Lucene search
K

9 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:21 p.m.12 views

CVE-2026-41497

PraisonAI is a multi-agent teams system. Prior to version 4.6.9, the fix for PraisonAI's MCP command handling does not add a command allowlist or argument validation to parsemcpcommand, allowing arbitrary executables like bash, python, or /bin/sh with inline code execution flags to pass through t...

9.8CVSS6AI score0.00541EPSS
Exploits2References1
Cvelist
Cvelist
added 2026/05/08 1:23 p.m.30 views

CVE-2026-41497 Incomplete fix for CVE-2026-34935: Command Injection in MervinPraison/PraisonAI

PraisonAI is a multi-agent teams system. Prior to version 4.6.9, the fix for PraisonAI's MCP command handling does not add a command allowlist or argument validation to parsemcpcommand, allowing arbitrary executables like bash, python, or /bin/sh with inline code execution flags to pass through t...

9.8CVSS0.00541EPSS
Exploits2References2
EUVD
EUVD
added 2026/05/08 1:23 p.m.10 views

EUVD-2026-28595

PraisonAI is a multi-agent teams system. Prior to version 4.6.9, the fix for PraisonAI's MCP command handling does not add a command allowlist or argument validation to parsemcpcommand, allowing arbitrary executables like bash, python, or /bin/sh with inline code execution flags to pass through t...

9.8CVSS6.3AI score0.00541EPSS
Exploits2References2
Patchstack
Patchstack
added 2026/01/19 12:4 p.m.4 views

WordPress Simple Membership plugin <= 4.6.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Andrea Bocchetti in WordPress Plugin Simple Membership versions = 4.6.9...

4.3CVSS5.4AI score0.00185EPSS
Exploits0Affected Software1
NVD
NVD
added 2025/11/06 4:15 p.m.5 views

CVE-2025-53286

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jhainey Milevis Dropify wc-dropi-integration allows Reflected XSS.This issue affects Dropify: from n/a through = 4.7.2...

7.1CVSS0.00216EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/04/29 11:47 a.m.5 views

WordPress WP ULike plugin <= 4.6.9 - Authenticated (Contributor+) SQL Injection via Shortcodes vulnerability

Authenticated Contributor+ SQL Injection via Shortcodes vulnerability discovered by Bassem Essam in WordPress Plugin WP ULike versions = 4.6.9...

8.8CVSS8.1AI score0.0056EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/02/28 12:0 a.m.6 views

PT-2024-20624 · Unknown · Smartypants Sp Project & Document Manager

Name of the Vulnerable Software and Affected Versions: Smartypants SP Project & Document Manager versions 4.69 and earlier Description: The issue is related to an Improper Neutralization of Special Elements used in an SQL Command, also known as a SQL Injection vulnerability. This allows for...

8.8CVSS9AI score0.00544EPSS
Exploits0References5
VulnCheck KEV
VulnCheck KEV
added 2021/06/01 12:0 a.m.3 views

VulnCheck KEV: CVE-2021-24370

The Fancy Product Designer WordPress plugin before 4.6.9 allows unauthenticated attackers to upload arbitrary files, resulting in remote code execution...

9.8CVSS7.6AI score0.47091EPSS
Exploits2References1
CNVD
CNVD
added 2015/01/15 12:0 a.m.7 views

McAfee ePolicy Orchestrator Information Disclosure Vulnerability (CNVD-2015-00419)

McAfee ePolicy Orchestrator is a set of scalable security management software from the U.S. company McAfee McAfee. An information disclosure vulnerability exists in McAfee ePolicy Orchestrator versions prior to 4.6.9, and 5.x versions prior to 5.1.2, which allows an attacker to obtain the...

5CVSS6.3AI score0.13346EPSS
Exploits3References1
Rows per page
Query Builder