Lucene search
K

120932 matches found

Vulnrichment
Vulnrichment
added 2026/04/14 3:0 a.m.5 views

CVE-2026-40288 PraisonAI: Critical RCE via `type: job` workflow YAML

PraisonAI is a multi-agent teams system. In versions below 4.5.139 of PraisonAI and 1.5.140 of praisonaiagents, the workflow engine is vulnerable to arbitrary command and code execution through untrusted YAML files. When praisonai workflow run loads a YAML file with type: job, the...

9.8CVSS6.4AI score0.00609EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/14 2:55 a.m.2 views

CVE-2026-40287

PraisonAI is a multi-agent teams system. Versions 4.5.138 and below are vulnerable to arbitrary code execution through automatic, unsanitized import of a tools.py file from the current working directory. Components including call.py importtoolsfromfile, toolresolver.py loadlocaltools, and CLI...

8.4CVSS6.4AI score0.00246EPSS
Exploits1References2Affected Software2
Vulnrichment
Vulnrichment
added 2026/04/14 2:55 a.m.4 views

CVE-2026-40287 PraisonAI has RCE via Automatic tools.py Import

PraisonAI is a multi-agent teams system. Versions 4.5.138 and below are vulnerable to arbitrary code execution through automatic, unsanitized import of a tools.py file from the current working directory. Components including call.py importtoolsfromfile, toolresolver.py loadlocaltools, and CLI...

8.4CVSS6.4AI score0.00246EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/14 2:55 a.m.6 views

EUVD-2026-22207

PraisonAI is a multi-agent teams system. Versions 4.5.138 and below are vulnerable to arbitrary code execution through automatic, unsanitized import of a tools.py file from the current working directory. Components including call.py importtoolsfromfile, toolresolver.py loadlocaltools, and CLI...

8.4CVSS6.4AI score0.00246EPSS
Exploits1References1
NVD
NVD
added 2026/04/14 1:16 a.m.8 views

CVE-2026-39424

MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, the chat export feature is vulnerable to Improper Neutralization of Formula Elements in a CSV File. When an administrator exports the application chat history to an Excel file .xlsx via the...

5.3CVSS0.00368EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/14 12:56 a.m.6 views

CVE-2026-39424

MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, the chat export feature is vulnerable to Improper Neutralization of Formula Elements in a CSV File. When an administrator exports the application chat history to an Excel file .xlsx via the...

8.8CVSS5.8AI score0.00532EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/14 12:56 a.m.6 views

CVE-2026-39424 MaxKB has CSV Injection in its Application Chat Export Functionality

MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, the chat export feature is vulnerable to Improper Neutralization of Formula Elements in a CSV File. When an administrator exports the application chat history to an Excel file .xlsx via the...

5.3CVSS5.8AI score0.00368EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/14 12:17 a.m.3 views

CVE-2026-39421 MaxKB: Sandbox escape via ctypes and unhooked SYS_pkey_mprotect

MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a sandbox escape vulnerability in the ToolExecutor component. By leveraging Python's ctypes library to execute raw system calls, an authenticated attacker with workspace privileges can bypass the LDPRELOAD-based...

6.3CVSS6.5AI score0.00264EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/14 12:17 a.m.29 views

CVE-2026-39421 MaxKB: Sandbox escape via ctypes and unhooked SYS_pkey_mprotect

MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a sandbox escape vulnerability in the ToolExecutor component. By leveraging Python's ctypes library to execute raw system calls, an authenticated attacker with workspace privileges can bypass the LDPRELOAD-based...

6.3CVSS0.00264EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/04/14 12:7 a.m.9 views

CVE-2026-6067

A flaw was found in Netwide Assembler NASM. This heap buffer overflow vulnerability, stemming from insufficient bounds checking, allows a user to execute arbitrary code by assembling a specially crafted malicious assembly .asm file. Successful exploitation can lead to unauthorized command...

7.5CVSS6.3AI score0.00357EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/04/14 12:7 a.m.6 views

CVE-2026-6069

A flaw was found in NASM. The disasm function contains a stack-based buffer overflow, a memory corruption vulnerability. A remote attacker can exploit this by providing specially crafted input, leading to an out-of-bounds write when the slen value exceeds the buffer capacity during disassembly...

9.4CVSS6.3AI score0.00443EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.5 views

PT-2026-32639

CVE-2026-37598 SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to arbitrary code execution RCE via /scheduler/classes/SystemSettings.php?f=update settings. https://t.co/fzop5JczL7...

2.7CVSS6.4AI score0.00239EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.5 views

PT-2026-32704

Name of the Vulnerable Software and Affected Versions Acrobat Reader versions prior to 26.001.21412 Description An Improperly Controlled Modification of Object Prototype Attributes, also known as Prototype Pollution, allows for arbitrary code execution in the context of the current user. This...

8.6CVSS6.4AI score0.00419EPSS
Exploits1References13
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.10 views

Adobe InCopy 缓冲区错误漏洞

Adobe InCopy is a text editing software for creative writing from the American company Audobee Adobe. Adobe InCopy suffers from an out-of-bounds write vulnerability that can be exploited by an attacker to execute arbitrary code on the system...

7.8CVSS6.2AI score0.00138EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.5 views

PT-2026-32894

Name of the Vulnerable Software and Affected Versions Terrarium affected versions not specified Description A sandbox escape allows arbitrary code execution with root privileges on a host process. This is achieved through JavaScript prototype chain traversal, which enables a full container escape...

9.3CVSS6.6AI score0.00209EPSS
Exploits0References21
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.7 views

Adobe Framemaker 代码问题漏洞

Adobe Framemaker is the United States of America Odooby Adobe company's set of page layout software for writing and editing large or complex documents including structured documents. An untrusted search path vulnerability exists in Adobe Framemaker, which could be exploited by an attacker to caus...

8.6CVSS6AI score0.00173EPSS
Exploits0References1
Redos
Redos
added 2026/04/14 12:0 a.m.4 views

ROS-20260414-73-0059

Vulnerability in kernel-lt related to integer overflow. Exploitation of the vulnerability could allow an attacker to execute arbitrary code...

5.5CVSS6.2AI score0.00134EPSS
Exploits0
Redos
Redos
added 2026/04/14 12:0 a.m.6 views

ROS-20260414-73-0019

Vulnerability in kernel-lt related to integer overflow. Exploitation of the vulnerability could allow an attacker to execute arbitrary code...

5.5CVSS6.2AI score0.00147EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/04/14 12:0 a.m.3 views

CVE-2026-37598

SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to arbitrary code execution RCE via /scheduler/classes/SystemSettings.php?f=updatesettings...

6.3AI score0.00239EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/14 12:0 a.m.25 views

CVE-2026-37598

SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to arbitrary code execution RCE via /scheduler/classes/SystemSettings.php?f=updatesettings...

0.00239EPSS
Exploits0References1
Rows per page
Query Builder