Lucene search
K

8 matches found

CVE
CVE
added 2026/07/03 8:54 p.m.33 views

CVE-2026-58424

Technical details about CVE-2026-58424 are not publicly available in the provided documents. No product, vector, or impact specifics are included. Monitor for updates in official advisories.

8.9CVSS5.9AI score0.00201EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.11 views

PT-2026-55657

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A flaw exists that allows for a permanent fork pull request workflow approval gate bypass. This issue enables an attacker to circumvent the required approval...

8.9CVSS6AI score0.00201EPSS
Exploits0References13
OSV
OSV
added 2026/06/19 3:12 p.m.13 views

GHSA-JV2H-4P9V-WF5W ouroboros-ai: Incomplete fix of CVE-2026-47211: untrusted project .env can still reach RCE via omitted execution-routing keys

Impact The CVE-2026-47211 fix 0.39.0 added UNTRUSTEDENVDENYLIST to stop an untrusted project-directory .env from redirecting execution. The denylist was incomplete — several execution-routing keys of the same RCE class were omitted, so a malicious cloned repo can still reach arbitrary command...

8.6CVSS6.1AI score
Exploits0References2
OSV
OSV
added 2026/04/10 7:23 p.m.3 views

GHSA-GRRG-5CG9-58PF PraisonAIAgents: Arbitrary File Read via read_skill_file Missing Workspace Boundary and Approval Gate

Summary readskillfile in skilltools.py allows reading arbitrary files from the filesystem by accepting an unrestricted skillpath parameter. Unlike filetools.readfile which enforces workspace boundary confinement, and unlike runskillscript which requires critical-level approval, readskillfile has...

6.2CVSS5.9AI score0.00234EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/04/10 7:23 p.m.4 views

PraisonAIAgents: Arbitrary File Read via read_skill_file Missing Workspace Boundary and Approval Gate

Summary readskillfile in skilltools.py allows reading arbitrary files from the filesystem by accepting an unrestricted skillpath parameter. Unlike filetools.readfile which enforces workspace boundary confinement, and unlike runskillscript which requires critical-level approval, readskillfile has...

7.5CVSS5.9AI score0.00234EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/09 9:21 p.m.1 views

CVE-2026-40117 PraisonAIAgents Affected by Arbitrary File Read via read_skill_file Missing Workspace Boundary and Approval Gate

PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, readskillfile in skilltools.py allows reading arbitrary files from the filesystem by accepting an unrestricted skillpath parameter. Unlike filetools.readfile which enforces workspace boundary confinement, and unlike runskillscript...

6.2CVSS5.9AI score0.00234EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/09 9:21 p.m.20 views

CVE-2026-40117 PraisonAIAgents Affected by Arbitrary File Read via read_skill_file Missing Workspace Boundary and Approval Gate

PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, readskillfile in skilltools.py allows reading arbitrary files from the filesystem by accepting an unrestricted skillpath parameter. Unlike filetools.readfile which enforces workspace boundary confinement, and unlike runskillscript...

6.2CVSS0.00234EPSS
Exploits1References1
CVE
CVE
added 2026/04/09 9:21 p.m.9 views

CVE-2026-40117

CVE-2026-40117 concerns PraisonAIAgents, a multi-agent system. Before version 1.5.128, read_skill_file() in skill_tools.py allowed reading arbitrary filesystem files by accepting an unrestricted skill_path, lacking both workspace confinement and an approval gate. This enables potential data exfil...

7.5CVSS6AI score0.00234EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder