Skip to content

Menu
  • Home
Menu

CVE-2026-44383 – Hydro-Québec Le Circuit Electrique charging station backend Insufficient Session Expiration

Posted on July 11, 2026

CVE ID :CVE-2026-44383 Published : July 10, 2026, 11:16 p.m. | 1 hour, 16 minutes ago Description :Multiple connections to the backend using the same charging station ID are allowed, which could allow an…

CVE-2026-42952 – Hydro-Québec Le Circuit Electrique charging station backend Improper Restriction of Excessive Authentication Attempts

Posted on July 11, 2026

CVE ID :CVE-2026-42952 Published : July 10, 2026, 11:16 p.m. | 1 hour, 16 minutes ago Description :Previously, there was no throttling on repeated authentication attempts to the charging station backend, which could allow…

CVE-2026-20744 – Hydro-Québec Le Circuit Electrique charging station backend Improper Access Control

Posted on July 11, 2026

CVE ID :CVE-2026-20744 Published : July 10, 2026, 11:16 p.m. | 1 hour, 16 minutes ago Description :The charging station websocket endpoint accepts connections without proper authentication, which could lead to privilege escalation. Severity:…

CVE-2026-14480 – OpenPLC v3 External Control of File Name or Path

Posted on July 11, 2026

CVE ID :CVE-2026-14480 Published : July 10, 2026, 11:16 p.m. | 1 hour, 16 minutes ago Description :OpenPLC Runtime v3 contains an authenticated arbitrary file write vulnerability in the legacy web UI program‑upload workflow….

CVE-2026-57584 – Phalcon: Catastrophic backtracking (ReDoS) in the default Phalcon Router route lead to remote unauthenticated DoS

Posted on July 11, 2026

CVE ID :CVE-2026-57584 Published : July 10, 2026, 10:16 p.m. | 2 hours, 16 minutes ago Description :Phalcon is a high-performance, full-stack PHP framework. Prior to 5.15.0, every Phalcon MVC application built with a…

CVE-2026-55615 – Langroid: Neo4jChatAgent executes LLM-generated Cypher without validation (prompt-to-Cypher injection; config-conditional RCE), mirroring the SQLChatAgent bug fixed in CVE-2026-25879

Posted on July 10, 2026

CVE ID :CVE-2026-55615 Published : July 10, 2026, 12:16 a.m. | 16 minutes ago Description :Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.5, Neo4jChatAgent passes LLM-generated Cypher queries straight…

CVE-2026-54771 – Langroid: handle_message() executes user-supplied tool JSON without sender verification

Posted on July 10, 2026

CVE ID :CVE-2026-54771 Published : July 10, 2026, 12:16 a.m. | 16 minutes ago Description :Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.3, a Langroid application exposing a chat…

CVE-2026-54769 – Langroid: Sandbox Escape to Remote Code Execution via Incomplete `eval()` Mitigation in TableChatAgent

Posted on July 10, 2026

CVE ID :CVE-2026-54769 Published : July 10, 2026, 12:16 a.m. | 16 minutes ago Description :Langroid is a framework for building large-language-model-powered applications. Versions prior to 0.65.2 are vulnerable to a critical Sandbox…

CVE-2026-54760 – Langroid: SQLChatAgent dangerous-function blocklist can be bypassed with quoted or schema-qualified pg_read_file calls

Posted on July 10, 2026

CVE ID :CVE-2026-54760 Published : July 10, 2026, 12:16 a.m. | 16 minutes ago Description :Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.1, the `SQLChatAgent` SQL-injection mitigation, with default…

CVE-2026-50180 – Langroid: SQLChatAgent _validate_query blocklist misses pg_read_file family enabling arbitrary file read

Posted on July 10, 2026

CVE ID :CVE-2026-50180 Published : July 10, 2026, 12:16 a.m. | 16 minutes ago Description :Langroid is a framework for building large-language-model-powered applications. Prior to version 0.64.0, `SQLChatAgent` in `langroid` ships a `_validate_query`…

Posts pagination

1 2 … 109 Next

Site map

  • About Us
  • Privacy Policy
  • Terms & Conditions of Use
©2026 | Design: Newspaperly WordPress Theme