119 matches found
ManageEngine ADSelfService Plus < Build 6525 Authenticated RCE
According to its self-reported version, the ManageEngine ADSelfService Plus application running on the remote host is prior to build 6525. It is, therefore, affected by an authenticated remote code execution vulnerability. This vulnerability stems from improper access controls to the service used...
CVE-2026-8364
Gladinet Triofox Cloud Server Agent Access Service GladServerAgentService.exe listens on TCP port 7878 and processes remote HTTP messages with URL paths starting with /resources, /status, /sysinfo, /woshome, /Settings, /schedule, or /DavCache...
CVE-2026-39890
PraisonAI is a multi-agent teams system. Prior to 4.5.115, the AgentService.loadAgentFromFile method uses the js-yaml library to parse YAML files without disabling dangerous tags such as !!js/function and !!js/undefined. This allows an attacker to craft a malicious YAML file that, when parsed,...
CVE-2026-39890 PraisonAI Affected by Remote Code Execution via YAML Deserialization in Agent Definition Loading
PraisonAI is a multi-agent teams system. Prior to 4.5.115, the AgentService.loadAgentFromFile method uses the js-yaml library to parse YAML files without disabling dangerous tags such as !!js/function and !!js/undefined. This allows an attacker to craft a malicious YAML file that, when parsed,...
CVE-2026-39890
Prais onAI’s AgentService.loadAgentFromFile parses YAML with js-yaml without disabling dangerous tags (e.g., !!js/function, !!js/undefined), enabling attacker to upload a malicious agent definition and achieve remote code execution on the server. Affected software: PraisonAI (before 4.5.115). Roo...
CVE-2026-39890 PraisonAI Affected by Remote Code Execution via YAML Deserialization in Agent Definition Loading
PraisonAI is a multi-agent teams system. Prior to 4.5.115, the AgentService.loadAgentFromFile method uses the js-yaml library to parse YAML files without disabling dangerous tags such as !!js/function and !!js/undefined. This allows an attacker to craft a malicious YAML file that, when parsed,...
PraisonAI Vulnerable to Remote Code Execution via YAML Deserialization in Agent Definition Loading
Summary The AgentService.loadAgentFromFile method uses the js-yaml library to parse YAML files without disabling dangerous tags such as !!js/function and !!js/undefined. This allows an attacker to craft a malicious YAML file that, when parsed, executes arbitrary JavaScript code. An attacker can...
CVE-2026-28264
Dell PowerProtect Agent Service (versions prior to 20.1) is affected by an Incorrect Permission Assignment for Critical Resource vulnerability. A low-privileged attacker with local access could trigger information exposure. Affected component: Dell PowerProtect Agent Service. Root cause: incorrec...
CVE-2026-28264
Dell PowerProtect Agent Service, versions prior to 20.1, contains an Incorrect Permission Assignment for Critical Resource vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure...
CVE-2026-28264
Dell PowerProtect Agent Service, versions prior to 20.1, contains an Incorrect Permission Assignment for Critical Resource vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure...
EUVD-2026-20449
Dell PowerProtect Agent Service, versions prior to 20.1, contains an Incorrect Permission Assignment for Critical Resource vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure...
CVE-2026-28264
Dell PowerProtect Agent Service, versions prior to 20.1, contains an Incorrect Permission Assignment for Critical Resource vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure...
Dell PowerProtect Agent Service 安全漏洞
Dell PowerProtect Agent Service is a data protection agent service provided by the American company Dell. Versions of the Dell PowerProtect Agent Service prior to 20.1 contained security vulnerabilities. These vulnerabilities were due to improper allocation of permissions for critical resources,...
Improper Access Control
github.com/tencent/weknora is vulnerable to Improper access control. The vulnerability is due to insufficient backend validation on the database query tool after enabling the Agent service, which allows an attacker to use prompt-based bypass techniques to evade query restrictions and extract...
SUSE CVE-2026-22687
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.5, after WeKnora enables the Agent service, it allows users to call the database query tool. Due to insufficient backend validation, an attacker can use prompt-based bypass...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection via insufficient backend validation in the Agent service's database query tool. An attacker can access sensitive information from the server and database by using prompt-based bypass techniques to evade query restrictions...
CVE-2026-22687 WeKnora vulnerable to SQL Injection
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.5, after WeKnora enables the Agent service, it allows users to call the database query tool. Due to insufficient backend validation, an attacker can use prompt‑based bypass...
CVE-2026-22687 WeKnora vulnerable to SQL Injection
WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.5, after WeKnora enables the Agent service, it allows users to call the database query tool. Due to insufficient backend validation, an attacker can use prompt‑based bypass...
CVE-2024-39708
An issue was discovered in the Agent in Delinea Privilege Manager formerly Thycotic Privilege Manager before 12.0.1096 on Windows. Sometimes, a non-administrator user can copy a crafted DLL file to a temporary directory used by .NET Shadow Copies such that privilege escalation can occur if the co...
PT-2026-2241
Name of the Vulnerable Software and Affected Versions WeKnora versions prior to 0.2.5 Description WeKnora is a framework designed for document understanding and semantic retrieval. Prior to version 0.2.5, when the Agent service is enabled, insufficient backend validation allows attackers to bypas...