9907 matches found
CVE-2026-29146
creationtimestamp| type| source ---|---|--- 2026-04-09 21:01:14+00:00| seen| https://bsky.app/profile/euvd-bot.bsky.social/post/3mj3pckzmjc2j 2026-04-09 22:48:44+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mj3vcs73fa25 2026-04-09 23:23:44+00:00| seen|...
Threat and Vulnerability Management: Building a Unified Program
Most security teams run threat intelligence and vulnerability management as separate operations. Threat analysts track adversary campaigns and emerging exploits. Vulnerability teams run scans, generate reports, and chase patches. The two groups rarely share a workflow, a priority list, or even a...
RansomTrack: A Hybrid Behavioral Analysis Framework for Ransomware Detection
Ransomware poses a serious and fast-acting threat to critical systems, often encrypting files within seconds of execution. Research indicates that ransomware is the most reported cybercrime in terms of financial damage, highlighting the urgent need for early-stage detection before encryption is...
CVE-2026-39889
PraisonAI is a multi-agent teams system. Prior to 4.5.115, the A2U Agent-to-User event stream server in PraisonAI exposes all agent activity without authentication. The createa2uroutes function registers the following endpoints with NO authentication checks: /a2u/info, /a2u/subscribe,...
CVE-2026-39889 PraisonAI has Unauthenticated SSE Event Stream Exposes All Agent Activity in A2U Server
PraisonAI is a multi-agent teams system. Prior to 4.5.115, the A2U Agent-to-User event stream server in PraisonAI exposes all agent activity without authentication. The createa2uroutes function registers the following endpoints with NO authentication checks: /a2u/info, /a2u/subscribe,...
MAL-2026-2517 Malicious code in kraken-trader (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 4bf5ec6e8a6020de1e122cf07f2dde0f02fa1a484ff984586db379729da75523 The package is a loader of malicious code disguised as remote "credits" code. The remote location, built from the parts in the code, delivers highly obfuscated...
CVE-2026-1830
creationtimestamp| type| source ---|---|--- 2026-04-08 20:16:03+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-1830 2026-04-09 04:30:30+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mizxwyinu42y 2026-04-09 04:30:30+00:00| seen|...
EUVD-2026-20636
PraisonAI Has Unauthenticated SSE Event Stream that Exposes All Agent Activity in A2U Server...
GHSA-F292-66H9-FPMF PraisonAI Has Unauthenticated SSE Event Stream that Exposes All Agent Activity in A2U Server
The A2U Agent-to-User event stream server in PraisonAI exposes all agent activity without authentication. This is a separate component from the gateway server fixed in CVE-2026-34952. The createa2uroutes function registers the following endpoints with NO authentication checks: - GET /a2u/info —...
PraisonAI Has Unauthenticated SSE Event Stream that Exposes All Agent Activity in A2U Server
The A2U Agent-to-User event stream server in PraisonAI exposes all agent activity without authentication. This is a separate component from the gateway server fixed in CVE-2026-34952. The createa2uroutes function registers the following endpoints with NO authentication checks: - GET /a2u/info —...
MAL-2026-2516 Malicious code in sentinel-tool (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 5a2ff07802c4546c40d47d3780971506115297a1e8c177be36ad1e003dd62937 The package installs a remote executable that uses a hardcoded Telegram channel for monitoring the user's activity, including regularly taking screenshots, and...
Shrinking the IAM Attack Surface through Identity Visibility and Intelligence Platforms (IVIP)
The Fragmented State of Modern Enterprise Identity Enterprise IAM is approaching a breaking point. As organizations scale, identity becomes increasingly fragmented across thousands of applications, decentralized teams, machine identities, and autonomous systems. The result is Identity Dark Matter...
EUVD-2026-20044
The MainWP Child Reports plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 2.2.6. This is due to a missing capability check in the heartbeatreceived function in the LiveUpdate class. This makes it possible for authenticated attackers, with...
CVE-2026-4299
The MainWP Child Reports plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 2.2.6. This is due to a missing capability check in the heartbeatreceived function in the LiveUpdate class. This makes it possible for authenticated attackers, with...
CVE-2026-4299 MainWP Child Reports <= 2.2.6 - Missing Authorization to Authenticated (Subscriber+) Information Disclosure via Heartbeat API
The MainWP Child Reports plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 2.2.6. This is due to a missing capability check in the heartbeatreceived function in the LiveUpdate class. This makes it possible for authenticated attackers, with...
CVE-2026-4299
CVE-2026-4299 concerns the WordPress plugin MainWP Child Reports (
PT-2026-31456
PraisonAI is a multi-agent teams system. Prior to 4.5.115, the A2U Agent-to-User event stream server in PraisonAI exposes all agent activity without authentication. The create a2u routes function registers the following endpoints with NO authentication checks: /a2u/info, /a2u/subscribe,...
WordPress plugin MainWP Child Reports 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
CVE-2026-35185
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to 25.0.0, the /server-status endpoint is publicly accessible and exposes sensitive information including authentication tokens usertoken, user activity, client IP addresses, and server configuration details. This allows a...
CVE-2026-35444
creationtimestamp| type| source ---|---|--- 2026-04-06 23:22:19+00:00| seen| Telegram/F-tbnQCu7KGoJ0u4OEM4TknejxA1jNnRqA-1uSHs9aPRtPw 2026-04-16 10:07:15+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mjm5zedicc2d...