026-25611
7.5CVE-2026-25611: Pre-Authentication Denial of Service via Asymmetric Memory Exhaustion in MongoDB Server
MongoDB Server versions prior to 8.2.4, 8.0.18, and 7.0.29 are vulnerable to a pre-authentication Denial of Service (DoS) attack. By sending crafted OP_COMPRESSED wire protocol messages with disproportionately large uncompressed size declarations, an unauthenticated remote attacker can force the server to allocate excessive memory, leading to resource exhaustion and process termination.
19 views•6 min read
•about 14 hours ago•CVE-2026-30852
5.5CVE-2026-30852: Double-Expansion Information Disclosure in Caddy vars_regexp
CVE-2026-30852 is a moderate-severity information disclosure vulnerability in the Caddy web server. The flaw originates in the `vars_regexp` matcher within the `caddyhttp` module, where improper neutralization of special elements leads to a double-expansion of placeholders. Attackers can exploit this behavior by crafting specific HTTP request headers that, when evaluated by the vulnerable matcher, expose sensitive environment variables, local file contents, and system information.
7 views•7 min read
•about 15 hours ago•CVE-2026-30855
8.8CVE-2026-30855: Broken Object Level Authorization in Tencent WeKnora
Tencent WeKnora versions prior to 0.3.2 contain a critical Broken Object Level Authorization (BOLA) vulnerability. The API fails to validate user session context against requested tenant identifiers, allowing authenticated attackers to view, modify, or delete any tenant workspace and extract sensitive LLM API keys.
10 views•6 min read
•about 15 hours ago•CVE-2026-30856
5.9CVE-2026-30856: Tool Execution Hijacking and Indirect Prompt Injection in Tencent WeKnora
The Tencent WeKnora framework prior to version 0.3.0 contains a vulnerability in the Model Context Protocol (MCP) client implementation. A flaw in tool identifier generation and registry management permits an attacker-controlled MCP server to overwrite legitimate tools via a naming collision. This enables the execution of indirect prompt injection attacks against the underlying large language model (LLM), facilitating unauthorized data exfiltration.
8 views•6 min read
•about 16 hours ago•CVE-2026-30857
5.3CVE-2026-30857: Unauthorized Cross-Tenant Knowledge Base Cloning in WeKnora
WeKnora versions prior to 0.3.0 suffer from a Broken Object Level Authorization (BOLA) vulnerability in the knowledge base duplication endpoint. The vulnerability allows authenticated users to exfiltrate arbitrary knowledge bases across tenant boundaries by exploiting an insecure direct object reference during asynchronous cloning tasks.
6 views•7 min read
•about 16 hours ago•CVE-2026-30858
7.5CVE-2026-30858: Server-Side Request Forgery via DNS Rebinding in Tencent WeKnora
Tencent WeKnora versions prior to 0.3.0 contain a critical Server-Side Request Forgery (SSRF) vulnerability due to incomplete DNS pinning in the `web_fetch` tool. This flaw allows an unauthenticated attacker to bypass URL validation via DNS rebinding and access restricted internal network resources.
7 views•6 min read
•about 17 hours ago•CVE-2026-30859
7.5CVE-2026-30859: Cross-Tenant Data Exfiltration via Broken Access Control in Tencent WeKnora
Tencent WeKnora versions prior to 0.2.12 contain a critical broken access control vulnerability in the SQL validation middleware. A configuration mismatch permits authenticated tenants to bypass row-level security and query protected tables. This flaw enables cross-tenant exfiltration of third-party LLM API keys, private messages, and proprietary model configurations.
6 views•5 min read
•about 17 hours ago•CVE-2026-30860
9.9CVE-2026-30860: Remote Code Execution via SQL Injection Bypass in Tencent WeKnora
CVE-2026-30860 is a critical remote code execution vulnerability in Tencent WeKnora prior to version 0.2.12. The flaw exists in the AI-driven database query tool, where incomplete Abstract Syntax Tree (AST) validation allows attackers to bypass SQL injection protections. By encapsulating malicious PostgreSQL functions within unhandled Array or Row expressions, an attacker can achieve arbitrary file read, file write, and execute arbitrary code on the underlying database server.
9 views•6 min read
•about 18 hours ago•CVE-2026-30861
10.0CVE-2026-30861: Remote Code Execution via Incomplete Command Blacklist in Tencent WeKnora
Tencent WeKnora versions 0.2.5 through 0.2.9 contain a critical vulnerability in the Model Context Protocol (MCP) configuration logic. The application implements an incomplete argument blacklist for the `stdio` transport type, allowing attackers to bypass validation using Node.js execution flags. Since WeKnora permits unrestricted user registration by default, remote attackers can register an account, configure a malicious MCP service, and achieve arbitrary code execution with the privileges of the application process.
13 views•6 min read
•about 18 hours ago•GHSA-5Q8V-J673-M5V4
5.7GHSA-5Q8V-J673-M5V4: Insecure Direct Object Reference and Authorization Bypass in Firefly III API
Firefly III versions 6.4.23 through 6.5.0 contain an Insecure Direct Object Reference (IDOR) vulnerability within the user management API endpoints. The application fails to validate role-based access controls on specific API routes, allowing any authenticated user to enumerate and read the sensitive details of all registered accounts on the system.
3 views•7 min read
•about 19 hours ago•GHSA-G9RG-8VQ5-MPWM
8.1GHSA-G9RG-8VQ5-MPWM: Cross-Origin Memory Theft and Information Disclosure in mcp-memory-service
The mcp-memory-service package prior to version 10.25.1 contains a high-severity vulnerability chaining a permissive Cross-Origin Resource Sharing (CORS) policy with an information disclosure flaw. This combination allows malicious websites to extract sensitive AI context, including soft-deleted memory items, from developers running the service locally.
6 views•7 min read
•about 21 hours ago•GHSA-2H2P-MVFX-868W
9.3GHSA-2H2P-MVFX-868W: Critical Path Traversal and Authentication Bypass in SiYuan
A critical path traversal vulnerability exists in the `/export` endpoint of the SiYuan kernel (versions prior to 3.5.10). By utilizing double URL-encoded traversal sequences, unauthenticated attackers can bypass path sanitization mechanisms to read arbitrary files from the host filesystem. This flaw is compounded by a permissive Cross-Origin Resource Sharing (CORS) policy and an insecure localhost privilege escalation mechanism, allowing malicious websites to exfiltrate sensitive configuration data—such as API tokens and authentication codes—from a victim's local instance via drive-by attacks.
5 views•5 min read