CVE-2026-40112

PraisonAI is a multi-agent teams system. Prior to 4.5.128, the Flask API endpoint in src/praisonai/api.py renders agent output as HTML without effective sanitization. The sanitizehtml function relies on the nh3 library, which is not listed as a required or optional dependency in pyproject.toml...

EUVD-2021-26897

Malware in sbrugna...

EUVD-2022-6716

Malicious code in bioql PyPI...

Cybozu Garoon 安全漏洞

Cybozu Garoon is a portal-type OA office system from Cybozu Japan. The system provides portal, e-mail, bookmarks, scheduling, bulletin board, document management, and other functions. An information disclosure vulnerability exists in Cybozu Garoon, which originates from improperly restricting the...

JVN#28869536: Multiple vulnerabilities in Cybozu Garoon

Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. Improper handling of data in Mail CWE-231 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H Base Score 4.9 CVE-2024-31397 CyVDB-3167 Improper restriction on the output of some API CWE-201...

Get License, Hardware and Platform details from API call

Get the output of Hardware, platform and License via API...

ghas-to-csv vulnerable to Improper Neutralization of Formula Elements in a CSV File

Impact This GitHub Action creates a CSV file without sanitizing the output of the APIs. If an alert is dismissed or any other custom field contains executable code / formulas, it might be run when an endpoint opens that CSV file in a spreadsheet program. The data flow looks like this 👇🏻 mermaid...

Fedora 22 : mediawiki (2015-122a831a05)

T94116 SECURITY: Compare API watchlist token in constant time - T97391 SECURITY: Escape error message strings in thumb.php - T106893 SECURITY: Don't leak autoblocked IP addresses on Special:DeletedContributions - T102562 Fix InstantCommons parameters to handle the new HTTPS-only policy of...