Dell BIOS Passwords: Weak XOR Encryption Allows Recovery from SPI Flash (CVE-2026-40639)
Updated:
Executive Summary
[object Object]
Analysis
Originally published by r/blueteamsec on Jul 11, 2026.
Related Threats
Australia warns of global campaign targeting vulnerable CMS platforms
The Australian Cyber Security Centre (ACSC) issued an alert about a global exploitation campaign targeting vulnerable content management systems (CMS) and plugins. [...]
NVD CRITICAL: CVE-2026-61447 — PraisonAI before 1.6.78 contains a remote code execution vulnerability in CodeAg...
PraisonAI before 1.6.78 contains a remote code execution vulnerability in CodeAgent._execute_python() that executes LLM-generated Python code without AST validation, import restrictions, or sandbox enforcement. Attackers can influence LLM output through prompt injection to exfiltrate all environment secrets and execute arbitrary code on the host system.
NVD CRITICAL: CVE-2026-61445 — PraisonAI before 4.6.78 contains arbitrary file write and command execution vuln...
PraisonAI before 4.6.78 contains arbitrary file write and command execution vulnerabilities in the AICoder component due to missing path validation and command sanitization in LLM tool calls. Attackers can inject malicious prompts through the chat interface to write files to arbitrary filesystem locations and execute arbitrary shell commands with root privileges.