CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added yesterday•6 views

CVE-2026-56694

NanoClaw before 2.1.0 contains a privilege escalation vulnerability in the channel-registration approval flow where handleChannelApprovalResponse fails to validate admin privileges over target agent groups. Scoped admins can submit forged or stale connect callback values to wire messaging channel...

5.4CVSS

EUVD•added yesterday•5 views

EUVD-2026-38466

5.4CVSS5.9AI score

CVE•added yesterday•8 views

CVE-2026-56402

CVE-2026-56402 affects NanoClaw prior to 2.1.17. The issue is in handleApprovalsResponse where responder role authorization is not verified, allowing attackers with a valid questionId to approve or reject privileged actions (e.g., package installation) without proper role validation. The vulnerab...

7.1CVSS5.9AI score

Cvelist•added yesterday•28 views

CVE-2026-56402 NanoClaw < 2.1.17 - Privilege Escalation via Unverified Approval Response Handler

NanoClaw before 2.1.17 contains a privilege escalation vulnerability in the handleApprovalsResponse function that fails to verify responder role authorization. Attackers with a valid questionId can approve or reject privileged actions like package installation by submitting approval response...

7.1CVSS

EUVD•added 2 days ago•7 views

EUVD-2026-38233

A flaw was found in the Windows Machine Config Operator WMCO for Red Hat OpenShift Container Platform. The WICD CSR auto-approver validates that a Certificate Signing Request contains the organization system:wicd-nodes but does not reject additional organization values such as system:masters. A...

8.8CVSS5.8AI score0.00069EPSS

CVE•added 2 days ago•14 views

CVE-2025-66389

GitHub Copilot 1.372.0 is affected. The flaw allows filesystem access outside the workspace folder via a file-handler URI parameter to fetch_webpage, without user approval. This could enable exfiltration if an indirect prompt injection occurs. The CVSS 3.1 base score is 7.5 (HIGH) with network at...

7.5CVSS5.9AI score0.0036EPSS

EUVD•added 5 days ago•9 views

EUVD-2026-37959

PraisonAI before 4.5.128 contains an arbitrary shell command execution vulnerability where the UI modules hardcode approvalmode to auto, overriding administrator configuration from PRAISONAPPROVALMODE environment variable. Authenticated attackers can instruct the LLM agent to execute arbitrary...

8.8CVSS6AI score0.00476EPSS

EUVD•added 5 days ago•9 views

EUVD-2026-37958

PraisonAI before 1.5.128 caches tool approval decisions by tool name only, not by invocation arguments, allowing subsequent executecommand calls to bypass approval prompts. Attackers can exploit this by obtaining initial approval for a benign command, then silently exfiltrate API keys and...

6.8CVSS5.3AI score0.00116EPSS

NVD•added 6 days ago•11 views

CVE-2026-56074

6.8CVSS0.00116EPSS

NVD•added 6 days ago•11 views

CVE-2026-56075

8.8CVSS0.00476EPSS

Cvelist•added 6 days ago•19 views

CVE-2026-56075 PraisonAI - Arbitrary Shell Command Execution via Hardcoded Approval Mode Override

8.8CVSS0.00476EPSS

CVE•added 6 days ago•20 views

CVE-2026-56075

PrasionAI before 4.5.128 contains an arbitrary shell command execution vulnerability in which UI modules hardcode approval_mode to auto, overriding the PRAISON_APPROVAL_MODE environment variable. This allows authenticated attackers to instruct the LLM agent to run arbitrary commands via subproces...

8.8CVSS6AI score0.00476EPSS

CVE•added 6 days ago•14 views

CVE-2026-56074

PraxionAI before 1.5.128 caches tool approval decisions by tool name rather than invocation arguments, enabling bypass of approval prompts for subsequent execute_command calls. Attackers could obtain initial approval for a benign command and then exfiltrate API keys and credentials via later shel...

6.8CVSS5.3AI score0.00116EPSS

Positive Technologies•added 6 days ago•14 views

PT-2026-50805

Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 1.5.128 Description The software caches tool approval decisions based solely on the tool name rather than the invocation arguments. This allows subsequent calls to the execute command function to bypass approval...

6.8CVSS6AI score0.00116EPSS

Exploits0References6

Github Security Blog•added 2026/06/17 1:55 p.m.•9 views

Pi Agent: Pi loads project-local extensions without approval

Pi loads project-local extensions without approval Pi before 0.79.0 loaded project-local configuration and resources from a repository's .pi directory without first asking the user to trust that repository. This included project-local extensions, which are executable TypeScript or JavaScript...

4.4CVSS5.6AI score0.00013EPSS

Exploits0References8Affected Software1

NVD•added 2026/06/15 9:17 p.m.•7 views

CVE-2026-48124

Cursor is a code editor built for programming with AI. In versions prior to 3.0.0, the Cursor Desktop could execute workspace-defined Claude hook commands from .claude/settings.local.json without dedicated user approval. A malicious workspace or agent-created file could configure hooks that run...

8.5CVSS0.00144EPSS

NVD•added 2026/06/15 8:16 a.m.•10 views

CVE-2026-8385

The WP Go Maps WordPress plugin before 10.0.10 does not properly enforce the marker approval filter on the admin-ajax fallback for its datatables route, allowing unauthenticated visitors to retrieve marker records that the site owner has not approved for public display, including their title,...

5.3CVSS0.00192EPSS

EUVD•added 2026/06/15 6:0 a.m.•8 views

EUVD-2026-36697

5.3CVSS5.3AI score0.00192EPSS

Positive Technologies•added 2026/06/15 12:0 a.m.•8 views

PT-2026-49469

Name of the Vulnerable Software and Affected Versions Cursor versions prior to 3.0.0 Description Cursor Desktop allows the execution of workspace-defined Claude hook commands located in .claude/settings.local.json without requiring explicit user approval. A malicious workspace or a file created b...

8.5CVSS6.1AI score0.00144EPSS