CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

36322 matches found

CNNVD•added 2026/04/09 12:0 a.m.•3 views

PraisonAI 跨站脚本漏洞

PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI prior to 4.5.128 contained a cross-site scripting vulnerability. This vulnerability stemmed from Flask API endpoints rendering HTML, where cleanup operations were ineffective, allowing...

6.1CVSS5.8AI score0.00038EPSS

Exploits1References2

Packet Storm News•added 2026/04/09 12:0 a.m.•1 views

RansomTrack: A Hybrid Behavioral Analysis Framework for Ransomware Detection

Ransomware poses a serious and fast-acting threat to critical systems, often encrypting files within seconds of execution. Research indicates that ransomware is the most reported cybercrime in terms of financial damage, highlighting the urgent need for early-stage detection before encryption is...

5.7AI score

Exploits0

CNNVD•added 2026/04/09 12:0 a.m.•4 views

LangChain 安全漏洞

LangChain is an open-source framework developed by LangChain for creating applications powered by large language models LLMs. Versions of LangChain prior to 0.3.84 and 1.2.28 contained security vulnerabilities. These vulnerabilities stemmed from incomplete validation of f-string template fields,...

5.3CVSS5.8AI score0.00055EPSS

Exploits0References7

Packet Storm News•added 2026/04/09 12:0 a.m.•7 views

ACIArena: Toward Unified Evaluation for Agent Cascading Injection

Collaboration and information sharing empower Multi-Agent Systems MAS but also introduce a critical security risk known as Agent Cascading Injection ACI. In such attacks, a compromised agent exploits inter-agent trust to propagate malicious instructions, causing cascading failures across the...

5.8AI score

Exploits0

GithubExploit•added 2026/04/08 11:0 p.m.•89 views

pentestfr

Pentest Framework — Kali Linux / VirtualBox Framework Python...

5.9AI score

Exploits0

NVD•added 2026/04/08 9:16 p.m.•3 views

CVE-2026-39416

AIL framework is an open-source platform to collect, crawl, process and analyse unstructured data. Prior to 6.8, a stored cross-site scripting XSS vulnerability was identified in the modal item preview functionality. When item content longer than 800 characters was processed, attacker-controlled...

8.5CVSS0.00041EPSS

Exploits0References2

EUVD•added 2026/04/08 8:11 p.m.•1 views

EUVD-2026-20605

8.5CVSS6.1AI score0.00041EPSS

Exploits0References2

Cvelist•added 2026/04/08 8:11 p.m.•15 views

CVE-2026-39416 Stored XSS in modal item preview for long item content in AIL Framework

8.5CVSS0.00041EPSS

Exploits0References2

Snyk•added 2026/04/08 7:17 p.m.•2 views

Deserialization of Untrusted Data

Overview praisonai is a PraisonAI TypeScript AI Agents Framework - Node.js, npm, and Javascript AI Agents Framework Affected versions of this package are vulnerable to Deserialization of Untrusted Data through the YAML deserialization in the loadAgentFromFile function. An attacker can execute...

9.8CVSS6.2AI score0.00555EPSS

Exploits0References2

EUVD•added 2026/04/08 6:34 p.m.•3 views

EUVD-2026-20511

A Server-Side Request Forgery SSRF vulnerability exists in the Print Format functionality of ERPNext v16.0.1 and Frappe Framework v16.1.1, where user-supplied HTML is insufficiently sanitized before being rendered into PDF. When generating PDFs from user-controlled HTML content, the application...

6.1AI score0.00043EPSS

Exploits0References3

NVD•added 2026/04/08 5:21 p.m.•1 views

CVE-2026-31017

9.1CVSS0.00043EPSS

Exploits0References2

NVD•added 2026/04/08 3:16 p.m.•3 views

CVE-2026-39410

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.12, a discrepancy between browser cookie parsing and parse handling allows cookie prefix protections to be bypassed. Cookie names that are treated as distinct by the browser may be normalized to th...

4.8CVSS0.0003EPSS

Exploits0References3

NVD•added 2026/04/08 3:16 p.m.•1 views

CVE-2026-39409

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.12, ipRestriction does not canonicalize IPv4-mapped IPv6 client addresses e.g. ::ffff:127.0.0.1 before applying IPv4 allow or deny rules. In environments such as Node.js dual-stack, this can cause...

6.3CVSS0.00013EPSS

Exploits0References3

NVD•added 2026/04/08 3:16 p.m.•0 views

CVE-2026-39408

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.12, a path traversal issue in toSSG allows files to be written outside the configured output directory during static site generation. When using dynamic route parameters via ssgParams, specially...

7.5CVSS0.00017EPSS

Exploits1References3

Snyk•added 2026/04/08 3:4 p.m.•3 views

User Impersonation

Overview @lobehub/lobehub is a LobeHub - an open-source,comprehensive AI Agent framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. Supports one-click free deployment of your private ChatGPT/LLM web application. Affected versions of this package are...

7.1CVSS5.8AI score0.00025EPSS

Exploits0References2

CVE•added 2026/04/08 2:44 p.m.•10 views

CVE-2026-39410

Hono CVE-2026-39410 involves a cookie handling flaw in getCookie() where a mismatch between browser cookie parsing and JavaScript parse() trim() causes cookies with a non-breaking-space prefix (U+00A0) to shadow or override legitimate cookies. This can bypass __Secure- and __Host- prefix protecti...

4.8CVSS5.9AI score0.0003EPSS

Exploits0References3Affected Software1