446903 matches found
CVE-2026-40455
An SQL Injection vulnerability exists in LMS LAN Management System before commit 4cb30a7 within the "tarifflist.php" module due to insufficient sanitization of the POST "tg" parameter. The application directly concatenates user-supplied array values into an SQL query using "implode", allowing...
GHSA-P75F-6FP4-P57W PraisonAI: Missing Authentication for Critical Function and Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in praisonai
Unauthenticated PraisonAI UI MCP connect endpoint executes attacker-chosen local commands Summary PraisonAI v4.6.48 exposes the PraisonAIUI MCP client management API through the default UI host apps without authentication. A remote unauthenticated client can send POST /api/mcp/connect with a...
PraisonAI: Missing Authentication for Critical Function and Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in praisonai
Unauthenticated PraisonAI UI MCP connect endpoint executes attacker-chosen local commands Summary PraisonAI v4.6.48 exposes the PraisonAIUI MCP client management API through the default UI host apps without authentication. A remote unauthenticated client can send POST /api/mcp/connect with a...
GHSA-FQ2M-6WQH-X44G PraisonAI: Jobs API exposes agent-execution endpoints with no authentication
praisonai: Jobs API exposes agent-execution endpoints with no authentication Researcher: Kai Aizen — SnailSploit @SnailSploit, Adversarial & Offensive Security Research Target: https://github.com/MervinPraison/PraisonAI --- Package: praisonai on PyPI Affected version empirically tested: 4.6.48...
PraisonAI: Jobs API exposes agent-execution endpoints with no authentication
praisonai: Jobs API exposes agent-execution endpoints with no authentication Researcher: Kai Aizen — SnailSploit @SnailSploit, Adversarial & Offensive Security Research Target: https://github.com/MervinPraison/PraisonAI --- Package: praisonai on PyPI Affected version empirically tested: 4.6.48...
PraisonAI: Arbitrary File Read via `@file:` Mention Path Traversal
Summary The MentionsParser in src/praisonai-agents/praisonaiagents/tools/mentions.py processes @file: mentions in agent prompts by reading arbitrary files from the filesystem. When a file path is not found relative to the workspace, the parser falls back to using the path as an absolute path...
GHSA-2RCG-MM5H-XCHX PraisonAI: Arbitrary File Read via `@file:` Mention Path Traversal
Summary The MentionsParser in src/praisonai-agents/praisonaiagents/tools/mentions.py processes @file: mentions in agent prompts by reading arbitrary files from the filesystem. When a file path is not found relative to the workspace, the parser falls back to using the path as an absolute path...
praisonai: recipe serve auth middleware silently disables itself when no secret is set
praisonai: recipe serve authentication middleware silently disables itself when no secret is set Researcher: Kai Aizen — SnailSploit @SnailSploit, Adversarial & Offensive Security Research Target: https://github.com/MervinPraison/PraisonAI --- Package: praisonai on PyPI Version tested: 4.6.48...
GHSA-J4HJ-7HFH-G2F4 praisonai: recipe serve auth middleware silently disables itself when no secret is set
praisonai: recipe serve authentication middleware silently disables itself when no secret is set Researcher: Kai Aizen — SnailSploit @SnailSploit, Adversarial & Offensive Security Research Target: https://github.com/MervinPraison/PraisonAI --- Package: praisonai on PyPI Version tested: 4.6.48...
PraisonAI dynamic-context artifact tools read arbitrary host files outside artifact storage
PraisonAI dynamic-context artifact tools read arbitrary host files outside artifact storage Summary PraisonAI's Dynamic Context Discovery feature exposes artifact helper tools through ctx.gettools: python ctx = setupdynamiccontext agent = Agent instructions="You are a data analyst.",...
GHSA-J7QX-P75M-WP7G PraisonAI dynamic-context artifact tools read arbitrary host files outside artifact storage
PraisonAI dynamic-context artifact tools read arbitrary host files outside artifact storage Summary PraisonAI's Dynamic Context Discovery feature exposes artifact helper tools through ctx.gettools: python ctx = setupdynamiccontext agent = Agent instructions="You are a data analyst.",...
GHSA-G5H5-M4HM-XJRR ZITADEL: Missing Token Audience Validation (`aud`) in JWT IdP Provider
Summary An authentication bypass vulnerability was discovered in ZITADEL's external JWT Identity Provider IdP implementation. When validating JSON Web Tokens JWTs from an external provider, ZITADEL properly checks the token's cryptographic signature and issuer iss, but it fails to validate the...
ZITADEL: Missing Token Audience Validation (`aud`) in JWT IdP Provider
Summary An authentication bypass vulnerability was discovered in ZITADEL's external JWT Identity Provider IdP implementation. When validating JSON Web Tokens JWTs from an external provider, ZITADEL properly checks the token's cryptographic signature and issuer iss, but it fails to validate the...
ZITADEL: Missing Token Lifecyle Validation (`exp` and `iat`) in JWT IdP Provider
Summary Two closely related token lifecycle validation vulnerabilities were discovered in ZITADEL's external JWT Identity Provider IdP implementation. Specifically, within the validation pipeline: Missing Expiration exp Enforcement: If an incoming JWT omits the exp claim entirely, the expiration...
GHSA-WXG7-W2V3-W38G ZITADEL: Missing Token Lifecyle Validation (`exp` and `iat`) in JWT IdP Provider
Summary Two closely related token lifecycle validation vulnerabilities were discovered in ZITADEL's external JWT Identity Provider IdP implementation. Specifically, within the validation pipeline: Missing Expiration exp Enforcement: If an incoming JWT omits the exp claim entirely, the expiration...
GHSA-XQXV-4JC2-X56X ZITADEL: Missing client_id binding in OIDC authorization code exchange and refresh token flows (RFC 6749 Section 4.1.3 violation)
Summary Zitadel's OAuth2 / OIDC CodeExchange and RefreshToken implementations omit a critical validation step to ensure that the requesting client matches the client that originally initiated the authorization flow. This violates RFC 6749 Section 4.1.3, which mandates that the authorization serve...
ZITADEL: Missing client_id binding in OIDC authorization code exchange and refresh token flows (RFC 6749 Section 4.1.3 violation)
Summary Zitadel's OAuth2 / OIDC CodeExchange and RefreshToken implementations omit a critical validation step to ensure that the requesting client matches the client that originally initiated the authorization flow. This violates RFC 6749 Section 4.1.3, which mandates that the authorization serve...
CVE-2026-42488 x86: mismatched mapcache metadata
Some shadow paging errors paths will switch the page-tables without updating the currently running vCPU reference. This causes a mismatch between the loaded page-tables and the mapcache metadata which can lead to corruption of the mapcache...
CVE-2026-42488 x86: mismatched mapcache metadata
Some shadow paging errors paths will switch the page-tables without updating the currently running vCPU reference. This causes a mismatch between the loaded page-tables and the mapcache metadata which can lead to corruption of the mapcache...
CVE-2026-42488
CVE-2026-42488 concerns the Xen hypervisor. Some shadow paging error paths can switch page-tables without updating the running vCPU reference, causing a mismatch between loaded page-tables and mapcache metadata and potentially leading to mapcache corruption. Affected products/versions are implied...