Topics
Browse posts by category and tag — every topic we cover, with the latest pieces under each.
Tags
- #cve 4
- #active-exploitation 1
- #attribution 1
- #cisa-kev 1
- #cms 1
- #cryptography 1
- #deserialization 1
- #gandcrab 1
- #huggingface 1
- #image-collision 1
- #langchain-chatchat 1
- #law-enforcement 1
- #linux-kernel 1
- #llm-serving 1
- #local-privilege-escalation 1
- #md5 1
- #meta 1
- #php 1
- #ransomware 1
- #remote-code-execution 1
- #revil 1
- #sglang 1
- #supply-chain 1
- #threat-intel 1
- #vision-llm 1
- #weak-hash 1
Categories
cve 4 posts
- CVE-2026-7845: Hash collision in Langchain-Chatchat lets attackers swap pasted imagesA weak-hash flaw in Langchain-Chatchat up to 0.3.1.3 lets an adjacent attacker overwrite pasted images by colliding MD5 hashes computed from PIL.Image.tobytes. No vendor patch has shipped.
- MetInfo CMS CVE-2026-29014 Exploited in the Wild for Remote Code ExecutionA critical unauthenticated PHP code injection flaw in MetInfo CMS 7.9–8.1 (CVSS 9.8) is under active exploitation. Patch to the April 7 release immediately.
- CVE-2026-7669: Deserialization flaw in SGLang's HuggingFace tokenizer loaderA medium-severity deserialization bug in SGLang's get_tokenizer routine affects all releases up to 0.5.9. The vendor has not responded to the disclosure, and no fixed version is listed.
- CISA Adds Actively Exploited Linux Kernel LPE CVE-2026-31431 to KEVA local privilege escalation flaw in the Linux kernel's AEAD crypto interface has been added to CISA's KEV catalog after active exploitation. Federal patch deadline is May 15, 2026.