Tag

#cve

4 posts tagged cve.

cve

CVE-2026-7845: Hash collision in Langchain-Chatchat lets attackers swap pasted images

A weak-hash flaw in Langchain-Chatchat up to 0.3.1.3 lets an adjacent attacker overwrite pasted images by colliding MD5 hashes computed from PIL.Image.tobytes. No vendor patch has shipped.
May 6, 2026
cve

MetInfo CMS CVE-2026-29014 Exploited in the Wild for Remote Code Execution

A critical unauthenticated PHP code injection flaw in MetInfo CMS 7.9–8.1 (CVSS 9.8) is under active exploitation. Patch to the April 7 release immediately.
May 5, 2026
cve

CVE-2026-7669: Deserialization flaw in SGLang's HuggingFace tokenizer loader

A medium-severity deserialization bug in SGLang's get_tokenizer routine affects all releases up to 0.5.9. The vendor has not responded to the disclosure, and no fixed version is listed.
May 3, 2026
cve

CISA Adds Actively Exploited Linux Kernel LPE CVE-2026-31431 to KEV

A local privilege escalation flaw in the Linux kernel's AEAD crypto interface has been added to CISA's KEV catalog after active exploitation. Federal patch deadline is May 15, 2026.
May 3, 2026