SUSE CVE-2026-49127

Music Player Daemon MPD before version 0.24.11 contains a stack buffer overflow vulnerability in the pcmunpack24be function in src/pcm/Pack.cxx that allows unauthenticated attackers to corrupt stack memory by triggering an off-by-one write in the PCM decoder plugin. Attackers can issue two MPD...

SUSE CVE-2026-49130

Music Player Daemon MPD before version 0.24.11 contains a CRLF injection vulnerability in the xspfchardata function within the XSPF playlist plugin that allows attackers to embed literal CR/LF bytes in URI fields by supplying a malicious XSPF playlist with XML numeric character references...

Exploit for CVE-2026-8732

CVE-2026-8732 — WP Maps Pro ≤ 6.1.0 ♡ Unauthenticated Privil...

Malicious npm packages abuse dependency confusion to profile developer environments

In this article 1. Attack chain overview 2. Threat actor attribution 3. Mitigation and protection guidance 4. Indicators of Compromise IOC 5. References 6. Learn more Microsoft Threat Intelligence has uncovered an active supply chain attack involving malicious npm packages registered under...

PT-2026-45076

A vulnerability has been found in sambitraj STUDENT-MANAGEMENT-SYSTEM 1.0. Affected is an unknown function of the component Dashboard Page. The manipulation of the argument Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the...

PT-2026-45074

A vulnerability was detected in code-projects Student Details Management System 1.0. This affects an unknown function of the file /index.php. Performing a manipulation of the argument roll results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and m...

PT-2026-45075

Name of the Vulnerable Software and Affected Versions sambitraj STUDENT-MANAGEMENT-SYSTEM version 1.0 Description A remote SQL injection exists within the Login Page component. This occurs when the email argument is manipulated, allowing an attacker to interfere with the database queries...

PT-2026-45093

A security flaw has been discovered in Open5GS up to 2.7.7. This vulnerability affects the function ogs sbi xact add in the library /lib/core/ogs-timer.c of the component ue-authentications Endpoint. Performing a manipulation results in denial of service. The attack may be initiated remotely. The...

PT-2026-45094

A weakness has been identified in Open5GS up to 2.7.7. This issue affects the function ogs pool id calloc in the library /lib/sbi/nghttp2-server.c. Executing a manipulation can lead to denial of service. The attack may be launched remotely. The exploit has been made available to the public and...

PT-2026-45091

A vulnerability was determined in Open5GS up to 2.7.7. Affected by this issue is the function handle scp info in the library lib/sbi/nnrf-handler.c of the component Shared NF-profile Parser. This manipulation causes out-of-bounds write. The attack can be initiated remotely. The exploit has been...

PraisonAI's unauthenticated A2A official example can reach real LLM-driven `eval()` tool execution

Summary The first-party PraisonAI A2A server example combines three behaviors into a remotely exploitable Critical chain: 1. The example exposes an A2A server without configuring authtoken. 2. The same example binds the server to 0.0.0.0. 3. The example registers a calculateexpression tool...

GHSA-VG22-4GMJ-PRXW PraisonAI's unauthenticated A2A official example can reach real LLM-driven `eval()` tool execution

Summary The first-party PraisonAI A2A server example combines three behaviors into a remotely exploitable Critical chain: 1. The example exposes an A2A server without configuring authtoken. 2. The same example binds the server to 0.0.0.0. 3. The example registers a calculateexpression tool...

PraisonAI vulnerable to sandbox escape via `print.__self__` builtins module leak in `execute_code` (subprocess mode)

Summary executecode in praisonaiagents/tools/pythontools.py v1.6.37, subprocess sandbox mode can be fully bypassed using print.self to retrieve the real Python builtins module, from which import can be extracted via vars and runtime string construction. This achieves arbitrary OS command executio...

GHSA-4MR5-G6F9-CFRH PraisonAI vulnerable to sandbox escape via `print.__self__` builtins module leak in `execute_code` (subprocess mode)

Summary executecode in praisonaiagents/tools/pythontools.py v1.6.37, subprocess sandbox mode can be fully bypassed using print.self to retrieve the real Python builtins module, from which import can be extracted via vars and runtime string construction. This achieves arbitrary OS command executio...

PraisonAI spider_tools SSRF protection bypass via alternate loopback host encodings

Summary PraisonAI's spidertools URL validation can be bypassed using alternate loopback host encodings. The affected component is: text praisonaiagents/tools/spidertools.py The tool contains a URL validation function intended to block local or unsafe targets before fetching attacker-controlled...

GHSA-5C6W-WWFQ-7QQM PraisonAI spider_tools SSRF protection bypass via alternate loopback host encodings

Summary PraisonAI's spidertools URL validation can be bypassed using alternate loopback host encodings. The affected component is: text praisonaiagents/tools/spidertools.py The tool contains a URL validation function intended to block local or unsafe targets before fetching attacker-controlled...

PraisonAI: Arbitrary code execution via unguarded `spec.loader.exec_module` in `agents_generator.py` - sibling of CVE-2026-44334

Arbitrary code execution via ungated spec.loader.execmodule in agentsgenerator.py v4.6.32 chokepoint refactor bypass Summary The v4.6.32 chokepoint refactor which patched CVE-2026-44334 / GHSA-xcmw-grxf-wjhj added the PRAISONAIALLOWLOCALTOOLS env-var gate to the tooloverride.py sinks. However, tw...

GHSA-78R8-WWQV-R299 PraisonAI: Arbitrary code execution via unguarded `spec.loader.exec_module` in `agents_generator.py` - sibling of CVE-2026-44334

Arbitrary code execution via ungated spec.loader.execmodule in agentsgenerator.py v4.6.32 chokepoint refactor bypass Summary The v4.6.32 chokepoint refactor which patched CVE-2026-44334 / GHSA-xcmw-grxf-wjhj added the PRAISONAIALLOWLOCALTOOLS env-var gate to the tooloverride.py sinks. However, tw...

Admidio: Any logged-in user can delete inventory fields via `mode=field_delete` — incomplete fix of #2024

Summary Commit d37ca6b27b9674238e58491cf7ba292e66898f15 "Delete item not check admin rights 2024", 2026-04-12 added a missing isAdministratorInventory gate to case 'itemdelete': in modules/inventory.php. The same fix was not applied to the sibling case 'fielddelete': handler, which destroys an...

GHSA-XW54-C3MX-9PM3 Admidio: Any logged-in user can delete inventory fields via `mode=field_delete` — incomplete fix of #2024

Summary Commit d37ca6b27b9674238e58491cf7ba292e66898f15 "Delete item not check admin rights 2024", 2026-04-12 added a missing isAdministratorInventory gate to case 'itemdelete': in modules/inventory.php. The same fix was not applied to the sibling case 'fielddelete': handler, which destroys an...