Lucene search
K

19989 matches found

Nuclei
Nuclei
added 15 hours ago35 views

F-logic DataCube3 - SQL Injection

SQL injection vulnerability in f-logic datacube3 v.1.0 allows a remote attacker to obtain sensitive information via the reqid parameter. id: CVE-2024-31750 info: name: F-logic DataCube3 - SQL Injection author: DhiyaneshDK severity: high description: | SQL injection vulnerability in f-logic...

9.8CVSS6.1AI score0.1942EPSS
Exploits1References5
CVE
CVE
added 5 days ago12 views

CVE-2026-61444

PRAISONAi before 4.6.78 has a code‑injection vulnerability in deploy/api.py: the agents_file parameter is interpolated into an f-string without sanitization, allowing arbitrary Python code execution when the generated server code runs via subprocess.Popen(). Affected: PraisonAI

9.4CVSS6.2AI score0.00392EPSS
Exploits0References2
Cvelist
Cvelist
added 5 days ago29 views

CVE-2026-61444 PraisonAI before 4.6.78 Code Injection via f-string

PraisonAI versions before 4.6.78 contain a code injection vulnerability in deploy/api.py where the agentsfile parameter is directly interpolated into an f-string without sanitization. Attackers can inject arbitrary Python code that executes when the generated server code runs via subprocess.Popen...

9.4CVSS0.00392EPSS
Exploits0References2
OSV
OSV
added 5 days ago3 views

CVE-2026-61444 PraisonAI before 4.6.78 Code Injection via f-string

PraisonAI versions before 4.6.78 contain a code injection vulnerability in deploy/api.py where the agentsfile parameter is directly interpolated into an f-string without sanitization. Attackers can inject arbitrary Python code that executes when the generated server code runs via subprocess.Popen...

9.4CVSS6.2AI score0.00392EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 5 days ago8 views

PT-2026-57196

Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 4.6.78 Description A code injection issue exists in the deploy/api.py file. The agents file parameter is directly interpolated into an f-string without proper sanitization. This interpolated string is used to genera...

9.4CVSS6.3AI score0.00392EPSS
Exploits0References8
OSV
OSV
added 2026/07/03 1:33 p.m.3 views

MINI-4VX8-FJ5F-22XF

Bulletin has no description...

8.7CVSS5.9AI score0.00656EPSS
Exploits0
Chainguard
Chainguard
added 2026/07/01 2:16 p.m.13 views

GHSA-3PP7-M8F5-89GX vulnerabilities

Vulnerabilities for packages: firefox-esr, firefox...

6.1AI score
Exploits0
OSV
OSV
added 2026/06/29 11:50 a.m.9 views

PYSEC-2026-319 Crawl4AI: AST Sandbox Escape via gi_frame.f_back Chain - Pre-Auth RCE in Docker API

Summary The safeevalexpression function in the computed fields feature uses an AST validator that only blocks attributes starting with underscore. Python generator and frame object attributes giframe, fback, fbuiltins do NOT start with underscore, enabling a complete sandbox escape to achieve...

9.8CVSS6.6AI score0.0045EPSS
Exploits2References7
F5 Networks
F5 Networks
added 2026/06/26 6:39 a.m.10 views

K000161920: Node.js vulnerability CVE-2026-48619

Security Advisory Description A flaw in Node.js HTTP/2 client allows a server to send an unlimited number of ORIGIN frames, which could lead to an Out of Memory error on the client. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26. CVE-2026-48619 Impa...

7.5CVSS6.3AI score0.00656EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/06/25 8:39 a.m.6 views

CVE-2026-53188

In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Validate the passed in fops for ibgetucaps Sashiko pointed out it is not safe to rely only on the devt because char/block alias so if the user finds a block device with the same devt it can masquerade as a ucap cdev fd...

5.8AI score0.00136EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/06/23 11:17 p.m.6 views

MINI-RV7F-52HP-67MM

Bulletin has no description...

6.5CVSS5.7AI score0.00196EPSS
Exploits0
NVD
NVD
added 2026/06/19 3:16 a.m.13 views

CVE-2026-8806

Expected Behavior Violation vulnerability in Mitsubishi Electric MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP all versions allows a remote attacker to cause a denial-of-service DoS condition in the affected product by continuously sending a large number of communication packets to t...

8.7CVSS0.00367EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/19 2:31 a.m.15 views

EUVD-2026-37975

Expected Behavior Violation vulnerability in Mitsubishi Electric MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP all versions allows a remote attacker to cause a denial-of-service DoS condition in the affected product by continuously sending a large number of communication packets to t...

8.7CVSS5.4AI score0.00367EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/19 2:31 a.m.10 views

CVE-2026-8806

Expected Behavior Violation vulnerability in Mitsubishi Electric MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP all versions allows a remote attacker to cause a denial-of-service DoS condition in the affected product by continuously sending a large number of communication packets to t...

8.7CVSS5.3AI score0.00367EPSS
Exploits0References4
CVE
CVE
added 2026/06/19 2:31 a.m.31 views

CVE-2026-8806

The CVE-2026-8806 entry concerns Mitsubishi Electric MELSEC iQ-F Series FX5-ENET/IP Ethernet Module (FX5-ENET/IP), with all versions affected. The vulnerability is described as an Expected Behavior Violation that could allow a remote attacker to cause a DoS by flooding the Ethernet port with a hi...

8.7CVSS5.3AI score0.00367EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/19 2:26 a.m.36 views

CVE-2026-8805 Denial-of-service (DoS) vulnerability in MELSEC iQ-F Series EtherNet/IP module

Integer Overflow or Wraparound vulnerability in the EtherNet/IP function of Mitsubishi Electric MELSEC iQ-F Series FX5-EIP EtherNet/IP module FX5-EIP versions 1.000 and prior allows a remote attacker to cause a denial-of-service DoS condition in the affected product by rapidly establishing a larg...

8.7CVSS0.00379EPSS
Exploits0References3
CVE
CVE
added 2026/06/19 2:26 a.m.24 views

CVE-2026-8805

CVE-2026-8805 affects the MELSEC iQ-F Series EtherNet/IP module FX5-EIP (versions 1.000 and prior). The bug is an integer overflow/wraparound in the EtherNet/IP function that can be triggered remotely by rapidly opening many TCP connections, causing a DoS through an inconsistency in internal conn...

8.7CVSS5.3AI score0.00379EPSS
Exploits0References3
OSV
OSV
added 2026/06/10 12:34 a.m.2 views

CVE-2026-45329 ESF-IDF: Out-of-Bounds Read in ESP-TEE Secure Service Wrappers

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.4 and 6.0, several ESP-TEE secure-service wrappers in espsecureservices.c and espsecureservicesiram.c validated only some of the caller-supplied pointer arguments, leaving input pointer arguments unchecked...

7.1CVSS5.9AI score0.00117EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.15 views

PT-2026-48552

Copy & Delete Posts through 1.5.4 lets any plugin-enabled non-admin role invoke every operation in the cdp action handling AJAX handler. Attackers with an enabled role can delete posts or overwrite plugin settings via the f parameter, bypassing per-function capability checks...

8.1CVSS5.4AI score0.00248EPSS
Exploits0References3
OSV
OSV
added 2026/06/07 7:24 p.m.8 views

MINI-5Q5F-625V-G6M2

Bulletin has no description...

9.1CVSS5.2AI score0.00487EPSS
Exploits0
Rows per page
Query Builder