Lucene search
K

71 matches found

Tenable Nessus
Tenable Nessus
added 2026/04/23 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-41176

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rclone is a command-line program to sync files and directories to and from different cloud storage providers. The RC endpoint options/set is exposed without...

9.8CVSS6.2AI score0.34734EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.8 views

PT-2026-34253

Vulnerability in Spring Spring Security. If an application is using securityMatchersString and a PathPatternRequestMatcher.Builder bean to prepend a servlet path, matching requests to that filter chain may fail and its related security components will not be exercised as intended by the...

7.5CVSS5.8AI score0.00248EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/13 7:23 p.m.4 views

CVE-2026-40115

PraisonAI is a multi-agent teams system. Prior to 4.5.128, the WSGI-based recipe registry server server.py reads the entire HTTP request body into memory based on the client-supplied Content-Length header with no upper bound. Combined with authentication being disabled by default no token...

7.5CVSS5.8AI score0.00334EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/10 7:23 p.m.6 views

EUVD-2026-21160

PraisonAI has Unrestricted Upload Size in WSGI Recipe Registry Server that Enables Memory Exhaustion DoS...

6.2CVSS5.8AI score0.00334EPSS
Exploits1References3
OSV
OSV
added 2026/04/10 7:23 p.m.4 views

GHSA-2XGV-5CV2-47VV PraisonAI has Unrestricted Upload Size in WSGI Recipe Registry Server that Enables Memory Exhaustion DoS

Summary The WSGI-based recipe registry server server.py reads the entire HTTP request body into memory based on the client-supplied Content-Length header with no upper bound. Combined with authentication being disabled by default no token configured, any local process can send arbitrarily large...

6.2CVSS5.8AI score0.00334EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/04/10 7:23 p.m.10 views

PraisonAI has Unrestricted Upload Size in WSGI Recipe Registry Server that Enables Memory Exhaustion DoS

Summary The WSGI-based recipe registry server server.py reads the entire HTTP request body into memory based on the client-supplied Content-Length header with no upper bound. Combined with authentication being disabled by default no token configured, any local process can send arbitrarily large...

7.5CVSS5.8AI score0.00334EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2026/04/09 10:16 p.m.6 views

CVE-2026-40115

PraisonAI is a multi-agent teams system. Prior to 4.5.128, the WSGI-based recipe registry server server.py reads the entire HTTP request body into memory based on the client-supplied Content-Length header with no upper bound. Combined with authentication being disabled by default no token...

7.5CVSS0.00334EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/09 9:19 p.m.3 views

CVE-2026-40115

PraisonAI is a multi-agent teams system. Prior to 4.5.128, the WSGI-based recipe registry server server.py reads the entire HTTP request body into memory based on the client-supplied Content-Length header with no upper bound. Combined with authentication being disabled by default no token...

6.2CVSS6AI score0.00334EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/09 9:19 p.m.3 views

CVE-2026-40115 PraisonAI has an Unrestricted Upload Size in WSGI Recipe Registry Server Enables Memory Exhaustion DoS

PraisonAI is a multi-agent teams system. Prior to 4.5.128, the WSGI-based recipe registry server server.py reads the entire HTTP request body into memory based on the client-supplied Content-Length header with no upper bound. Combined with authentication being disabled by default no token...

6.2CVSS5.8AI score0.00334EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/09 9:19 p.m.22 views

CVE-2026-40115 PraisonAI has an Unrestricted Upload Size in WSGI Recipe Registry Server Enables Memory Exhaustion DoS

PraisonAI is a multi-agent teams system. Prior to 4.5.128, the WSGI-based recipe registry server server.py reads the entire HTTP request body into memory based on the client-supplied Content-Length header with no upper bound. Combined with authentication being disabled by default no token...

6.2CVSS0.00334EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.10 views

PraisonAI 安全漏洞

PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI prior to 4.5.128 contained security vulnerabilities. These vulnerabilities stemmed from the WSGI server not setting an upper limit when reading HTTP request bodies and disabling...

