Vulnerabilities

PraisonAI is a multi-agent teams system. Prior to praisonai version 4.6.9 and praisonaiagents version 1.6.9, the fix for CVE-2026-40315 added input validation to SQLiteConversationStore only. Nine sibling backends — MySQL, PostgreSQL, async SQLite/MySQL/PostgreSQL, Turso, SingleStore, Supabase, SurrealDB — pass table_prefix straight into f-string SQL. Same root cause, same code pattern, same exploitation. 52 unvalidated injection points across the codebase. postgres.py additionally accepts an unvalidated schema parameter used directly in DDL. This issue has been patched in praisonai version 4.6.9 and praisonaiagents version 1.6.9.

go-git is an extensible git implementation library written in pure Go. Prior to versions 5.18.0 and 6.0.0-alpha.2, go-git may leak HTTP authentication credentials when following redirects during smart-HTTP clone and fetch operations. This issue has been patched in versions 5.18.0 and 6.0.0-alpha.2.

YARD is a Ruby Documentation tool. Prior to version 0.9.42, a path traversal vulnerability was discovered in YARD when using yard server to serve documentation. This bug would allow unsanitized HTTP requests to access arbitrary files on the machine of a yard server host under certain conditions. This issue has been patched in version 0.9.42.

Dapr is a portable, event-driven, runtime for building distributed applications across cloud and edge. From versions 1.3.0 to before 1.15.14, 1.16.0-rc.1 to before 1.16.14, and 1.17.0-rc.1 to before 1.17.5, a vulnerability has been found in Dapr that allows bypassing access control policies for service invocation using reserved URL characters and path traversal sequences in method paths. The ACL normalized the method path independently from the dispatch layer, so the ACL evaluated one path while the target application received a different one. This issue has been patched in versions 1.15.14, 1.16.14, and 1.17.5.

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.21, 20.3.19, 21.2.9, and 22.0.0-next.8, a Server-Side Request Forgery (SSRF) vulnerability exists in @angular/platform-server due to improper handling of URLs during Server-Side Rendering (SSR). When an attacker sends a request such as GET /\evil.com/ HTTP/1.1 the server engine (Express, etc.) passes the URL string to Angular’s rendering functions. Because the URL parser normalizes the backslash to a forward slash for HTTP/HTTPS schemes, the internal state of the application is hijacked to believe the current origin is evil.com. This misinterpretation tricks the application into treating the attacker’s domain as the local origin. Consequently, any relative HttpClient requests or PlatformLocation.hostname references are redirected to the attacker controlled server, potentially exposing internal APIs or metadata services. This issue has been patched in versions 19.2.21, 20.3.19, 21.2.9, and 22.0.0-next.8.

Sync-in Server is a secure, open-source platform for file storage, sharing, collaboration, and syncing. Prior to version 2.2.0, the /api/auth/login endpoint contains a logic flaw that allows unauthenticated remote attackers to enumerate valid usernames by measuring the application's response time. This issue has been patched in version 2.2.0.

The optional extension component TinkerpopClientService is missing the Restricted annotation with the Execute Code Required Permission in Apache NiFi 2.0.0-M1 through 2.8.0. The TinkerpopClientService supports configuration of ByteCode Submission for the Script Submission Type, enabling Groovy Script execution in the service prior to submitting the query. The missing Restricted annotation allows users without the Execute Code Permission to configure the Service in installations that use fine-grained authorization and have the optional TinkerpopClientService installed. Apache NiFi installations that do not have the nifi-other-graph-services-nar installed are not subject to this vulnerability. Upgrading to Apache NiFi 2.9.0 is the recommended mitigation.

