42 matches found
CVE-2026-3820
There is a vulnerability in the Supermicro BMC SMTP service at Supermicro AS-2115HS-TNR. An attacker may obtain administrator privileges and inject specially crafted characters into the SMTP service configuration. This may cause the underlying system to execute unintended commands during process...
OS Command Injection
dolibarr/dolibarr is vulnerable to OS Command Injection. The vulnerability is due to improper validation and escaping of the MAINODTASPDF configuration input before passing it to the exec function, which allows an attacker to execute arbitrary operating system commands...
CVE-2026-40315
PraisonAI is a multi-agent teams system. Prior to 4.5.133, there is an SQL identifier injection vulnerability in SQLiteConversationStore where the tableprefix configuration value is directly concatenated into SQL queries via f-strings without any validation or sanitization. Since SQL identifiers...
CVE-2026-40315 PraisonAI: SQLiteConversationStore didn't validate table_prefix when constructing SQL queries
PraisonAI is a multi-agent teams system. Prior to 4.5.133, there is an SQL identifier injection vulnerability in SQLiteConversationStore where the tableprefix configuration value is directly concatenated into SQL queries via f-strings without any validation or sanitization. Since SQL identifiers...
EUVD-2026-22215
PraisonAI is a multi-agent teams system. Prior to 4.5.133, there is an SQL identifier injection vulnerability in SQLiteConversationStore where the tableprefix configuration value is directly concatenated into SQL queries via f-strings without any validation or sanitization. Since SQL identifiers...
CVE-2026-40315
PraisonAI is a multi-agent teams system. Prior to 4.5.133, there is an SQL identifier injection vulnerability in SQLiteConversationStore where the tableprefix configuration value is directly concatenated into SQL queries via f-strings without any validation or sanitization. Since SQL identifiers...
GHSA-X783-XP3G-MQHP PraisonAI: SQLiteConversationStore didn't validate table_prefix when constructing SQL queries
Summary The tableprefix configuration value is directly used to construct SQL table identifiers without validation. If an attacker controls this value, they can manipulate SQL query structure, leading to unauthorized data access e.g., reading internal SQLite tables such as sqlitemaster and...
PraisonAI: SQLiteConversationStore didn't validate table_prefix when constructing SQL queries
Summary The tableprefix configuration value is directly used to construct SQL table identifiers without validation. If an attacker controls this value, they can manipulate SQL query structure, leading to unauthorized data access e.g., reading internal SQLite tables such as sqlitemaster and...
PT-2026-32596
Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 4.5.133 Description An SQL identifier injection exists in SQLiteConversationStore where the table prefix configuration value is directly concatenated into SQL queries using f-strings without validation or...
CVE-2026-34122
Affected product: TP-Link Tapo C520WS (firmware v2.6). Vulnerability: stack-based buffer overflow in the configuration handling component due to insufficient input validation, triggered by an excessively long configuration parameter value. Impact: Denial of Service (service crash or device reboot...
Cross-site Scripting (XSS)
Overview ci4-cms-erp/ci4ms is a composer create-project ci4-cms-erp/ci4ms Affected versions of this package are vulnerable to Cross-site Scripting XSS via unsanitized input in the Social Media Management configuration fields. An attacker can execute arbitrary JavaScript in the browser context of ...
CVE-2018-25224
PMS 0.42 contains a stack-based buffer overflow vulnerability that allows local unauthenticated attackers to execute arbitrary code by supplying malicious values in the configuration file. Attackers can craft configuration files with oversized input that overflows the stack buffer and execute she...
CVE-2025-13078
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to cause a denial of service due to excessive resource consumption when processing certain webhook configurati...
Advisory ROSA-SA-2026-3255
software: ffmpeg 4.4.6 OS: ROSA-CHROME unaffected versions = ffmpeg-4.4.6-3 affected versions ffmpeg-4.4.6-3 CVE-ID: CVE-2025-10256 BDU-ID: 2025-11446 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the configinput function of the FFmpeg multimedia library is related to pointer dereferencing...
ROS-20260310-73-0024
Vulnerability in beats related to incorrect input of configuration data. The vulnerability can be exploited remotely...
CVE-2025-33246
NVIDIA NeMo Framework for all platforms contains a vulnerability in the ASR Evaluator utility, where a user could cause a command injection by supplying crafted input to a configuration parameter. A successful exploit of this vulnerability might lead to code execution, escalation of privileges,...
NETGEAR Orbi 安全漏洞
NETGEAR Orbi is a distributed WiFi system from NETGEAR. A security vulnerability exists in the NETGEAR Orbi that stems from insufficient input validation of the DHCPv6 feature, which could lead to OS command injection...
ROS-20251219-7305
Vulnerability in mongodb-org related to incorrect input of configuration data. The vulnerability can be exploited remotely...
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.04 / 25.10 : CUPS vulnerability (USN-7897-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.04 / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-7897-1 advisory. It was discovered that CUPS incorrectly handled input from users in the web configuration settings...
Prototype Pollution
Overview org.webjars.npm:rollbar is an Effortlessly track and debug errors in your JavaScript applications with Rollbar. This package includes advanced error tracking features and an intuitive interface to help you identify and fix issues more quickly. Affected versions of this package are...