Lucene search
K

127 matches found

NVD
NVD
added 4 days ago8 views

CVE-2026-21041

Improper access control in SamsungSEAgentService prior to SMR Jul-2026 Release 1 allows local attackers to access sensitive information...

6.9CVSS0.00105EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-42812

Improper access control in SamsungSEAgentService prior to SMR Jul-2026 Release 1 allows local attackers to access sensitive information...

6.9CVSS5.9AI score0.00105EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-21041

Improper access control in SamsungSEAgentService prior to SMR Jul-2026 Release 1 allows local attackers to access sensitive information...

6.9CVSS0.00105EPSS
Exploits0References1
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-462 PraisonAI Vulnerable to Remote Code Execution via YAML Deserialization in Agent Definition Loading

Summary The AgentService.loadAgentFromFile method uses the js-yaml library to parse YAML files without disabling dangerous tags such as !!js/function and !!js/undefined. This allows an attacker to craft a malicious YAML file that, when parsed, executes arbitrary JavaScript code. An attacker can...

9.8CVSS6.8AI score0.0058EPSS
Exploits0References6
SUSE Linux
SUSE Linux
added 2026/06/12 1:59 p.m.9 views

Security update for qemu

This update for qemu fixes the following issues: Security fixes: CVE-2026-2243: incorrect bounds check leads to heap out-of-bounds read and a 12-byte information leak when processing specially crafted VMDK files bsc1258509. CVE-2026-3842: hyperv/syndbg: missing mapped-length guard after...

5.1CVSS7AI score0.00114EPSS
Exploits1References10
Github Security Blog
Github Security Blog
added 2026/06/05 4:28 p.m.15 views

praisonai-platform: Agent endpoints accept any agent_id without workspace ownership check, cross-workspace read/update/delete IDOR

Summary Type: Insecure Direct Object Reference. The agent CRUD endpoints GET / PATCH / DELETE /workspaces/workspaceid/agents/agentid gate access on requireworkspacememberworkspaceid only, then resolve agentid through AgentService.getagentid which is a primary-key lookup with no workspace...

5.5AI score0.00043EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.16 views

PT-2026-47087

Summary Type: Insecure Direct Object Reference. The agent CRUD endpoints GET / PATCH / DELETE /workspaces/workspace id/agents/agent id gate access on require workspace memberworkspace id only, then resolve agent id through AgentService.getagent id which is a primary-key lookup with no workspace...

8.3CVSS5.5AI score0.00043EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/31 12:0 a.m.41 views

ManageEngine ADSelfService Plus < Build 6525 Authenticated RCE

According to its self-reported version, the ManageEngine ADSelfService Plus application running on the remote host is prior to build 6525. It is, therefore, affected by an authenticated remote code execution vulnerability. This vulnerability stems from improper access controls to the service used...

8.4CVSS6.5AI score0.01702EPSS
Exploits0References2
NVD
NVD
added 2026/05/27 8:16 p.m.21 views

CVE-2026-8364

Gladinet Triofox Cloud Server Agent Access Service GladServerAgentService.exe listens on TCP port 7878 and processes remote HTTP messages with URL paths starting with /resources, /status, /sysinfo, /woshome, /Settings, /schedule, or /DavCache...

9.8CVSS0.00305EPSS
Exploits0References1
NVD
NVD
added 2026/04/08 9:17 p.m.4 views

CVE-2026-39890

PraisonAI is a multi-agent teams system. Prior to 4.5.115, the AgentService.loadAgentFromFile method uses the js-yaml library to parse YAML files without disabling dangerous tags such as !!js/function and !!js/undefined. This allows an attacker to craft a malicious YAML file that, when parsed,...

9.8CVSS0.0058EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/08 8:45 p.m.22 views

CVE-2026-39890 PraisonAI Affected by Remote Code Execution via YAML Deserialization in Agent Definition Loading

PraisonAI is a multi-agent teams system. Prior to 4.5.115, the AgentService.loadAgentFromFile method uses the js-yaml library to parse YAML files without disabling dangerous tags such as !!js/function and !!js/undefined. This allows an attacker to craft a malicious YAML file that, when parsed,...

9.8CVSS0.0058EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/08 8:45 p.m.3 views

CVE-2026-39890 PraisonAI Affected by Remote Code Execution via YAML Deserialization in Agent Definition Loading

PraisonAI is a multi-agent teams system. Prior to 4.5.115, the AgentService.loadAgentFromFile method uses the js-yaml library to parse YAML files without disabling dangerous tags such as !!js/function and !!js/undefined. This allows an attacker to craft a malicious YAML file that, when parsed,...

9.8CVSS6.6AI score0.0058EPSS
Exploits0References1
CVE
CVE
added 2026/04/08 8:45 p.m.17 views

CVE-2026-39890

Prais onAI’s AgentService.loadAgentFromFile parses YAML with js-yaml without disabling dangerous tags (e.g., !!js/function, !!js/undefined), enabling attacker to upload a malicious agent definition and achieve remote code execution on the server. Affected software: PraisonAI (before 4.5.115). Roo...

9.8CVSS6.6AI score0.0058EPSS
Exploits0References1Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/08 7:17 p.m.5 views

PraisonAI Vulnerable to Remote Code Execution via YAML Deserialization in Agent Definition Loading

Summary The AgentService.loadAgentFromFile method uses the js-yaml library to parse YAML files without disabling dangerous tags such as !!js/function and !!js/undefined. This allows an attacker to craft a malicious YAML file that, when parsed, executes arbitrary JavaScript code. An attacker can...

9.8CVSS6.7AI score0.0058EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/04/08 11:24 a.m.9 views

EUVD-2026-20449

Dell PowerProtect Agent Service, versions prior to 20.1, contains an Incorrect Permission Assignment for Critical Resource vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure...

3.3CVSS5.9AI score0.0013EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/08 11:24 a.m.6 views

CVE-2026-28264

Dell PowerProtect Agent Service, versions prior to 20.1, contains an Incorrect Permission Assignment for Critical Resource vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure...

3.3CVSS5.9AI score0.0013EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/08 11:24 a.m.3 views

CVE-2026-28264

Dell PowerProtect Agent Service, versions prior to 20.1, contains an Incorrect Permission Assignment for Critical Resource vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure...

3.3CVSS5.9AI score0.0013EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/08 11:24 a.m.23 views

CVE-2026-28264

Dell PowerProtect Agent Service, versions prior to 20.1, contains an Incorrect Permission Assignment for Critical Resource vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure...

3.3CVSS0.0013EPSS
Exploits0References1
CVE
CVE
added 2026/04/08 11:24 a.m.24 views

CVE-2026-28264

Dell PowerProtect Agent Service (versions prior to 20.1) is affected by an Incorrect Permission Assignment for Critical Resource vulnerability. A low-privileged attacker with local access could trigger information exposure. Affected component: Dell PowerProtect Agent Service. Root cause: incorrec...

5.5CVSS5.9AI score0.0013EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.8 views

Dell PowerProtect Agent Service 安全漏洞

Dell PowerProtect Agent Service is a data protection agent service provided by the American company Dell. Versions of the Dell PowerProtect Agent Service prior to 20.1 contained security vulnerabilities. These vulnerabilities were due to improper allocation of permissions for critical resources,...

3.3CVSS5.8AI score0.0013EPSS
Exploits0References1
Rows per page
Query Builder