Lucene search
K

675 matches found

Positive Technologies
Positive Technologies
added 4 days ago7 views

PT-2026-57552

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.1.0 Description The enterprise passport authentication middleware in packages/server/src/enterprise/middleware/passport/index.ts uses weak hardcoded default secrets and values for audience and issuer. When the...

9.8CVSS6.1AI score0.00376EPSS
Exploits0References8
NVD
NVD
added 5 days ago6 views

CVE-2026-61426

PraisonAI before 1.7.3 contains an insecure default configuration that binds to all interfaces with no API key requirement and wildcard CORS. Unauthenticated attackers can call GET /api/agents to read agent instructions and system prompts, or POST /api/chat to invoke agents without authentication...

8.8CVSS0.00322EPSS
Exploits0References2
CVE
CVE
added 5 days ago20 views

CVE-2026-61426

PrasionAI prior to 1.7.3 uses insecure defaults: it binds to all interfaces with no API key and permissive CORS, allowing unauthenticated access. Attacks can read agent instructions/system prompts via GET /api/agents or invoke /api/chat via POST without auth. No explicit remediation details are p...

8.8CVSS6.1AI score0.00322EPSS
Exploits0References2
EUVD
EUVD
added 5 days ago8 views

EUVD-2026-43176

PraisonAI before 1.7.3 contains an insecure default configuration that binds to all interfaces with no API key requirement and wildcard CORS. Unauthenticated attackers can call GET /api/agents to read agent instructions and system prompts, or POST /api/chat to invoke agents without authentication...

8.8CVSS6.1AI score0.00322EPSS
Exploits0References2
NVD
NVD
added 6 days ago8 views

CVE-2026-60089

PraisonAI pip package praisonaiagents before 1.6.78 automatically loads defaults from a project-local .praisonai/config.toml when constructing an Agent, and does not validate the defaults.output.outputfile path. A repository-controlled config file can set outputfile to an absolute or '..' travers...

6.9CVSS0.00141EPSS
Exploits0References3
OSV
OSV
added 6 days ago2 views

CVE-2026-60089 PraisonAI before 1.6.78 Path Traversal via config.toml

PraisonAI pip package praisonaiagents before 1.6.78 automatically loads defaults from a project-local .praisonai/config.toml when constructing an Agent, and does not validate the defaults.output.outputfile path. A repository-controlled config file can set outputfile to an absolute or '..' travers...

6.9CVSS6.1AI score0.00141EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added last week6 views

CVE-2026-55605

DeepSeek MCP Server is an MCP server for DeepSeek V4. Starting in version 1.4.2 and prior to version 1.8.0, the self-hosted HTTP transport of @arikusi/deepseek-mcp-server exposes POST /mcp without any authentication: createMcpExpressApp is called without an authProvider and no middleware guards t...

5.3CVSS5.9AI score0.00429EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.11 views

PT-2026-53972

Name of the Vulnerable Software and Affected Versions coturn versions prior to 4.13.0 Description An authenticated TURN client can bypass the default loopback guard by using the IPv4-mapped IPv6 peer address ::ffff:127.0.0.1 within a TURN XOR-PEER-ADDRESS attribute. This occurs because the ioa ad...

7.4CVSS6.1AI score0.00287EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.12 views

Oracle Linux 9 : firefox (ELSA-2026-20574)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-20574 advisory. 140.12.0-1.0.1 - Fix firefox-oracle-default-prefs.js for new nss Orabug: 37079773 - Add firefox-oracle-default-prefs.js and remove the corresponding R...

9.8CVSS7.2AI score0.00446EPSS
Exploits0References4
Oracle linux
Oracle linux
added 2026/06/29 12:0 a.m.4 views

firefox security update

140.12.0-1.0.1 - Fix firefox-oracle-default-prefs.js for new nss Orabug: 37079773 - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file 140.12.0 - Add debranding patches Mustafa Gezen - Add OpenELA default preferences Louis Abel 140.12.0-1 - Update to 140.12.0 ESR...

9.6CVSS6.1AI score0.00375EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.5 views

Oracle Linux 9 : firefox (ELSA-2026-27734)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-27734 advisory. 140.12.0-1.0.1 - Fix firefox-oracle-default-prefs.js for new nss Orabug: 37079773 - Add firefox-oracle-default-prefs.js and remove the corresponding R...

9.6CVSS6.1AI score0.00476EPSS
Exploits0References30
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.5 views

Oracle Linux 8 : firefox (ELSA-2026-27717)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2026-27717 advisory. 140.12.0-1.0.1 - Fix firefox-oracle-default-prefs.js for new nss Orabug: 37079789 - diable wasisdk to prevent build failure with newer llvm 140.12.0 -...

9.6CVSS6.1AI score0.00476EPSS
Exploits0References30
CVE
CVE
added 2026/06/17 7:13 a.m.18 views

CVE-2026-0082

CVE-2026-0082 affects the Android framework: in NfcDispatcher.java’s tryStartActivity there is an insecure default value that can automatically assign a special app access permission. This leads to local elevation of privilege with no extra execution privileges required and no user interaction ne...

10CVSS5.6AI score0.00165EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/11 9:41 a.m.33 views

CVE-2026-53911 Cerebrate primary key mass assignment in CRUD edit operations allows authenticated users to overwrite unrelated records

Cerebrate before version 1.37 allowed the id primary key field to be supplied through request input during CRUD edit operations and certain custom entity patching flows. In affected entities that did not explicitly mark id as inaccessible, an authenticated attacker could submit a crafted edit...

6.3CVSS0.00207EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/10 12:0 a.m.9 views

Insecure Defaults

Overview Affected versions of this package are vulnerable to Insecure Defaults due to the Wss4jSecurityInterceptor class in Wss4jSecurityInterceptor.java initializing its bspCompliant flag to false, so inbound validation always calls RequestData.setDisableBSPEnforcementtrue and disables WSS4J's...

8.8CVSS5.4AI score0.00229EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2026/06/09 2:0 p.m.10 views

Microsoft Visual Studio Code CoPilot Chat Security Feature Bypass Vulnerability

Initialization of a resource with an insecure default in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to disclose information over a network...

7.5CVSS5.8AI score0.00514EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:33 p.m.9 views

CVE-2026-9053

Mothra would respect a default value given by a website for HTML file upload forms. An attacker could craft a website with a malicious default file path, and then conceal this form element...

8.2CVSS5.5AI score0.00276EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:32 p.m.10 views

CVE-2026-6703

The Responsive Blocks – Page Builder for Blocks & Patterns plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.2.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticat...

4.3CVSS5.4AI score0.0023EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:21 p.m.10 views

CVE-2026-41039

This vulnerability exists in Quantum Networks router due to improper access control and insecure default configuration in the web-based management interface. An unauthenticated attacker could exploit this vulnerability by accessing exposed API endpoints on the targeted device. Successful...

8.7CVSS5.5AI score0.00261EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.11 views

CVE-2026-6866

CWE-1188 Initialization of a Resource with an Insecure Default vulnerability exists that could cause unauthorized disclosure of sensitive information when credentials revert to initial settings in rare circumstances, enabling unauthorized authentication using known credentials...

8.2CVSS5.5AI score0.00291EPSS
Exploits0References1
Rows per page
Query Builder