7.5CVSS5.8AI score0.00334EPSS
Exploits1References2
OSV
OSV
added 2026/03/30 5:0 p.m.17 views

GHSA-7P93-6934-F4Q7 Glances Vulnerable to Cross-Origin System Information Disclosure via XML-RPC Server CORS Wildcard

Summary The Glances XML-RPC server activated with glances -s or glances --server sends Access-Control-Allow-Origin: on every HTTP response. Because the XML-RPC handler does not validate the Content-Type header, an attacker-controlled webpage can issue a CORS "simple request" POST with Content-Typ...

7.1CVSS6AI score0.00409EPSS
Exploits1References5
OSV
OSV
added 2026/03/25 9:8 p.m.4 views

CVE-2026-30975 Sonarr Authentication Bypass vulnerability

Sonarr is a PVR for Usenet and BitTorrent users. Versions prior to 4.0.16.2942 have an authentication bypass that affected users that had disabled authentication for local addresses Authentication Required set to: Disabled for Local Addresses without a reverse proxy running in front of Sonarr tha...

8.1CVSS5.9AI score0.00466EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/12 8:6 p.m.3 views

CVE-2026-3611 Honeywell IQ4x BMS Controller Missing authentication for critical function

The Honeywell IQ4x building management controller, exposes its full web-based HMI without authentication in its factory-default configuration. With no user module configured, security is disabled by design and the system operates under a System Guest level 100 context, granting read/write...

10CVSS5.9AI score0.05585EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/03/12 4:36 p.m.6 views

ZeptoClaw: Generic webhook channel trusts caller-supplied identity fields; allowlist is checked against untrusted payload data

Summary The generic webhook channel trusts caller-supplied identity fields sender, chatid from the request body and applies authorization checks to those untrusted values. Because authentication is optional and defaults to disabled authtoken: None, an attacker who can reach POST /webhook can spoo...

8.2CVSS6AI score0.00184EPSS
Exploits1References6Affected Software1
CNNVD
CNNVD
added 2026/03/12 12:0 a.m.9 views

ZeptoClaw 数据伪造问题漏洞

ZeptoClaw is a lightweight personal AI assistant developed by qhkm’s individual developer. Versions of ZeptoClaw prior to 0.7.6 had a data manipulation vulnerability. This vulnerability stems from the use of identity fields provided by trusted callers, with authentication being disabled by defaul...

8.2CVSS5.7AI score0.00184EPSS
Exploits1References4
EUVD
EUVD
added 2026/03/11 3:31 p.m.4 views

EUVD-2026-11172

In JetBrains Hub before 2026.1 possible on sign-in account mismatch with non-SSO auth and 2FA disabled...

6.8CVSS5.8AI score0.0017EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/21 7:29 p.m.6 views

CVE-2026-25715

The web management interface of the device allows the administrator username and password to be set to blank values. Once applied, the device permits authentication with empty credentials over the web management interface and Telnet service. This effectively disables authentication across all...

9.8CVSS5.6AI score0.0057EPSS
Exploits0References1
Snyk
Snyk
added 2026/02/19 10:4 p.m.3 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the POST /api/v2/dag-runs endpoint, which accepts and executes inline YAML specifications without authentication in the default configuration. An attacker can execute arbitrary commands o...

9.8CVSS6.2AI score
Exploits0References3
NVD
NVD
added 2026/02/19 7:17 a.m.6 views

CVE-2025-13864

The Breeze - WordPress Cache Plugin plugin for WordPress is vulnerable to unauthorized cache clearing in all versions up to, and including, 2.2.21. This is due to the REST API endpoint /wp-json/breeze/v1/clear-all-cache being registered with permissioncallback = 'returntrue' and authentication...

5.3CVSS0.00353EPSS
Exploits0References5
Rows per page
Query Builder