7.1
CVE-2026-29643 - Improper Exception Handling in XiangShan CSR Subsystem Allows Local Denial of Service
XiangShan (Open-source high-performance RISC-V processor) commit edb1dfaf7d290ae99724594507dc46c2c2125384 (2024-11-28) contains an improper exceptional-condition handling flaw in its CSR subsystem (NewCSR). On affected versions, certain sequences of CSR operations targeting non-existent/custom CSR β¦
9.9
CVE-2026-30269 - Doorman Improper Access Control Allows Privilege Escalation
Improper access control in Doorman v0.1.0 and v1.0.2 allows any authenticated user to update their own account role to a non-admin privileged role via /platform/user/{username}. The `role` field is accepted by the update model without a manage_users permission check for self-updates, enabling priviβ¦
8.2
CVE-2026-39110 - Unauthenticated SQL Injection in Forgot Password Page of Apartment Visitors Management System
SQL Injection vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 in the contactno parameter of the forgot password page (forgot-password.php). This allows an unauthenticated attacker to manipulate backend SQL queries during authentication and retrieve seβ¦
4.3
CVE-2026-41285 - Infinite Loop in OpenBSD SLAACD and RAD Daemons Due to Zero-Length ICMPv6 ND Option
In OpenBSD through 7.8, the slaacd and rad daemons have an infinite loop when they receive a crafted ICMPv6 Neighbor Discovery (ND) option (over a local network) with length zero, because of an "nd_opt_len * 8 - 2" expression with no preceding check for whether nd_opt_len is zero.
7.5
CVE-2026-29645 -
NEMU (OpenXiangShan/NEMU) before v2025.12.r2 contains an improper instruction-validation flaw in its RISC-V Vector (RVV) decoder. The decoder does not correctly validate the funct3 field when decoding vsetvli/vsetivli/vsetvl, allowing certain invalid OP-V instruction encodings to be misinterpreted β¦
5.3
CVE-2026-6586 - TransformerOptimus SuperAGI Budget Endpoint budget.py update_budget authorization
A vulnerability was identified in TransformerOptimus SuperAGI up to 0.0.14. Impacted is the function get_budget/update_budget of the file superagi/controllers/budget.py of the component Budget Endpoint. Such manipulation leads to authorization bypass. It is possible to launch the attack remotely. Tβ¦
5.3
CVE-2026-6585 - TransformerOptimus SuperAGI Organisation Update Endpoint organisation.py update_organisation authorβ¦
A vulnerability was determined in TransformerOptimus SuperAGI up to 0.0.14. This issue affects the function update_organisation of the file superagi/controllers/organisation.py of the component Organisation Update Endpoint. This manipulation of the argument organisation_id causes authorization bypaβ¦
5.3
CVE-2026-6584 - TransformerOptimus SuperAGI User Update Endpoint user.py update_user authorization
A vulnerability was found in TransformerOptimus SuperAGI up to 0.0.14. This vulnerability affects the function update_user of the file superagi/controllers/user.py of the component User Update Endpoint. The manipulation of the argument user_id results in authorization bypass. The attack may be perfβ¦
5.3
CVE-2026-6583 - TransformerOptimus SuperAGI API Key Management Endpoint api_key.py edit_api_key authorization
A vulnerability has been found in TransformerOptimus SuperAGI up to 0.0.14. This affects the function delete_api_key/edit_api_key of the file superagi/controllers/api_key.py of the component API Key Management Endpoint. The manipulation leads to authorization bypass. The attack is possible to be caβ¦
6.9
CVE-2026-6582 - TransformerOptimus SuperAGI Vector Database Management Endpoint vector_dbs.py get_vector_db_detailsβ¦
A flaw has been found in TransformerOptimus SuperAGI up to 0.0.14. Affected by this issue is the function get_vector_db_details of the file superagi/controllers/vector_dbs.py of the component Vector Database Management Endpoint. Executing a manipulation can lead to missing authentication. The attacβ¦