41 vulnerabilities across 15 products scored HIGH or above on May 29, 2026.
- CRITICAL: 18
- HIGH: 23
[CRITICAL] infiniflow/ragflow
1 CVE | CVSS 9.9 | AAS 12.7
RAGFlow versions 0.24.0 and earlier contain a critical Jinja2 template injection vulnerability (CVE-2026-45312, CVSS 9.9) in the prompt generator that allows authenticated users to execute arbitrary OS commands on the affected server. Any user with the ability to register an account can create a Canvas workflow with a DuckDuckGo and LLM component chain to trigger the vulnerability. Organizations using RAGFlow should upgrade immediately and consult the vendor advisory at https://github.com/infiniflow/ragflow/security/advisories/GHSA-wpg4-h5g2-jxm6 for patching and mitigation details.
- CVE-2026-45312 (CVSS 9.9)
[CRITICAL] sillytavern/sillytavern
5 CVEs | CVSS 9.8 | AAS 12.1
SillyTavern versions prior to 1.18.0 contain multiple critical vulnerabilities (CVSS 9.8), including a server-side request forgery flaw in the /api/search/searxng endpoint that allows authenticated users to force the server to fetch from internal or loopback services and receive the responses. Any authenticated low-privilege user can exploit this vulnerability by providing a malicious baseUrl parameter. Organizations running SillyTavern should upgrade to version 1.18.0 or later and review the vendor advisory at https://github.com/SillyTavern/SillyTavern/security/advisories/GHSA-qg89-qwwh-5f3j for patching and mitigation guidance.
- CVE-2026-46372 (CVSS 8.5)
- CVE-2026-44649 (CVSS 9.8)
- CVE-2026-44650 (CVSS 9.1)
- CVE-2026-44651 (CVSS 6.9)
- CVE-2026-44652 (CVSS 6.9)
[CRITICAL] dokploy/dokploy
9 CVEs | CVSS 10.0 | AAS 11.8
Dokploy versions 0.26.6 and earlier contain multiple critical vulnerabilities (CVSS 10.0), including a command injection flaw in the /docker-container-logs WebSocket endpoint where unvalidated tail and since parameters are directly concatenated into shell commands, allowing authenticated users to execute arbitrary commands with root privileges. Any authenticated user can exploit this vulnerability to fully compromise the Dokploy installation. Organizations running Dokploy should upgrade immediately and review the vendor advisory at https://github.com/Dokploy/dokploy/security/advisories/GHSA-wmqj-wr9q-327p for patching and mitigation guidance.
- CVE-2026-45633 (CVSS 9.9)
- CVE-2026-45629 (CVSS 9.9)
- CVE-2026-45663 (CVSS 9.9)
- CVE-2026-45661 (CVSS 9.9)
- CVE-2026-45630 (CVSS 9.0)
- CVE-2026-45662 (CVSS 8.8)
- CVE-2026-45631 (CVSS 10.0)
- CVE-2026-45632 (CVSS 9.9)
- CVE-2026-45628 (CVSS 9.6)
[CRITICAL] triliumnext/trilium
1 CVE | CVSS 9.3 | AAS 11.0
Trilium Notes prior to version 0.102.2 contains a critical remote code execution vulnerability (CVE-2026-45668, CVSS 9.3) where importing a malicious ZIP archive with safe import enabled allows attackers to execute arbitrary code on the affected system. The vulnerability exploits #docName path traversal in combination with code notes containing raw HTML and JavaScript to achieve RCE. Organizations using Trilium Notes should upgrade to version 0.102.2 or later and consult the vendor advisory at https://github.com/TriliumNext/Trilium/security/advisories/GHSA-9jjc-cccq-f6rh for patching and mitigation details.
- CVE-2026-45668 (CVSS 9.3)
[CRITICAL] agno-agi/agno
1 CVE | CVSS 8.7 | AAS 10.3
agno version 2.6.5 contains a critical SQL injection vulnerability (CVE-2026-10105, CVSS 8.7) in the ClickHouse vector database backend’s delete_by_metadata() method, where unsafe f-string interpolation allows attackers to inject arbitrary SQL expressions through malicious metadata keys and values. Attackers can exploit this to delete all rows, target specific rows, or extract information through error-based or blind SQL injection techniques. Organizations using agno should upgrade immediately and review the vendor advisory at https://github.com/agno-agi/agno/issues/7866 for patching and mitigation details.
