Lucene search
K

2453 matches found

CNNVD
CNNVD
added 2026/04/07 12:0 a.m.8 views

PraisonAI 安全漏洞

PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI prior to 1.5.113 contained security vulnerabilities. These vulnerabilities were caused by a path traversal vulnerability in the Action Orchestrator function, which could allow attackers ...

10CVSS5.8AI score0.00312EPSS
Exploits1References1
Snyk
Snyk
added 2026/04/06 11:9 p.m.4 views

Directory Traversal

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

10CVSS6.3AI score0.00312EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/04/06 11:9 p.m.5 views

PraisonAI Vulnerable to Arbitrary File Write / Path Traversal in Action Orchestrator

The Action Orchestrator feature contains a Path Traversal vulnerability that allows an attacker or compromised agent to write to arbitrary files outside of the configured workspace directory. By supplying relative path segments ../ in the target path, malicious actions can overwrite sensitive...

10CVSS6.2AI score0.00312EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/04/06 11:9 p.m.20 views

GHSA-JFXC-V5G9-38XR PraisonAI Vulnerable to Arbitrary File Write / Path Traversal in Action Orchestrator

The Action Orchestrator feature contains a Path Traversal vulnerability that allows an attacker or compromised agent to write to arbitrary files outside of the configured workspace directory. By supplying relative path segments ../ in the target path, malicious actions can overwrite sensitive...

9CVSS6.2AI score0.00312EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/04/06 12:0 a.m.10 views

PT-2026-30764

Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 1.5.113 Description PraisonAI, a multi-agent teams system, contains a Path Traversal vulnerability in the Action Orchestrator feature. An attacker, or a compromised agent, can write to arbitrary files outside of the...

10CVSS6.2AI score0.00312EPSS
Exploits1References14
Vulnrichment
Vulnrichment
added 2026/04/02 5:26 p.m.2 views

CVE-2026-34590 Postiz: SSRF via Webhook Creation Endpoint Missing URL Safety Validation

Postiz is an AI social media scheduling tool. Prior to version 2.21.4, the POST /webhooks/ endpoint for creating webhooks uses WebhooksDto which validates the url field with only @IsUrl format check, missing the @IsSafeWebhookUrl validator that blocks internal/private network addresses. The updat...

5.4CVSS5.8AI score0.00226EPSS
Exploits1References3
HPE Security Bulletins
HPE Security Bulletins
added 2026/03/31 12:0 a.m.3 views

HPESBNW05033 rev.1 - HPE Telco Network Function Virtual Orchestrator, Improper Input Validation in the Undertow HTTP Server Core

Potential Security Impact: Local: Input Validation; Remote: Unauthorized Access, Input Validation SUPPORTED SOFTWARE VERSIONS: ONLY impacted versions are listed. HPE Telco Network Function Virtualization Orchestrator HPE Telco Network Function Virtualization Orchestrator v7.5.0 or below. CVSS...

9.6CVSS7AI score0.01179EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/27 2:23 p.m.9 views

CVE-2021-27940

resources/public/js/orchestrator.js in openark orchestrator before 3.2.4 allows XSS via the orchestrator-msg parameter...

6.1CVSS5.8AI score0.01245EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:13 p.m.4 views

CVE-2025-13213

IBM Aspera Orchestrator 3.0.0 through 4.1.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacki...

5.4CVSS5.7AI score0.00165EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:13 p.m.5 views

CVE-2025-13219

IBM Aspera Orchestrator 3.0.0 through 4.1.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history...

7.5CVSS5.8AI score0.00334EPSS
Exploits0References1
OSV
OSV
added 2026/03/24 10:21 p.m.9 views

MAL-2026-2146 Malicious code in databricks-clean-room-orchestrator (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 fbc98178bc405d7a11a93726ed2eb1919477f5fad01b06272d90615c87755663 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

6AI score
Exploits0References1
EUVD
EUVD
added 2026/03/10 9:32 p.m.6 views

EUVD-2025-208530

IBM Aspera Orchestrator 3.0.0 through 4.1.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacki...

5.4CVSS5.7AI score0.00165EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/10 9:32 p.m.6 views

EUVD-2025-208531

IBM Aspera Orchestrator 3.0.0 through 4.1.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacki...

5.4CVSS5.7AI score0.00165EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/10 9:32 p.m.5 views

EUVD-2025-208511

IBM Aspera Orchestrator 3.0.0 through 4.1.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history...

5.9CVSS5.8AI score0.00334EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/10 9:32 p.m.8 views

EUVD-2025-208510

IBM Aspera Orchestrator 3.0.0 through 4.1.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history...

5.9CVSS5.8AI score0.00334EPSS
Exploits0References2
NVD
NVD
added 2026/03/10 9:16 p.m.7 views

CVE-2025-13213

IBM Aspera Orchestrator 3.0.0 through 4.1.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacki...

5.4CVSS0.00165EPSS
Exploits0References1
OSV
OSV
added 2026/03/10 9:16 p.m.4 views

CVE-2025-13213

IBM Aspera Orchestrator 3.0.0 through 4.1.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacki...

5.4CVSS5.7AI score
Exploits0References1
NVD
NVD
added 2026/03/10 8:16 p.m.6 views

CVE-2025-13219

IBM Aspera Orchestrator 3.0.0 through 4.1.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history...

7.5CVSS0.00334EPSS
Exploits0References1
OSV
OSV
added 2026/03/10 8:16 p.m.6 views

CVE-2025-13219

IBM Aspera Orchestrator 3.0.0 through 4.1.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history...

7.5CVSS5.8AI score0.00334EPSS
Exploits0References1
CVE
CVE
added 2026/03/10 8:15 p.m.22 views

CVE-2025-13213

CVE-2025-13213 affects IBM Aspera Orchestrator versions 3.0.0–4.1.2. The root cause is improper validation of input in the HOST headers, enabling HTTP header injection that could lead to cross-site scripting, cache poisoning, or session hijacking. Remediation is available in IBM Aspera Orchestrat...

5.4CVSS5.7AI score0.00165EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder