120932 matches found
CVE-2026-40288 PraisonAI: Critical RCE via `type: job` workflow YAML
PraisonAI is a multi-agent teams system. In versions below 4.5.139 of PraisonAI and 1.5.140 of praisonaiagents, the workflow engine is vulnerable to arbitrary command and code execution through untrusted YAML files. When praisonai workflow run loads a YAML file with type: job, the...
CVE-2026-40287
PraisonAI is a multi-agent teams system. Versions 4.5.138 and below are vulnerable to arbitrary code execution through automatic, unsanitized import of a tools.py file from the current working directory. Components including call.py importtoolsfromfile, toolresolver.py loadlocaltools, and CLI...
CVE-2026-40287 PraisonAI has RCE via Automatic tools.py Import
PraisonAI is a multi-agent teams system. Versions 4.5.138 and below are vulnerable to arbitrary code execution through automatic, unsanitized import of a tools.py file from the current working directory. Components including call.py importtoolsfromfile, toolresolver.py loadlocaltools, and CLI...
EUVD-2026-22207
PraisonAI is a multi-agent teams system. Versions 4.5.138 and below are vulnerable to arbitrary code execution through automatic, unsanitized import of a tools.py file from the current working directory. Components including call.py importtoolsfromfile, toolresolver.py loadlocaltools, and CLI...
CVE-2026-39424
MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, the chat export feature is vulnerable to Improper Neutralization of Formula Elements in a CSV File. When an administrator exports the application chat history to an Excel file .xlsx via the...
CVE-2026-39424
MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, the chat export feature is vulnerable to Improper Neutralization of Formula Elements in a CSV File. When an administrator exports the application chat history to an Excel file .xlsx via the...
CVE-2026-39424 MaxKB has CSV Injection in its Application Chat Export Functionality
MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, the chat export feature is vulnerable to Improper Neutralization of Formula Elements in a CSV File. When an administrator exports the application chat history to an Excel file .xlsx via the...
CVE-2026-39421 MaxKB: Sandbox escape via ctypes and unhooked SYS_pkey_mprotect
MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a sandbox escape vulnerability in the ToolExecutor component. By leveraging Python's ctypes library to execute raw system calls, an authenticated attacker with workspace privileges can bypass the LDPRELOAD-based...
CVE-2026-39421 MaxKB: Sandbox escape via ctypes and unhooked SYS_pkey_mprotect
MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a sandbox escape vulnerability in the ToolExecutor component. By leveraging Python's ctypes library to execute raw system calls, an authenticated attacker with workspace privileges can bypass the LDPRELOAD-based...
CVE-2026-6067
A flaw was found in Netwide Assembler NASM. This heap buffer overflow vulnerability, stemming from insufficient bounds checking, allows a user to execute arbitrary code by assembling a specially crafted malicious assembly .asm file. Successful exploitation can lead to unauthorized command...
CVE-2026-6069
A flaw was found in NASM. The disasm function contains a stack-based buffer overflow, a memory corruption vulnerability. A remote attacker can exploit this by providing specially crafted input, leading to an out-of-bounds write when the slen value exceeds the buffer capacity during disassembly...
PT-2026-32639
CVE-2026-37598 SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to arbitrary code execution RCE via /scheduler/classes/SystemSettings.php?f=update settings. https://t.co/fzop5JczL7...
PT-2026-32704
Name of the Vulnerable Software and Affected Versions Acrobat Reader versions prior to 26.001.21412 Description An Improperly Controlled Modification of Object Prototype Attributes, also known as Prototype Pollution, allows for arbitrary code execution in the context of the current user. This...
Adobe InCopy 缓冲区错误漏洞
Adobe InCopy is a text editing software for creative writing from the American company Audobee Adobe. Adobe InCopy suffers from an out-of-bounds write vulnerability that can be exploited by an attacker to execute arbitrary code on the system...
PT-2026-32894
Name of the Vulnerable Software and Affected Versions Terrarium affected versions not specified Description A sandbox escape allows arbitrary code execution with root privileges on a host process. This is achieved through JavaScript prototype chain traversal, which enables a full container escape...
Adobe Framemaker 代码问题漏洞
Adobe Framemaker is the United States of America Odooby Adobe company's set of page layout software for writing and editing large or complex documents including structured documents. An untrusted search path vulnerability exists in Adobe Framemaker, which could be exploited by an attacker to caus...
ROS-20260414-73-0059
Vulnerability in kernel-lt related to integer overflow. Exploitation of the vulnerability could allow an attacker to execute arbitrary code...
ROS-20260414-73-0019
Vulnerability in kernel-lt related to integer overflow. Exploitation of the vulnerability could allow an attacker to execute arbitrary code...
CVE-2026-37598
SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to arbitrary code execution RCE via /scheduler/classes/SystemSettings.php?f=updatesettings...
CVE-2026-37598
SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to arbitrary code execution RCE via /scheduler/classes/SystemSettings.php?f=updatesettings...