Lucene search
K

672 matches found

EUVD
EUVD
added 2026/04/10 7:28 p.m.15 views

EUVD-2026-21158

PraisonAI Vulnerable to Server-Side Request Forgery via Unvalidated webhookurl in Jobs API...

7.2CVSS5.8AI score0.0028EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/04/03 10:54 p.m.6 views

CVE-2026-34954

PraisonAI is a multi-agent teams system. Prior to version 1.5.95, FileTools.downloadfile in praisonaiagents validates the destination path but performs no validation on the url parameter, passing it directly to httpx.stream with followredirects=True. An attacker who controls the URL can reach any...

8.6CVSS5.8AI score0.00405EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.14 views

Microsoft Bing 安全漏洞

Microsoft Bing is a web search engine developed by Microsoft Corporation in the United States. There is a security vulnerability in Microsoft Bing, which stems from a flaw in Microsoft’s cloud services. Attackers can exploit this vulnerability to gain higher privileges...

10CVSS5.8AI score0.00705EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/30 6:31 p.m.3 views

EUVD-2026-17121

CrewAI contains a server-side request forgery vulnerability that enables content acquisition from internal and cloud services, facilitated by the RAG search tools not properly validating URLs provided at runtime...

5.9AI score0.00467EPSS
Exploits0References2
NVD
NVD
added 2026/03/30 4:16 p.m.7 views

CVE-2026-2286

CrewAI contains a server-side request forgery vulnerability that enables content acquisition from internal and cloud services, facilitated by the RAG search tools not properly validating URLs provided at runtime...

9.8CVSS0.00467EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/30 3:51 p.m.1 views

CVE-2026-2286 CVE-2026-2286

CrewAI contains a server-side request forgery vulnerability that enables content acquisition from internal and cloud services, facilitated by the RAG search tools not properly validating URLs provided at runtime...

5.9AI score0.00467EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/30 3:51 p.m.1 views

CVE-2026-2286

CrewAI contains a server-side request forgery vulnerability that enables content acquisition from internal and cloud services, facilitated by the RAG search tools not properly validating URLs provided at runtime...

5.9AI score0.00467EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/30 12:0 a.m.10 views

PT-2026-29050

Name of the Vulnerable Software and Affected Versions CrewAI affected versions not specified Description CrewAI contains a server-side request forgery condition that allows for the acquisition of content from internal and cloud services. This is facilitated by Retrieval-Augmented Generation RAG...

9.8CVSS5.9AI score0.00467EPSS
Exploits0References6
vulnersOsv
vulnersOsv
added 2026/03/17 3:5 p.m.8 views

@ckeditor/ckeditor-cloud-services-collaboration (>=23.0.0 <=29.0.0), @ckeditor/ckeditor5-real-time-collaboration (>=29.1.0 <=33.0.0) +2 more potentially affected by CVE-2026-33151 via socket.io-parser (=3.4.1)

socket.io-parser NPM version =3.4.1 is affected by a known vulnerability. The following packages have a transitive dependency on socket.io-parser and may be impacted: - @ckeditor/ckeditor-cloud-services-collaboration =23.0.0, =29.1.0, =29.0.0, =1.5.3, =2.1.0 Source cves: CVE-2026-33151 Source...

8.7CVSS5.8AI score0.00514EPSS
Exploits0
Packet Storm News
Packet Storm News
added 2026/03/11 12:0 a.m.3 views

Microsoft Graph Cloud Intelligence Collector

The Microsoft Graph Cloud Intelligence Collector is a Metasploit Auxiliary module designed to interact with the Microsoft Graph API to gather information from Microsoft 365 and Microsoft Azure Active Directory environments. The module authenticates using the OAuth2 Client Credentials flow with a...

5.8AI score
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/02/10 4:0 p.m.8 views

Azure IoT Explorer Information Disclosure Vulnerability

Binding to an unrestricted ip address in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network...

6.5CVSS5.4AI score0.00512EPSS
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/20 12:0 a.m.5 views

A Survey of Security Challenges and Solutions for Advanced Air Mobility and EVTOL Aircraft

This survey reviews the existing and envisioned security vulnerabilities and defense mechanisms relevant to Advanced Air Mobility AAM systems, with a focus on electric vertical takeoff and landing eVTOL aircraft. Drawing from vulnerabilities in the avionics in commercial aviation and the automate...

5.6AI score
Exploits0
Trend Micro Simply Security
Trend Micro Simply Security
added 2026/01/12 12:0 a.m.6 views

Analyzing a Multi-Stage AsyncRAT Campaign via Managed Detection and Response

Threat actors exploited Cloudflare's free-tier infrastructure and legitimate Python environments to deploy the AsyncRAT remote access trojan, demonstrating advanced evasion techniques that abuse trusted cloud services for malicious operations...

7.1AI score
Exploits0
CNNVD
CNNVD
added 2025/12/02 12:0 a.m.5 views

SAMSUNG Cloud Assistant 安全漏洞

SAMSUNG Cloud Assistant is a component of Samsung South Korea that manages and coordinates data synchronization between devices and Samsung Cloud Services. A security vulnerability exists in SAMSUNG Cloud Assistant versions prior to 8.0.03.8, which stems from improperly set default permissions, a...

4CVSS6.3AI score0.00105EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2025/11/22 3:19 p.m.13 views

China-Linked APT31 Launches Stealthy Cyberattacks on Russian IT Using Cloud Services

The China-linked advanced persistent threat APT group known as APT31 has been attributed to cyber attacks targeting the Russian information technology IT sector between 2024 and 2025 while staying undetected for extended periods of time. "In the period from 2024 to 2025, the Russian IT sector,...

6.4AI score
Exploits0
hivepro
hivepro
added 2025/10/28 5:33 p.m.5 views

A Practical Guide to Attack Surface Intelligence Mapping

Think of your organization’s digital presence as a sprawling, ever-expanding city. New buildings servers go up, old ones are forgotten, and unofficial shortcuts shadow IT appear overnight. Trying to defend this city without a current map is impossible. You’re left reacting to alarms instead of...

7AI score
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2017-5922

Malware in sbrugna...

5.9CVSS6AI score0.00834EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2016-7297

Malware in sbrugna...

9.8CVSS7.7AI score0.03687EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-7278

Malware in sbrugna...

6.1CVSS6.3AI score0.00918EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2020-12772

Malware in sbrugna...

5.8CVSS5.1AI score0.00421EPSS
Exploits0References2
Rows per page
Query Builder