Lucene search
K

4 matches found

EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42661

Allwinner H616 TV Box TV98 has ADB enabled and exposed to the network on production. An attacker could request for ADB authorization and gain root level privileges if the victim allows access...

8.8CVSS6AI score0.00242EPSS
Exploits0References2
CVE
CVE
added 5 days ago41 views

CVE-2026-59726

Affected software: Ruflo, an agent meta-harness for Claude Code and Codex. Vulnerability: unauthenticated access to the MCP bridge endpoints POST /mcp and POST /mcp/:group in the default docker-compose deployment prior to version 3.16.3. Root cause / impact: unauthenticated network attacker could...

10CVSS6AI score0.00442EPSS
Exploits0References4
CVE
CVE
added 2026/05/13 5:40 p.m.29 views

CVE-2026-44005

The CVE-2026-44005 entry concerns vm2, a Node.js sandbox library. From versions 3.9.6 through 3.10.5, vm2’s bridge exposes mutable host-intrinsic prototypes and forwards sandbox writes into host objects, enabling attacker-controlled code inside a sandbox (default VM or inherited NodeVM) to mutate...

10CVSS6AI score0.00842EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/10 7:32 p.m.6 views

PraisonAI Browser Server allows unauthenticated WebSocket clients to hijack connected extension sessions

Summary praisonai browser start exposes the browser bridge on 0.0.0.0 by default, and its /ws endpoint accepts websocket clients that omit the Origin header entirely. An unauthenticated network client can connect as a fake controller, send startsession, cause the server to forward startautomation...

9.1CVSS6AI score0.00356EPSS
Exploits1References4Affected Software2
Rows per page
Query Builder