672 matches found
EUVD-2026-21158
PraisonAI Vulnerable to Server-Side Request Forgery via Unvalidated webhookurl in Jobs API...
CVE-2026-34954
PraisonAI is a multi-agent teams system. Prior to version 1.5.95, FileTools.downloadfile in praisonaiagents validates the destination path but performs no validation on the url parameter, passing it directly to httpx.stream with followredirects=True. An attacker who controls the URL can reach any...
Microsoft Bing 安全漏洞
Microsoft Bing is a web search engine developed by Microsoft Corporation in the United States. There is a security vulnerability in Microsoft Bing, which stems from a flaw in Microsoft’s cloud services. Attackers can exploit this vulnerability to gain higher privileges...
EUVD-2026-17121
CrewAI contains a server-side request forgery vulnerability that enables content acquisition from internal and cloud services, facilitated by the RAG search tools not properly validating URLs provided at runtime...
CVE-2026-2286
CrewAI contains a server-side request forgery vulnerability that enables content acquisition from internal and cloud services, facilitated by the RAG search tools not properly validating URLs provided at runtime...
CVE-2026-2286 CVE-2026-2286
CrewAI contains a server-side request forgery vulnerability that enables content acquisition from internal and cloud services, facilitated by the RAG search tools not properly validating URLs provided at runtime...
CVE-2026-2286
CrewAI contains a server-side request forgery vulnerability that enables content acquisition from internal and cloud services, facilitated by the RAG search tools not properly validating URLs provided at runtime...
PT-2026-29050
Name of the Vulnerable Software and Affected Versions CrewAI affected versions not specified Description CrewAI contains a server-side request forgery condition that allows for the acquisition of content from internal and cloud services. This is facilitated by Retrieval-Augmented Generation RAG...
@ckeditor/ckeditor-cloud-services-collaboration (>=23.0.0 <=29.0.0), @ckeditor/ckeditor5-real-time-collaboration (>=29.1.0 <=33.0.0) +2 more potentially affected by CVE-2026-33151 via socket.io-parser (=3.4.1)
socket.io-parser NPM version =3.4.1 is affected by a known vulnerability. The following packages have a transitive dependency on socket.io-parser and may be impacted: - @ckeditor/ckeditor-cloud-services-collaboration =23.0.0, =29.1.0, =29.0.0, =1.5.3, =2.1.0 Source cves: CVE-2026-33151 Source...
Microsoft Graph Cloud Intelligence Collector
The Microsoft Graph Cloud Intelligence Collector is a Metasploit Auxiliary module designed to interact with the Microsoft Graph API to gather information from Microsoft 365 and Microsoft Azure Active Directory environments. The module authenticates using the OAuth2 Client Credentials flow with a...
Azure IoT Explorer Information Disclosure Vulnerability
Binding to an unrestricted ip address in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network...
A Survey of Security Challenges and Solutions for Advanced Air Mobility and EVTOL Aircraft
This survey reviews the existing and envisioned security vulnerabilities and defense mechanisms relevant to Advanced Air Mobility AAM systems, with a focus on electric vertical takeoff and landing eVTOL aircraft. Drawing from vulnerabilities in the avionics in commercial aviation and the automate...
Analyzing a Multi-Stage AsyncRAT Campaign via Managed Detection and Response
Threat actors exploited Cloudflare's free-tier infrastructure and legitimate Python environments to deploy the AsyncRAT remote access trojan, demonstrating advanced evasion techniques that abuse trusted cloud services for malicious operations...
SAMSUNG Cloud Assistant 安全漏洞
SAMSUNG Cloud Assistant is a component of Samsung South Korea that manages and coordinates data synchronization between devices and Samsung Cloud Services. A security vulnerability exists in SAMSUNG Cloud Assistant versions prior to 8.0.03.8, which stems from improperly set default permissions, a...
China-Linked APT31 Launches Stealthy Cyberattacks on Russian IT Using Cloud Services
The China-linked advanced persistent threat APT group known as APT31 has been attributed to cyber attacks targeting the Russian information technology IT sector between 2024 and 2025 while staying undetected for extended periods of time. "In the period from 2024 to 2025, the Russian IT sector,...
A Practical Guide to Attack Surface Intelligence Mapping
Think of your organization’s digital presence as a sprawling, ever-expanding city. New buildings servers go up, old ones are forgotten, and unofficial shortcuts shadow IT appear overnight. Trying to defend this city without a current map is impossible. You’re left reacting to alarms instead of...
EUVD-2017-5922
Malware in sbrugna...
EUVD-2016-7297
Malware in sbrugna...
EUVD-2018-7278
Malware in sbrugna...
EUVD-2020-12772
Malware in sbrugna...