24h | 7d | 30d

CVE-2026-23967

Overview

  • JuneAndGreen
  • sm-crypto
22 Jan 2026
Published
22 Jan 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
Pending
KEV

Description

sm-crypto provides JavaScript implementations of the Chinese cryptographic algorithms SM2, SM3, and SM4. A signature malleability vulnerability exists in the SM2 signature verification logic of the sm-crypto library prior to version 0.3.14. An attacker can derive a new valid signature for a previously signed message from an existing signature. Version 0.3.14 patches the issue.

Statistics

  • 2 Posts
Last activity: 5 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

๐ŸŸ  CVE-2026-23967 - High (7.5)

sm-crypto provides JavaScript implementations of the Chinese cryptographic algorithms SM2, SM3, and SM4. A signature malleability vulnerability exists in the SM2 signature verification logic of the sm-crypto library prior to version 0.3.14. An att...

๐Ÿ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 1
  • 5h ago

CVE-2025-63648

Overview

  • Pending
20 Jan 2026
Published
21 Jan 2026
Updated
CVSS
Pending
EPSS
0.02%
KEV

Description

A NULL pointer dereference in the dacp_reply_playqueueedit_move function (src/httpd_dacp.c) of owntone-server commit b7e385f allows attackers to cause a Denial of Service (DoS) via sending a crafted DACP request to the server.

Statistics

  • 1 Post
Last activity: 17 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

๐ŸŸ  CVE-2025-63648 - High (7.5)

A NULL pointer dereference in the dacp_reply_playqueueedit_move function (src/httpd_dacp.c) of owntone-server commit b7e385f allows attackers to cause a Denial of Service (DoS) via sending a crafted DACP request to the server.

๐Ÿ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 17h ago

CVE-2026-23957

Overview

  • lxsmnsyc
  • seroval
22 Jan 2026
Published
22 Jan 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
Pending
KEV

Description

seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0 and below, overriding encoded array lengths by replacing them with an excessively large value causes the deserialization process to significantly increase processing time. This issue has been fixed in version 1.4.1.

Statistics

  • 1 Post
Last activity: 6 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

๐ŸŸ  CVE-2026-23957 - High (7.5)

seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0
and below, overriding encoded array lengths by replacing them with an excessively large value causes the deserializati...

๐Ÿ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 6h ago

CVE-2026-22793

Overview

  • nanbingxyz
  • 5ire
21 Jan 2026
Published
21 Jan 2026
Updated
CVSS v3.1
CRITICAL (9.7)
EPSS
Pending
KEV

Description

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe option parsing vulnerability in the ECharts Markdown plugin allows any user able to submit ECharts code blocks to execute arbitrary JavaScript code in the renderer context. This can lead to Remote Code Execution (RCE) in environments where privileged APIs (such as Electronโ€™s electron.mcp) are exposed, resulting in full compromise of the host system. Version 0.15.3 patches the issue.

Statistics

  • 1 Post
Last activity: 11 hours ago

Fediverse

Profile picture
TheHackerWire @thehackerwire

๐Ÿ”ด CVE-2026-22793 - Critical (9.6)

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe option parsing vulnerability in the ECharts Markdown plugin allows any user able to submit ECharts code blocks...

๐Ÿ”— thehackerwire.com/vulnerabilit

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

  • 0
  • 0
  • 0
  • 11h ago

CVE-2026-22219

Overview

  • Chainlit
  • Chainlit
19 Jan 2026
Published
20 Jan 2026
Updated
CVSS v4.0
HIGH (8.3)
EPSS
0.04%
KEV

Description

Chainlit versions prior to 2.9.4 contain a server-side request forgery (SSRF) vulnerability in the /project/element update flow when configured with the SQLAlchemy data layer backend. An authenticated client can provide a user-controlled url value in an Element, which is fetched by the SQLAlchemy element creation logic using an outbound HTTP GET request. This allows an attacker to make arbitrary HTTP requests from the Chainlit server to internal network services or cloud metadata endpoints and store the retrieved responses via the configured storage provider.

Statistics

  • 1 Post
Last activity: 20 hours ago

Fediverse

Profile picture
ekiledjian @edwardk

Chainlit vulnerabilities expose sensitive information
securityweek.com/chainlit-vuln
Two high-severity security flaws (CVE-2026-22218 and CVE-2026-22219) were identified in the open-source Chainlit framework, which is used to build conversational AI applications. These vulnerabilities can allow attackers to read arbitrary files or make requests to internal services, posing significant risk to enterprise deployments.

  • 0
  • 0
  • 0
  • 20h ago

CVE-2026-22218

Overview

  • Chainlit
  • Chainlit
19 Jan 2026
Published
21 Jan 2026
Updated
CVSS v4.0
HIGH (7.1)
EPSS
0.02%
KEV

Description

Chainlit versions prior to 2.9.4 contain an arbitrary file read vulnerability in the /project/element update flow. An authenticated client can send a custom Element with a user-controlled path value, causing the server to copy the referenced file into the attackerโ€™s session. The resulting element identifier (chainlitKey) can then be used to retrieve the file contents via /project/file/<chainlitKey>, allowing disclosure of any file readable by the Chainlit service.

Statistics

  • 1 Post
Last activity: 20 hours ago

Fediverse

Profile picture
ekiledjian @edwardk

Chainlit vulnerabilities expose sensitive information
securityweek.com/chainlit-vuln
Two high-severity security flaws (CVE-2026-22218 and CVE-2026-22219) were identified in the open-source Chainlit framework, which is used to build conversational AI applications. These vulnerabilities can allow attackers to read arbitrary files or make requests to internal services, posing significant risk to enterprise deployments.

  • 0
  • 0
  • 0
  • 20h ago
Showing 51 to 56 of 56 CVEs