CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

652 matches found

NVD•added 2026/05/08 2:16 p.m.•7 views

CVE-2026-41496

PraisonAI is a multi-agent teams system. Prior to praisonai version 4.6.9 and praisonaiagents version 1.6.9, the fix for CVE-2026-40315 added input validation to SQLiteConversationStore only. Nine sibling backends — MySQL, PostgreSQL, async SQLite/MySQL/PostgreSQL, Turso, SingleStore, Supabase,...

8.1CVSS0.00347EPSS

Exploits1References1

CVE•added 2026/05/08 1:33 p.m.•10 views

CVE-2026-44337

PraisionAI across versions 2.4.1–4.6.34 exposes optional SQL/CQL-backed knowledge-store backends that derive table and index identifiers from unvalidated collection names. This can enable SQL/CQL injection when applications pass untrusted collection names into these backends. The issue is fixed i...

6.3CVSS5.8AI score0.00216EPSS

Exploits1References1Affected Software1

Cvelist•added 2026/05/08 1:33 p.m.•30 views

CVE-2026-44337 PraisonAI knowledge-store backends interpolate unvalidated collection names into SQL and CQL queries

PraisonAI is a multi-agent teams system. From version 2.4.1 to before version 4.6.34, PraisonAI exposes optional SQL/CQL-backed knowledge-store implementations that build table and index identifiers from unvalidated name and collection arguments. Applications that pass untrusted collection names...

6.3CVSS0.00216EPSS

Exploits1References1

Cvelist•added 2026/05/08 1:19 p.m.•27 views

CVE-2026-41496 PraisonAI: SQL Injection via unvalidated `table_prefix` in 9 conversation store backends (incomplete fix for CVE-2026-40315)

8.1CVSS0.00347EPSS

Exploits1References1

CVE•added 2026/05/08 1:19 p.m.•8 views

CVE-2026-41496

CVE-2026-41496 affects PraisonAI’s multi‑agent system where 9 conversation backends (MySQL, PostgreSQL, async SQLite/MySQL/PostgreSQL, Turso, SingleStore, Supabase, SurrealDB) pass table_prefix directly into SQL, enabling unvalidated injection points (52 total). Root cause mirrors CVE-2026-40315 ...

8.1CVSS5.8AI score0.00347EPSS

Exploits1References1Affected Software2

Vulnrichment•added 2026/05/08 1:19 p.m.•6 views

CVE-2026-41496 PraisonAI: SQL Injection via unvalidated `table_prefix` in 9 conversation store backends (incomplete fix for CVE-2026-40315)

8.1CVSS5.8AI score0.00347EPSS

Exploits1References1

EUVD•added 2026/05/08 1:19 p.m.•9 views

EUVD-2026-28594

9.8CVSS5.8AI score0.00347EPSS

Exploits2References1

CNNVD•added 2026/05/08 12:0 a.m.•8 views

PraisonAI SQL注入漏洞

PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI prior to 4.6.9 contained an SQL injection vulnerability. This vulnerability stemmed from multiple backends passing table prefixes directly into f-string SQL statements, which could lead ...

8.1CVSS5.8AI score0.00347EPSS

Exploits1References1

Hacker One•added 2026/05/06 9:23 p.m.•23 views

curl: CURLOPT_PROXY_CRLFILE / CURLOPT_PROXY_ISSUERCERT / CURLOPT_PROXY_ISSUERCERT_BLOB silently ignored on backends that don't support them

From the Mythos report 2026-05-06 F1. CURLOPTPROXYCRLFILE / CURLOPTPROXYISSUERCERT / CURLOPTPROXYISSUERCERTBLOB silently ignored on backends that don't support them — severity Low https://github.com/curl/curl/blob/455bebc2c7/lib/setopt.cL1786-L1797...

6.5CVSS6.5AI score0.01299EPSS

Exploits3

OSV•added 2026/05/05 8:39 a.m.•3 views

BIT-APACHE-2026-33523 Apache HTTP Server: multiple modules: HTTP response splitting forwarding malicious status line

HTTP response splitting vulnerability in multiple Apache HTTP Server modules with untrusted or compromised backend servers. This issue affects Apache HTTP Server: from through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...

6.5CVSS5.8AI score0.00436EPSS

Exploits0References3

SUSE CVE•added 2026/05/05 1:45 a.m.•7 views

SUSE CVE-2026-33523

8.7CVSS5.8AI score0.00436EPSS

Exploits0References5

NVD•added 2026/05/04 3:16 p.m.•7 views

CVE-2026-33523

6.5CVSS0.00436EPSS

Exploits0References2

OSV•added 2026/05/04 3:16 p.m.•2 views

ALPINE-CVE-2026-33523

6.5CVSS5.8AI score0.00436EPSS

Exploits0References1

OSV•added 2026/05/04 3:16 p.m.•1 views

DEBIAN-CVE-2026-33523

6.5CVSS5.8AI score0.00436EPSS

Exploits0References1

ATTACKERKB•added 2026/05/04 2:40 p.m.•6 views

CVE-2026-33523

6.5CVSS5.8AI score0.00436EPSS

Exploits0References2Affected Software1

Cvelist•added 2026/05/04 2:40 p.m.•76 views

CVE-2026-33523 Apache HTTP Server: multiple modules: HTTP response splitting forwarding malicious status line

0.00436EPSS

Exploits0References1

Debian CVE•added 2026/05/04 2:40 p.m.•4 views

CVE-2026-33523

6.5CVSS5.8AI score0.00436EPSS

Exploits0

AlpineLinux•added 2026/05/04 2:40 p.m.•2 views

CVE-2026-33523

6.5CVSS5.8AI score0.00436EPSS

Exploits0

AstraLinux•added 2026/05/03 11:59 p.m.•4 views

Astra Linux – Vulnerability in sane-backends

A NULL pointer dereferencing in the saneiepsonnetread function in SANE backends before version 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, known as GHSL-2020-075...

5.5CVSS6.3AI score0.00497EPSS

Exploits1References1

AstraLinux•added 2026/05/03 11:59 p.m.•6 views

Astra Linux – Vulnerability in sane-backends

A out-of-bounds read in SANE backends before version 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, also known as GHSL-2020-081...

4.3CVSS6.1AI score0.01204EPSS

Exploits1References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by