Dell PowerScale OneFS versions 9.5.0.0 through 9.5.1.6, 9.6.0.0 through 9.7.1.13, 9.8.0.0 through 9.10.1.5 and 9.11.0.0 through 9.12.0.1 contains an Insufficient Logging vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information tampering.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/panthor: fix for dma-fence safe access rules<br /> <br /> Commit 506aa8b02a8d6 ("dma-fence: Add safe access helpers and document<br /> the rules") details the dma-fence safe access rules. The most common<br /> culprit is that drm_sched_fence_get_timeline_name may race with<br /> group_free_queue.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/tests: shmem: Hold reservation lock around vmap/vunmap<br /> <br /> Acquire and release the GEM object&amp;#39;s reservation lock around vmap and<br /> vunmap operations. The tests use vmap_locked, which led to errors such<br /> as show below.<br /> <br /> [ 122.292030] WARNING: CPU: 3 PID: 1413 at drivers/gpu/drm/drm_gem_shmem_helper.c:390 drm_gem_shmem_vmap_locked+0x3a3/0x6f0<br /> <br /> [ 122.468066] WARNING: CPU: 3 PID: 1413 at drivers/gpu/drm/drm_gem_shmem_helper.c:293 drm_gem_shmem_pin_locked+0x1fe/0x350<br /> <br /> [ 122.563504] WARNING: CPU: 3 PID: 1413 at drivers/gpu/drm/drm_gem_shmem_helper.c:234 drm_gem_shmem_get_pages_locked+0x23c/0x370<br /> <br /> [ 122.662248] WARNING: CPU: 2 PID: 1413 at drivers/gpu/drm/drm_gem_shmem_helper.c:452 drm_gem_shmem_vunmap_locked+0x101/0x330<br /> <br /> Only export the new vmap/vunmap helpers for Kunit tests. These are<br /> not interfaces for regular drivers.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> Revert "arm64: zynqmp: Add an OP-TEE node to the device tree"<br /> <br /> This reverts commit 06d22ed6b6635b17551f386b50bb5aaff9b75fbe.<br /> <br /> OP-TEE logic in U-Boot automatically injects a reserved-memory<br /> node along with optee firmware node to kernel device tree.<br /> The injection logic is dependent on that there is no manually<br /> defined optee node. Having the node in zynqmp.dtsi effectively<br /> breaks OP-TEE&amp;#39;s insertion of the reserved-memory node, causing<br /> memory access violations during runtime.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> spi: cadence-quadspi: Parse DT for flashes with the rest of the DT parsing<br /> <br /> The recent refactoring of where runtime PM is enabled done in commit<br /> f1eb4e792bb1 ("spi: spi-cadence-quadspi: Enable pm runtime earlier to<br /> avoid imbalance") made the fact that when we do a pm_runtime_disable()<br /> in the error paths of probe() we can trigger a runtime disable which in<br /> turn results in duplicate clock disables. This is particularly likely<br /> to happen when there is missing or broken DT description for the flashes<br /> attached to the controller.<br /> <br /> Early on in the probe function we do a pm_runtime_get_noresume() since<br /> the probe function leaves the device in a powered up state but in the<br /> error path we can&amp;#39;t assume that PM is enabled so we also manually<br /> disable everything, including clocks. This means that when runtime PM is<br /> active both it and the probe function release the same reference to the<br /> main clock for the IP, triggering warnings from the clock subsystem:<br /> <br /> [ 8.693719] clk:75:7 already disabled<br /> [ 8.693791] WARNING: CPU: 1 PID: 185 at /usr/src/kernel/drivers/clk/clk.c:1188 clk_core_disable+0xa0/0xb<br /> ...<br /> [ 8.694261] clk_core_disable+0xa0/0xb4 (P)<br /> [ 8.694272] clk_disable+0x38/0x60<br /> [ 8.694283] cqspi_probe+0x7c8/0xc5c [spi_cadence_quadspi]<br /> [ 8.694309] platform_probe+0x5c/0xa4<br /> <br /> Dealing with this issue properly is complicated by the fact that we<br /> don&amp;#39;t know if runtime PM is active so can&amp;#39;t tell if it will disable the<br /> clocks or not. We can, however, sidestep the issue for the flash<br /> descriptions by moving their parsing to when we parse the controller<br /> properties which also save us doing a bunch of setup which can never be<br /> used so let&amp;#39;s do that.