- CVE-2026-10105 (CVSS 8.7)
[CRITICAL] home-assistant/core
1 CVE | CVSS 8.3 | AAS 10.3
Home Assistant Companion apps for iOS prior to 2026.4.1 and Android prior to 2026.4.4 contain a critical vulnerability (CVE-2026-44698, CVSS 8.3) where the JavaScript bridge exposed to the in-app WebView is accessible to all frames including cross-origin iframes, combined with unsanitized JavaScript interpolation. An attacker can exploit this through a malicious webpage or cross-origin iframe to compromise the Home Assistant installation and access sensitive data or controls. Organizations and users deploying Home Assistant Companion apps should upgrade immediately and review the vendor advisory at https://github.com/home-assistant/core/security/advisories/GHSA-7jp2-p2fw-mgvf for patching guidance.
- CVE-2026-44698 (CVSS 8.3)
[HIGH] acer/predator_connect_w6x
5 CVEs | CVSS 10.0 | AAS 9.9
The Acer Predator Connect W6X contains multiple vulnerabilities (CVSS 10.0) in web endpoints intended for the Acer Connect app, where improper validation of the HTTP Authorization header allows requests to succeed when Base64 decoding fails, potentially bypassing authentication. An attacker can exploit this authentication bypass to access sensitive functionality without valid credentials. Organizations and users with Acer Predator Connect W6X devices should review the vendor advisory at https://community.acer.com/en/kb/articles/19672 for available patches and mitigation guidance.
- CVE-2026-49197 (CVSS 10.0)
- CVE-2026-49199 (CVSS 10.0)
- CVE-2026-49195 (CVSS 8.7)
- CVE-2026-49196 (CVSS 8.6)
- CVE-2026-49198 (CVSS 8.3)
[HIGH] remote_spark_(https://www.remotespark.com/)/sparkview
1 CVE | CVSS 10.0 | AAS 9.9
Remote Spark SparkView prior to build 1127 contains a critical path traversal vulnerability (CVE-2026-8326, CVSS 10.0) in the RDP drive redirection component that allows attackers to read and write arbitrary files in all directories with root privileges, leading to remote code execution. Depending on the deployment, an unauthenticated attacker with network access can exploit this vulnerability to fully compromise the affected system. Organizations using Remote Spark SparkView should upgrade to build 1127 or later immediately and review the vendor advisory at https://www.remotespark.com/view/new.html for patching and mitigation guidance.
- CVE-2026-8326 (CVSS 10.0)
[HIGH] npm/vm2
6 CVEs | CVSS 10.0 | AAS 9.9
The npm package vm2 contains multiple critical sandbox breakout vulnerabilities (CVSS 10.0) that allow attackers to escape the VM2 sandbox and execute arbitrary commands on the host system. The vulnerabilities stem from improper validation in the localPromise constructor which fails to properly reset promise species, allowing custom promises to bypass sandbox restrictions. Organizations using vm2 should upgrade to a patched version immediately or discontinue use, and review the vendor advisory at https://github.com/advisories/GHSA-76w7-j9cq-rx2j for mitigation and remediation guidance.
- CVE-2026-47208 (CVSS 10.0)
- CVE-2026-47137 (CVSS 10.0)
- CVE-2026-47140 (CVSS 10.0)
- CVE-2026-47210 (CVSS 9.8)
- CVE-2026-47139 (CVSS 8.6)
- CVE-2026-47131 (CVSS 10.0)
[HIGH] hkuds/deepcode
1 CVE | CVSS 8.7 | AAS 9.9
DeepCode through commit c991dc2 contains a path traversal vulnerability (CVE-2026-32847, CVSS 8.7) in the SPA catch-all route that allows unauthenticated attackers to read arbitrary files by bypassing Starlette’s path normalization through percent-encoded segments, exposing sensitive files such as SSH private keys and TLS certificates. An attacker can traverse outside the FRONTEND_DIST directory by encoding path traversal characters in requests to the GET /{full_path:path} endpoint. Organizations using DeepCode should update to a patched version immediately and review the vendor advisory at https://github.com/HKUDS/DeepCode/issues/126 for mitigation guidance.
