9 matches found
CVE-2026-41497
PraisonAI is a multi-agent teams system. Prior to version 4.6.9, the fix for PraisonAI's MCP command handling does not add a command allowlist or argument validation to parsemcpcommand, allowing arbitrary executables like bash, python, or /bin/sh with inline code execution flags to pass through t...
CVE-2026-41497 Incomplete fix for CVE-2026-34935: Command Injection in MervinPraison/PraisonAI
PraisonAI is a multi-agent teams system. Prior to version 4.6.9, the fix for PraisonAI's MCP command handling does not add a command allowlist or argument validation to parsemcpcommand, allowing arbitrary executables like bash, python, or /bin/sh with inline code execution flags to pass through t...
EUVD-2026-28595
PraisonAI is a multi-agent teams system. Prior to version 4.6.9, the fix for PraisonAI's MCP command handling does not add a command allowlist or argument validation to parsemcpcommand, allowing arbitrary executables like bash, python, or /bin/sh with inline code execution flags to pass through t...
WordPress Simple Membership plugin <= 4.6.9 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Andrea Bocchetti in WordPress Plugin Simple Membership versions = 4.6.9...
CVE-2025-53286
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jhainey Milevis Dropify wc-dropi-integration allows Reflected XSS.This issue affects Dropify: from n/a through = 4.7.2...
WordPress WP ULike plugin <= 4.6.9 - Authenticated (Contributor+) SQL Injection via Shortcodes vulnerability
Authenticated Contributor+ SQL Injection via Shortcodes vulnerability discovered by Bassem Essam in WordPress Plugin WP ULike versions = 4.6.9...
PT-2024-20624 · Unknown · Smartypants Sp Project & Document Manager
Name of the Vulnerable Software and Affected Versions: Smartypants SP Project & Document Manager versions 4.69 and earlier Description: The issue is related to an Improper Neutralization of Special Elements used in an SQL Command, also known as a SQL Injection vulnerability. This allows for...
VulnCheck KEV: CVE-2021-24370
The Fancy Product Designer WordPress plugin before 4.6.9 allows unauthenticated attackers to upload arbitrary files, resulting in remote code execution...
McAfee ePolicy Orchestrator Information Disclosure Vulnerability (CNVD-2015-00419)
McAfee ePolicy Orchestrator is a set of scalable security management software from the U.S. company McAfee McAfee. An information disclosure vulnerability exists in McAfee ePolicy Orchestrator versions prior to 4.6.9, and 5.x versions prior to 5.1.2, which allows an attacker to obtain the...