Lucene search
K

602437 matches found

Cvelist
Cvelist
added 44 minutes ago2 views

CVE-2026-61439 PraisonAI before 4.6.78 Prompt Injection Defense Bypass

PraisonAI versions before 4.6.78 contain a prompt injection defense misconfiguration where the block threshold defaults to CRITICAL severity, allowing HIGH-level threats to pass through unblocked. Attackers can submit single-vector prompt injection attacks such as instruction overrides or financi...

8.7CVSS
Exploits0References2
CVE
CVE
added 44 minutes ago2 views

CVE-2026-61439 PraisonAI before 4.6.78 Prompt Injection Defense Bypass

PraisonAI versions before 4.6.78 contain a prompt injection defense misconfiguration where the block threshold defaults to CRITICAL severity, allowing HIGH-level threats to pass through unblocked. Attackers can submit single-vector prompt injection attacks such as instruction overrides or financi...

8.7CVSS6.1AI score
Exploits0References2
Cvelist
Cvelist
added 44 minutes ago2 views

CVE-2026-61428 PraisonAI AgentMail before 4.6.78 Message Injection via Webhook

PraisonAI AgentMail versions before 4.6.78 lack signature verification in webhook mode, allowing unauthenticated attackers to inject messages with spoofed sender addresses. Attackers can POST crafted message.received events to the webhook endpoint to inject arbitrary content into the agent and...

7.3CVSS
Exploits0References2
CVE
CVE
added 44 minutes ago2 views

CVE-2026-61428 PraisonAI AgentMail before 4.6.78 Message Injection via Webhook

PraisonAI AgentMail versions before 4.6.78 lack signature verification in webhook mode, allowing unauthenticated attackers to inject messages with spoofed sender addresses. Attackers can POST crafted message.received events to the webhook endpoint to inject arbitrary content into the agent and...

7.3CVSS6.2AI score
Exploits0References2
Cvelist
Cvelist
added 44 minutes ago2 views

CVE-2026-56763 Hono - Prototype Pollution via __proto__ Key in parseBody with dot Option

Hono before 4.12.7 allows proto key in parseBody with dot option enabled, permitting specially crafted form field names to create objects with proto properties. When parsed results are merged into regular JavaScript objects using unsafe merge patterns, attackers can exploit this to achieve...

6.3CVSS
Exploits0References2
CVE
CVE
added 44 minutes ago2 views

CVE-2026-56763 Hono - Prototype Pollution via __proto__ Key in parseBody with dot Option

Hono before 4.12.7 allows proto key in parseBody with dot option enabled, permitting specially crafted form field names to create objects with proto properties. When parsed results are merged into regular JavaScript objects using unsafe merge patterns, attackers can exploit this to achieve...

6.3CVSS6.1AI score
Exploits0References2
GithubExploit
GithubExploit
added 47 minutes ago2 views

tetragon-lab

How it works This poc use copyfail exploit to overwrite page-...

7.8CVSS7AI score0.96267EPSS
Exploits230
GithubExploit
GithubExploit
added 2 hours ago8 views

Exploit for Unrestricted Upload of File with Dangerous Type in Balbooa Forms

CVE-2026-56291 — Balbooa Forms Joomla Mass RCE Exploit Pre-Auth...

10CVSS6.2AI score0.00278EPSS
Exploits2
NVD
NVD
added 6 hours ago5 views

CVE-2026-10865

The Cost Calculator Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.0.11 via the template body. This makes it possible for unauthenticated attackers to extract the plaintext Stripe secret key, Razorpay secret key, and PayPal...

5.3CVSS
Exploits0References10
GithubExploit
GithubExploit
added 7 hours ago17 views

Exploit for CVE-2024-13985

CVE-2024-13985 — Dahua EIMS capturehandle.action Remote Cod...

10CVSS6.5AI score0.07713EPSS
Exploits1
GithubExploit
GithubExploit
added 7 hours ago18 views

Exploit for CVE-2026-29114

CVE-2026-29114 — Dahua Exposed Device CA Root Certificate !...

8.7CVSS7AI score0.00395EPSS
Exploits3
GithubExploit
GithubExploit
added 7 hours ago14 views

Exploit for CVE-2026-29115

CVE-2026-29115 — Dahua Authenticated Remote Denial of Service...

8.7CVSS7.3AI score0.00395EPSS
Exploits3
GithubExploit
GithubExploit
added 7 hours ago17 views

Exploit for CVE-2026-29116

CVE-2026-29116 — Dahua Unauthenticated Remote Denial of Servic...

8.7CVSS6.9AI score0.00395EPSS
Exploits3
Cvelist
Cvelist
added 8 hours ago7 views

CVE-2026-10865 Cost Calculator Builder <= 4.0.11 - Unauthenticated Sensitive Information Exposure of Payment Gateway Secret Keys

The Cost Calculator Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.0.11 via the template body. This makes it possible for unauthenticated attackers to extract the plaintext Stripe secret key, Razorpay secret key, and PayPal...

5.3CVSS
Exploits0References10
CVE
CVE
added 8 hours ago11 views

CVE-2026-10865

CVE-2026-10865 affects the Cost Calculator Builder plugin for WordPress. The vulnerability exists in all versions up to 4.0.11 and arises from exposure in the template body, allowing unauthenticated attackers to read plaintext payment gateway secrets (Stripe secret key, Razorpay secret key, and P...

5.3CVSS6.1AI score
Exploits0References10
EUVD
EUVD
added 8 hours ago7 views

EUVD-2026-43152

The Cost Calculator Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.0.11 via the template body. This makes it possible for unauthenticated attackers to extract the plaintext Stripe secret key, Razorpay secret key, and PayPal...

5.3CVSS6.1AI score
Exploits0References10
NVD
NVD
added 9 hours ago4 views

CVE-2026-5743

The SimpLy Gallery Block & Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via block attributes in all versions up to, and including, 3.3.3.2. This is due to insufficient input sanitization and output escaping on the sliderMaxHeight block attribute in the...

6.4CVSS
Exploits0References10
NVD
NVD
added 9 hours ago4 views

CVE-2026-10628

The Points and Rewards for WooCommerce plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.10.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

4.3CVSS
Exploits0References12
Nuclei
Nuclei
added 10 hours ago20 views

Vite Dev Server - Directory Traversal

Vite is a modern frontend build tool. In Vite prior to versions 6.4.3, 6.3.4, and 5.4.23, a directory traversal vulnerability affects the Vite development server. When the Vite dev server is launched with the --host or server.host option, an unauthenticated attacker can craft a request with a pat...

8.2CVSS6.1AI score0.02095EPSS
Exploits1References2
Nuclei
Nuclei
added 10 hours ago73 views

Vite Dev Server - Information Exposure

Vite is a frontend tooling framework for JavaScript. Before versions 6.3.4, 6.2.7, 6.1.6, 5.4.19, and 4.5.14, the contents of files in the project root that are denied by a file matching pattern can be returned to the browser. Only apps explicitly exposing the Vite dev server to the network using...

6CVSS6.2AI score0.01077EPSS
Exploits1References2
Rows per page
Query Builder