LangChain-ChatChat — RCE via MCP STDIO Server Configuration (CVE-2026-30617) 2026-04-01 Security / AI CVEs
nginx-ui — MCPwn: Unauthenticated MCP Endpoint Leads to Full Server Takeover (CVE-2026-33032) 2026-04-01 Security / AI CVEs
OpenClaw Claude Bridge — Sandbox bypass allows arbitrary tool execution in spawned subprocesses (CVE-2026-39398) 2026-04-01 Security
PraisonAI — Four critical vulnerabilities expose multi-agent AI systems to sandbox escape, RCE, and data exfiltration 2026-04-01 Security
PraisonAI — execute_code() vulnerability allows arbitrary Python code execution in multi-agent systems 2026-04-01 Security
Unit 42 — Chrome Gemini Live panel hijack vulnerability enables camera/mic access 2026-04-01 Security