Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Github Security Blog
Github Security Blogadded 2026/05/29 10:29 p.m.23 views

PraisonAI CLI automatically resolves @url mentions in prompt text and can read loopback URLs into model context

Summary PraisonAI's direct-prompt CLI automatically expands @url: mentions in raw prompt text before agent execution begins. If a prompt contains @url:, the CLI calls MentionsParser.process.... The @url: handler then performs a direct urllib.request.urlopen request to the attacker-controlled URL...

5.9AI score0.00014EPSS
Exploits0References2Affected Software2
RedhatCVE
RedhatCVEadded 2026/05/08 12:6 p.m.6 views

CVE-2026-39858

A flaw was found in Traefik. A remote attacker can exploit an authentication bypass vulnerability by injecting spoofed trust context through unsanitized alias headers. This is due to Traefik's forwarded-header sanitization logic not properly handling alias header names that use underscores instea...

10CVSS5.7AI score0.00515EPSS
Exploits1References7
Veracode
Veracodeadded 2026/05/04 9:41 a.m.11 views

Improper Input Validation

org.apache.activemq, activemq-broker is vulnerable to Improper Input Validation. The vulnerability is due to insufficient validation in HTTP Discovery transport handling, which allows an authenticated attacker to bypass previous fixes and exploit broker configuration loading to execute arbitrary...

8.8CVSS7.7AI score0.87048EPSS
Exploits12References3Affected Software3
Packet Storm News
Packet Storm Newsadded 2026/05/04 12:0 a.m.6 views

Autonomous LLM Agent Worms: Cross-Platform Propagation, Automated Discovery and Temporal Re-Entry Defense

Autonomous LLM agents operate as long-running processes with persistent workspaces, memory files, scheduled task state, and messaging integrations. These features create a new propagation risk: attacker-influenced content can be written into persistent agent state, re-enter the LLM decision conte...

5.8AI score
Exploits0
Positive Technologies
Positive Technologiesadded 2023/05/30 12:0 a.m.3 views

PT-2023-24603 · Jstachio · Jstachio

Name of the Vulnerable Software and Affected Versions: JStachio versions prior to 1.0.1 Description: JStachio fails to escape single quotes ' in HTML, allowing an attacker to inject malicious code. This can be exploited to execute arbitrary JavaScript code in the context of other users visiting...

6.1CVSS6.4AI score0.00579EPSS
Exploits1References10
OSV
OSVadded 2021/05/12 4:23 p.m.4 views

DRUPAL-CONTRIB-2021-009

Chaos tool suite ctools module provides a number of APIs and extensions for Drupal, it's 8.x-3.x branch is a start from scratch to evaluate the features of ctools that didn't make it into Drupal Core 8.0.x and port them. The module doesn't sufficiently handle access control on its EntityView...

6.7AI score
Exploits0References1
CNVD
CNVDadded 2016/02/26 12:0 a.m.2 views

Apache Tomcat Security Manager Security Restriction Bypass Vulnerability

Apache Tomcat is a popular open source JSP application server program. Apache Tomcat Security Manager in the ResourceLinkFactory.setGlobalContext public method implementation of a security restriction bypass vulnerability, an attacker through a malicious web application to inject the global...

6.5CVSS7.9AI score0.11297EPSS
Exploits0References1
Rows per page
Query Builder