CVE ID :CVE-2026-55615 Published : July 10, 2026, 12:16 a.m. | 16 minutes ago Description :Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.5, Neo4jChatAgent passes LLM-generated Cypher queries straight…
CVE-2026-54771 – Langroid: handle_message() executes user-supplied tool JSON without sender verification
CVE ID :CVE-2026-54771 Published : July 10, 2026, 12:16 a.m. | 16 minutes ago Description :Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.3, a Langroid application exposing a chat…
CVE-2026-54769 – Langroid: Sandbox Escape to Remote Code Execution via Incomplete `eval()` Mitigation in TableChatAgent
CVE ID :CVE-2026-54769 Published : July 10, 2026, 12:16 a.m. | 16 minutes ago Description :Langroid is a framework for building large-language-model-powered applications. Versions prior to 0.65.2 are vulnerable to a critical Sandbox…
CVE-2026-54760 – Langroid: SQLChatAgent dangerous-function blocklist can be bypassed with quoted or schema-qualified pg_read_file calls
CVE ID :CVE-2026-54760 Published : July 10, 2026, 12:16 a.m. | 16 minutes ago Description :Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.1, the `SQLChatAgent` SQL-injection mitigation, with default…
CVE-2026-50180 – Langroid: SQLChatAgent _validate_query blocklist misses pg_read_file family enabling arbitrary file read
CVE ID :CVE-2026-50180 Published : July 10, 2026, 12:16 a.m. | 16 minutes ago Description :Langroid is a framework for building large-language-model-powered applications. Prior to version 0.64.0, `SQLChatAgent` in `langroid` ships a `_validate_query`…
CVE-2026-47646 – Dynamics 365 Customer Voice Spoofing Vulnerability
CVE ID :CVE-2026-47646 Published : July 9, 2026, 12:17 a.m. | 1 hour, 42 minutes ago Description :Improper neutralization of input during web page generation (‘cross-site scripting’) in Dynamics 365 Customer Voice allows an…
CVE-2026-59723 – Cline: Cross-Origin WebSocket Hijacking in Cline Hub Dashboard (`/browser` endpoint)
CVE ID :CVE-2026-59723 Published : July 8, 2026, 11:16 p.m. | 2 hours, 42 minutes ago Description :Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. Prior to 3.0.30,…
CVE-2026-54782 – CoreWCF: Authentication bypass in CoreWCF SAML 1.1 / 2.0 token signature validation
CVE ID :CVE-2026-54782 Published : July 8, 2026, 11:16 p.m. | 2 hours, 42 minutes ago Description :CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Prior…
CVE-2026-55849 – @cyclonedx/cyclonedx-npm: Shell Injection via Unsanitized `–workspace` Argument
CVE ID :CVE-2026-55849 Published : July 8, 2026, 10:17 p.m. | 57 minutes ago Description :@cyclonedx/cyclonedx-npm creates CycloneDX Software Bill of Materials from npm projects. From 2.1.0 before 5.0.0, the CLI passes user-supplied…
CVE-2026-55830 – RestrictedPython guard hooks can be shadowed via positional-only arguments
CVE ID :CVE-2026-55830 Published : July 8, 2026, 10:17 p.m. | 57 minutes ago Description :RestrictedPython is a tool that helps to define a subset of the Python language which allows to provide…