5.3
CVE-2026-6111 - FoundationAgents MetaGPT common.py decode_image server-side request forgery
A security flaw has been discovered in FoundationAgents MetaGPT up to 0.8.1. This impacts the function decode_image of the file metagpt/utils/common.py. The manipulation of the argument img_url_or_b64 results in server-side request forgery. It is possible to launch the attack remotely. The exploit β¦
6.1
CVE-2026-1116 - Cross-site Scripting (XSS) in parisneo/lollms
A Cross-site Scripting (XSS) vulnerability was identified in the `from_dict` method of the `AppLollmsMessage` class in parisneo/lollms prior to version 2.2.0. The vulnerability arises from the lack of sanitization or HTML encoding of the `content` field when deserializing user-provided data. This aβ¦
6.9
CVE-2026-6110 - FoundationAgents MetaGPT Tree-of-Thought Solver tot.py generate_thoughts code injection
A vulnerability was identified in FoundationAgents MetaGPT up to 0.8.1. This affects the function generate_thoughts of the file metagpt/strategy/tot.py of the component Tree-of-Thought Solver. The manipulation leads to code injection. It is possible to initiate the attack remotely. The exploit is pβ¦
5.3
CVE-2026-6109 - FoundationAgents MetaGPT Mineflayer HTTP API index.js evaluateCode cross-site request forgery
A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.1. The impacted element is the function evaluateCode of the file metagpt/environment/minecraft/mineflayer/index.js of the component Mineflayer HTTP API. Executing a manipulation can lead to cross-site request forgery. The attack mβ¦
5.3
CVE-2026-6108 - 1Panel-dev MaxKB Model Context Protocol Node base_mcp_node.py execute os command injection
A vulnerability was found in 1Panel-dev MaxKB up to 2.6.1. The affected element is the function execute of the file apps/application/flow/step_node/mcp_node/impl/base_mcp_node.py of the component Model Context Protocol Node. Performing a manipulation results in os command injection. The attack is pβ¦
5.1
CVE-2026-6107 - 1Panel-dev MaxKB ChatHeadersMiddleware chat_headers_middleware.py cross site scripting
A flaw has been found in 1Panel-dev MaxKB up to 2.6.1. This issue affects some unknown processing of the file apps/common/middleware/chat_headers_middleware.py of the component ChatHeadersMiddleware. This manipulation of the argument Name causes cross site scripting. Remote exploitation of the attaβ¦
0.0
CVE-2026-31413 - bpf: Fix unsound scalar forking in maybe_fork_scalars() for BPF_OR
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix unsound scalar forking in maybe_fork_scalars() for BPF_OR maybe_fork_scalars() is called for both BPF_AND and BPF_OR when the source operand is a constant. When dst has signed range [-1, 0], it forks the verifier state:β¦
5.1
CVE-2026-6106 - 1Panel-dev MaxKB Public Chat static_headers_middleware.py StaticHeadersMiddleware cross site scriptβ¦
A vulnerability was detected in 1Panel-dev MaxKB up to 2.2.1. This vulnerability affects the function StaticHeadersMiddleware of the file apps/common/middleware/static_headers_middleware.py of the component Public Chat Interface. The manipulation of the argument Name results in cross site scriptingβ¦
6.9
CVE-2026-6105 - perfree go-fastdfs-web doInstall InstallController.java improper authorization
A security vulnerability has been detected in perfree go-fastdfs-web up to 1.3.7. This affects an unknown part of the file src/main/java/com/perfree/controller/InstallController.java of the component doInstall Interface. The manipulation leads to improper authorization. The attack may be initiated β¦
9.3
CVE-2026-31845 - Reflected XSS in Rukovoditel CRM Zadarma API permits session hijacking
A reflected cross-site scripting (XSS) vulnerability exists in Rukovoditel CRM version 3.6.4 and earlier in the Zadarma telephony API endpoint (/api/tel/zadarma.php). The application directly reflects user-supplied input from the 'zd_echo' GET parameter into the HTTP response without proper sanitizβ¦