Lucene search
K

7 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/21 1:45 a.m.6 views

CVE-2026-40497

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, FreeScout's Helper::stripDangerousTags removes...

8.1CVSS5.8AI score0.00243EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/08 8:45 p.m.3 views

CVE-2026-39890 PraisonAI Affected by Remote Code Execution via YAML Deserialization in Agent Definition Loading

PraisonAI is a multi-agent teams system. Prior to 4.5.115, the AgentService.loadAgentFromFile method uses the js-yaml library to parse YAML files without disabling dangerous tags such as !!js/function and !!js/undefined. This allows an attacker to craft a malicious YAML file that, when parsed,...

9.8CVSS6.6AI score0.0058EPSS
Exploits0References1
OSV
OSV
added 2026/04/08 7:17 p.m.6 views

GHSA-32VR-5GCF-3PW2 PraisonAI Vulnerable to Remote Code Execution via YAML Deserialization in Agent Definition Loading

Summary The AgentService.loadAgentFromFile method uses the js-yaml library to parse YAML files without disabling dangerous tags such as !!js/function and !!js/undefined. This allows an attacker to craft a malicious YAML file that, when parsed, executes arbitrary JavaScript code. An attacker can...

9.8CVSS6.7AI score0.0058EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.8 views

PraisonAI 代码问题漏洞

PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI prior to 4.5.115 contained code vulnerabilities; these vulnerabilities stemmed from YAML parsing without disabling dangerous tags, which could lead to remote code execution...

9.8CVSS6.2AI score0.0058EPSS
Exploits0References1
CVE
CVE
added 2025/11/21 8:28 a.m.16 views

CVE-2025-13141

CVE-2025-13141 affects the WordPress plugin HT Mega – Absolute Addons For Elementor. The vulnerability is a Stored Cross-Site Scripting in all versions up to 3.0.0, caused by insufficient validation of user-supplied HTML tag names in Gutenberg blocks and the lack of a tag-name whitelist, allowing...

6.4CVSS4.6AI score0.00186EPSS
Exploits0References2
NVD
NVD
added 2004/07/27 4:0 a.m.18 views

CVE-2004-0595

The striptags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null \0 characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and...

6.8CVSS5.4AI score0.45159EPSS
Exploits3References18
Cvelist
Cvelist
added 2004/07/16 4:0 a.m.19 views

CVE-2004-0595

The striptags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null \0 characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and...

5.3AI score0.45159EPSS
Exploits3References18
Rows per page
Query Builder