4.6
CVE-2026-42086 - OpenC3 COSMOS: Self-XSS in the Command Sender
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to version 7.0.0, the Command Sender UI uses an unsafe eval() function on array-like command parameters, which allows a user-supplied payload to execute in the browser when β¦
4.3
CVE-2026-42085 - OpenC3 COSMOS: Arbitrary write to plugins directory via path-traversed config filenames
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to versions 6.10.5 and 7.0.0-rc3, OpenC3 COSMOS contains a design flaw in the save_tool_config() function that allows saving tool configuration files at arbitrary locations β¦
8.1
CVE-2026-42084 - OpenC3 COSMOS: Hijacked session token can be used to reset password for persistence
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to versions 6.10.5 and 7.0.0-rc3, the OpenC3 password change functionality allows a user to change their password without providing the old password, by accepting a valid seβ¦
6
CVE-2026-42052 - beets is Vulnerable to XSS
Beets is the media library management system. Prior to version 2.10.0, the bundled web UI uses Underscore template interpolation mode <%= ... %> for untrusted metadata fields. In this runtime, <%= ... %> is raw insertion and HTML escaping is only performed by <%- ... %>. Rendered output is then insβ¦
4.6
CVE-2026-42080 - PPTAgent: Arbitrary File Write via `save_generated_slides`
PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, there is an arbitrary file write vulnerability via `save_generated_slides`. This issue has been patched via commit 418491a.
8.6
CVE-2026-42079 - PPTAgent: Arbitrary Code Execution via Python eval() of LLM-Generated Code with Builtins in Scope
PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, PPTAgent is vulnerable to arbitrary code execution via Python eval() of LLM-generated code with builtins in scope. This issue has been patched via commit 418491a.
9.1
CVE-2026-40682 - Apache OpenNLP: XXE via Dictionary Parsing in DictionaryEntryPersistor
XML External Entity (XXE) via Unsanitized Dictionary Parsing in Apache OpenNLP DictionaryEntryPersistor Versions Affected: before 2.5.9, before 3.0.0-M3 Description: The DictionaryEntryPersistor class initializes a static SAXParserFactory at class-load time without enabling FEATURE_SECURE_PROCEβ¦
4.6
CVE-2026-42078 - PPTAgent: Arbitrary File Write + Directory Creation via markdown_table_to_image
PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, PPTAgent is vulnerable to arbitrary file write and directory creation via markdown_table_to_image. This issue has been patched via commit 418491a.
5.2
CVE-2026-42077 - Evolver: Prototype Pollution via `Object.assign()` in mailbox store operations
Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a prototype pollution vulnerability in the mailbox store module allows attackers to modify the behavior of all JavaScript objects by injecting malicious properties into Object.prototype. The vulnerability exists iβ¦
9.8
CVE-2026-42076 - Evolver: Command Injection via `execSync` in `_extractLLM()` function allows Remote Code Execution
Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a command injection vulnerability in the _extractLLM() function allows attackers to execute arbitrary shell commands on the server. The function constructs a curl command using string concatenation and passes it tβ¦