Lucene search
K

7861 matches found

Github Security Blog
Github Security Blog
added 2026/04/10 9:0 p.m.9 views

gramps-webapi: Zip Slip Path Traversal in Media Archive Import

Summary A path traversal vulnerability Zip Slip exists in the media archive import feature. An authenticated user with owner-level privileges can craft a malicious ZIP file with directory-traversal filenames to write arbitrary files outside the intended temporary extraction directory on the...

9.1CVSS5.9AI score0.00401EPSS
Exploits0References5Affected Software1
Snyk
Snyk
added 2026/04/10 7:22 p.m.3 views

Arbitrary Argument Injection

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

8.4CVSS6AI score0.00231EPSS
Exploits1References2
OSV
OSV
added 2026/04/10 7:22 p.m.9 views

GHSA-CFG2-MXFJ-J6PW PraisonAI Vulnerable to Stored XSS via Unsanitized Agent Output in HTML Rendering (nh3 Not a Required Dependency)

Summary The Flask API endpoint in src/praisonai/api.py renders agent output as HTML without effective sanitization. The sanitizehtml function relies on the nh3 library, which is not listed as a required or optional dependency in pyproject.toml. When nh3 is absent the default installation, the...

5.4CVSS5.8AI score0.00216EPSS
Exploits1References4
Chainguard
Chainguard
added 2026/04/10 2:13 a.m.3 views

GHSA-WP4P-9PXH-CGX2 vulnerabilities

Vulnerabilities for packages: argo-cd, argo-cd-fips...

5.8AI score
Exploits0
OSV
OSV
added 2026/04/10 12:30 a.m.7 views

GHSA-HGWR-WR8H-RXM7 Duplicate Advisory: OpenClaw: Google Chat app-url webhook auth accepted non-deployment add-on principals

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-mp66-rf4f-mhh8. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.22 contains an improper authentication verification vulnerability in Google Chat app-url webho...

6CVSS5.8AI score0.00293EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/04/10 12:30 a.m.7 views

Duplicate Advisory: OpenClaw: Google Chat app-url webhook auth accepted non-deployment add-on principals

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-mp66-rf4f-mhh8. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.22 contains an improper authentication verification vulnerability in Google Chat app-url webho...

7.1CVSS5.8AI score0.00293EPSS
Exploits0References6Affected Software1
Packet Storm News
Packet Storm News
added 2026/04/10 12:0 a.m.2 views

S3CDM: A Secret-Sharing-Scheme-Based Cyberattack Detection Model and Its Simulation Implementation

We design and develop a secret-sharing-scheme-based cyberattack detection modelS3CDMthat can detect unauthorized or illegal activities especially insider attacks and protect sensitive information within complex network infrastructures of large organizations. The model splits a secret among a grou...

5.8AI score
Exploits0
NVD
NVD
added 2026/04/09 10:16 p.m.1 views

CVE-2026-35622

OpenClaw before 2026.3.22 contains an improper authentication verification vulnerability in Google Chat app-url webhook handling that accepts add-on principals outside intended deployment bindings. Attackers can bypass webhook authentication by providing non-deployment add-on principals to execut...

7.1CVSS0.00293EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/09 9:17 p.m.5 views

CVE-2026-40113

PraisonAI is a multi-agent teams system. Prior to 4.5.128, deploy.py constructs a single comma-delimited string for the gcloud run deploy --set-env-vars argument by directly interpolating openaimodel, openaikey, and openaibase without validating that these values do not contain commas. gcloud use...

8.4CVSS6AI score0.00231EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/09 7:40 p.m.4 views

CVE-2026-35577 Missing Host Header Validation in Apollo MCP Server for Localhost Deployments

Apollo MCP Server is a Model Context Protocol server that exposes GraphQL operations as MCP tools. Prior to version 1.7.0, the Apollo MCP Server did not validate the Host header on incoming HTTP requests when using StreamableHTTP transport. In configurations where an HTTP-based MCP server is run ...

6.8CVSS5.8AI score0.00182EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2026/04/09 12:57 p.m.10 views

ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories

Thursday. Another week, another batch of things that probably should've been caught sooner but weren't. This one's got some range — old vulnerabilities getting new life, a few "why was that even possible" moments, attackers leaning on platforms and tools you'd normally trust without thinking twic...

8.8CVSS7.5AI score0.9619EPSS
Exploits14
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.5 views

PT-2026-31758

OpenClaw before 2026.3.22 contains an improper authentication verification vulnerability in Google Chat app-url webhook handling that accepts add-on principals outside intended deployment bindings. Attackers can bypass webhook authentication by providing non-deployment add-on principals to execut...

6CVSS6AI score0.00293EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.7 views

PraisonAI 信息泄露漏洞

PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI prior to 4.5.128 contained an information leakage vulnerability. This vulnerability stemmed from the AgentOS deployment platform not implementing authentication, and the default CORS...

5.3CVSS5.8AI score0.00758EPSS
Exploits1References1
Packet Storm News
Packet Storm News
added 2026/04/09 12:0 a.m.4 views

Follow My Eyes: Backdoor Attacks on VLM-Based Scanpath Prediction

Scanpath prediction models forecast the sequence and timing of human fixations during visual search, driving foveated rendering and attention-based interaction in mobile systems where their integrity is a first-class security concern. We present the first study of backdoor attacks against VLM-bas...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/04/08 5:51 p.m.4 views

New Chaos Variant Targets Misconfigured Cloud Deployments, Adds SOCKS Proxy

Cybersecurity researchers have flagged a new variant ofmalware called Chaos that'scapable of hitting misconfigured cloud deployments, marking an expansion of the botnet's targeting infrastructure. "Chaos malware is increasingly targeting misconfigured cloud deployments, expanding beyond its...

6.6AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.4 views

PT-2026-31345

Name of the Vulnerable Software and Affected Versions Kibana affected versions not specified Description An authenticated user with access to the automatic import feature can submit specially crafted requests with excessively large input values. When multiple such requests are sent concurrently,...

6.5CVSS5.8AI score0.0024EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/04/07 11:1 p.m.2 views

CVE-2026-35043

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.38, the cloud deployment path in src/bentoml/internal/cloud/deployment.py was not included in the fix for CVE-2026-33744. Line 1648 interpolates systempackages directly into a...

7.8CVSS6.5AI score0.00315EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/07 7:2 p.m.5 views

EUVD-2026-19869

OpenObserve is a cloud-native observability platform. In 0.70.3 and earlier, the validateenrichmenturl function in src/handler/http/request/enrichmenttable/mod.rs fails to block IPv6 addresses because Rust's url crate returns them with surrounding brackets e.g. "::1" not "::1". An authenticated...

7.7CVSS5.9AI score0.00265EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/07 6:15 p.m.3 views

Information Exposure

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Information Exposure via the connect process. An attacker can obtain sensitive host filesystem paths and deployment metadata by making authenticated requests as a non-admin client...

5.3CVSS5.8AI score0.00283EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2026/04/07 12:0 a.m.3 views

LanG -- a Governance-Aware Agentic AI Platform for Unified Security Operations

Modern Security Operations Centers struggle with alert fatigue, fragmented tooling, and limited cross-source event correlation. Challenges that current Security Information Event Management and Extended Detection and Response systems only partially address through fragmented tools. This paper...

5.9AI score
Exploits0
Rows per page
Query Builder