7 matches found
CVE-2026-40497
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, FreeScout's Helper::stripDangerousTags removes...
CVE-2026-39890 PraisonAI Affected by Remote Code Execution via YAML Deserialization in Agent Definition Loading
PraisonAI is a multi-agent teams system. Prior to 4.5.115, the AgentService.loadAgentFromFile method uses the js-yaml library to parse YAML files without disabling dangerous tags such as !!js/function and !!js/undefined. This allows an attacker to craft a malicious YAML file that, when parsed,...
GHSA-32VR-5GCF-3PW2 PraisonAI Vulnerable to Remote Code Execution via YAML Deserialization in Agent Definition Loading
Summary The AgentService.loadAgentFromFile method uses the js-yaml library to parse YAML files without disabling dangerous tags such as !!js/function and !!js/undefined. This allows an attacker to craft a malicious YAML file that, when parsed, executes arbitrary JavaScript code. An attacker can...
PraisonAI 代码问题漏洞
PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI prior to 4.5.115 contained code vulnerabilities; these vulnerabilities stemmed from YAML parsing without disabling dangerous tags, which could lead to remote code execution...
CVE-2025-13141
CVE-2025-13141 affects the WordPress plugin HT Mega – Absolute Addons For Elementor. The vulnerability is a Stored Cross-Site Scripting in all versions up to 3.0.0, caused by insufficient validation of user-supplied HTML tag names in Gutenberg blocks and the lack of a tag-name whitelist, allowing...
CVE-2004-0595
The striptags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null \0 characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and...
CVE-2004-0595
The striptags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null \0 characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and...