- CVE-2026-32847 (CVSS 8.7)
[HIGH] webpros/plesk
1 CVE | CVSS 9.9 | AAS 9.8
Plesk contains an XPath injection vulnerability (CVE-2026-44962, CVSS 9.9) in the APS Application Catalog search functionality where user-supplied input is interpolated into XPath queries without proper sanitization, allowing authenticated low-privileged users to execute arbitrary operating system commands and achieve local privilege escalation. This vulnerability poses a significant risk to multi-tenant Plesk installations where low-privileged users have access to the APS Catalog. Organizations using Plesk should upgrade to a patched version immediately and review the vendor advisory at https://support.plesk.com/hc/en-us/articles/38633651286679-Vulnerability-CVE-2026-44962-in-Plesk-s-APS-Catalog for patching and mitigation details.
- CVE-2026-44962 (CVSS 9.9)
[HIGH] shopperlabs/shopper
2 CVEs | CVSS 9.9 | AAS 9.8
Shopper prior to version 2.8.0 contains multiple critical authorization vulnerabilities (CVSS 9.9) in the team settings that allow any authenticated panel user to take over the role-based access control system. Two distinct flaws in the Settings/Team/Index and Settings/Team/RolePermission endpoints permit authenticated users to create new administrative roles, delete other users including administrators, and escalate their own privileges. Organizations using Shopper should upgrade to version 2.8.0 or later immediately and review the vendor advisory at https://github.com/shopperlabs/shopper/security/advisories/GHSA-c3qp-2ggw-xjg7 for patching and remediation guidance.
- CVE-2026-47744 (CVSS 9.9)
- CVE-2026-47740 (CVSS 8.1)
[HIGH] pip/praisonaiagents
1 CVE | CVSS 9.9 | AAS 9.8
PraisonAIAgents v1.6.37 contains a critical sandbox bypass vulnerability (CVE-2026-47392, CVSS 9.9) in the execute_code() function that allows attackers to access Python’s builtin modules and achieve arbitrary OS command execution on the host, completely defeating the subprocess sandbox. This novel bypass survives patches for previous related vulnerabilities and can be exploited by any user with access to the code execution function. Organizations using PraisonAIAgents should upgrade immediately to a patched version and review the vendor advisory at https://github.com/advisories/GHSA-4mr5-g6f9-cfrh for remediation guidance.
- CVE-2026-47392 (CVSS 9.9)
[HIGH] usagi-org/ai-goofish-monitor
1 CVE | CVSS 8.2 | AAS 9.8
Usagi-org ai-goofish-monitor contains an unauthenticated arbitrary file read vulnerability (CVE-2026-10044, CVSS 8.2) in the GET /api/prompts/{filename} endpoint on Windows deployments that allows unauthenticated remote attackers to bypass incomplete path traversal protection by supplying absolute Windows paths or backslash-based traversal sequences, enabling access to sensitive system files. The vulnerability exploits incomplete path validation that only blocks forward slashes and ‘..’ sequences, while os.path.join discards the intended base directory when given an absolute path. Organizations running ai-goofish-monitor on Windows should upgrade immediately and review the vendor advisory at https://github.com/Usagi-org/ai-goofish-monitor/commit/f85d140b6b45029d9a0925feb96dad733b41396d for patching and mitigation guidance.
- CVE-2026-10044 (CVSS 8.2)
[HIGH] pip/praisonai
5 CVEs | CVSS 9.8 | AAS 9.7
PraisonAI contains multiple critical vulnerabilities (CVSS 9.8) in its code-generator that emits Flask API servers with authentication disabled by default, allowing unauthenticated attackers to access the /chat and /agents endpoints and interact with the LLM orchestration layer with exposed API keys. Users following the documented quickstart deploy servers that bind to 0.0.0.0 and expose user-supplied JSON input directly to the praisonai.run() function, enabling arbitrary AI agent execution and potential remote code execution. Organizations using PraisonAI should immediately disable or restrict network access to deployed API servers and upgrade to a patched version, then review the vendor advisory at https://github.com/advisories/GHSA-8444-4fhq-fxpq for remediation guidance.
- CVE-2026-47393 (CVSS 9.8)
- CVE-2026-47391 (CVSS 9.8)
- CVE-2026-47396 (CVSS 9.8)
- CVE-2026-47397 (CVSS 8.0)
- CVE-2026-47398 (CVSS 8.1)