Lucene search
K

1013 matches found

CVE
CVE
added 3 days ago25 views

CVE-2026-61447

PraxionAI before 1.6.78 exposes a remote code execution flaw in CodeAgent._execute_python() that executes LLM-generated Python code without AST validation, import restrictions, or sandboxing. This enables prompt-injection to exfiltrate environment secrets and run arbitrary code on the host. The v...

10CVSS6.7AI score0.00544EPSS
Exploits0References2
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-562 vanna vulnerable to remote code execution caused by prompt injection

In the latest version of vanna-ai/vanna, the vanna.ask function is vulnerable to remote code execution due to prompt injection. The root cause is the lack of a sandbox when executing LLM-generated code, allowing an attacker to manipulate the code executed by the exec function in...

9.8CVSS7.8AI score0.00875EPSS
Exploits0References5
OSV
OSV
added 2026/06/19 5:45 p.m.8 views

GHSA-9WXG-VF3R-56HC OpenZeppelin Contracts Wizard: Line terminators in info.securityContact / info.license can inject lines into generated source

Summary The Contracts Wizard generators printed info.securityContact and info.license verbatim into a single-line comment of the generated Solidity, Cairo, Stellar/Soroban, and Stylus source without rejecting line terminators. A newline \n or \r\n in either field ends the comment, so the text aft...

3.3CVSS6.1AI score
Exploits0References2
NVD
NVD
added 2026/06/17 1:20 p.m.12 views

CVE-2026-52705

Unauthenticated Arbitrary File Upload in SigmaForms Pro – AI Generated Forms = 1.4.5 versions...

9CVSS0.00294EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 9:51 a.m.17 views

CVE-2026-52705

CVE-2026-52705 affects the WordPress plugin SigmaForms Pro – AI Generated Forms (versions

9CVSS5.2AI score0.00294EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 9:51 a.m.30 views

CVE-2026-52705 WordPress SigmaForms Pro – AI Generated Forms plugin <= 1.4.5 - Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload in SigmaForms Pro – AI Generated Forms = 1.4.5 versions...

9CVSS0.00294EPSS
Exploits0References1
MariaDBUnix
MariaDBUnix
added 2026/06/11 5:13 p.m.32 views

CVE-2026-49261

Disclaimer: This data contains information about vulnerable...

10CVSS5.6AI score0.00998EPSS
Exploits0
Malwarebytes
Malwarebytes
added 2026/06/08 3:2 p.m.28 views

Americans lost nearly $900 million to AI-powered scams, FBI says

The 2025 Federal Bureau of Investigation FBI Internet Crime Report shows that Americans reported $893,346,472 in AI‑related scam losses. Those losses stem from 22,364 AI-related complaints. And these figures represent only the reported losses, which may well be the proverbial tip of the iceberg...

5.6AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.11 views

CVE-2026-29198

In Rocket.Chat 8.3.0, 8.2.1, 8.1.2, 8.0.3, 7.13.5, 7.12.6, 7.11.6, and 7.10.9, a NoSQL injection vulnerability can lead to account takeover of the first user with a generated token when an OAuth app is configured...

9.8CVSS5.5AI score0.00416EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:11 p.m.9 views

CVE-2026-44291

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs used plain objects with inherited prototypes for internal type lookup tables used by generated encode and decode functions. If Object.prototype had already been polluted, those lookup table...

8.1CVSS5.4AI score0.00499EPSS
Exploits0References1
NVD
NVD
added 2026/06/05 12:16 a.m.8 views

CVE-2026-10586

The Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.1.3 via the saveaigeneratedimage function. This makes it possible for authenticated attackers, with Author-level...

7.2CVSS0.00213EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.9 views

WPDeveloper Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns 服务端请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

7.2CVSS6.1AI score0.00213EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.20 views

PT-2026-46763

Name of the Vulnerable Software and Affected Versions Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns versions prior to 6.1.4 Description The plugin is susceptible to Server-Side Request Forgery SSRF, a flaw where an attacker can induce the server-side application to mak...

7.2CVSS5.4AI score0.00213EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/03 8:33 p.m.15 views

EUVD-2026-33986

React Router has stored XSS via unescaped Location header in prerendered redirect HTML...

5.4CVSS5.8AI score0.00144EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.8 views

react-router 跨站脚本漏洞

react-router is a declarative routing library for React, open-sourced by Remix. Versions of react-router from 7.5.1 to 7.13.1 have a cross-site scripting vulnerability. This vulnerability stems from improper handling of the HTTP Location header value in framework mode with pre-rendering enabled,...

5.4CVSS5AI score0.00144EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.18 views

PT-2026-45512

FlexRIC v2.0.0 contains an authorization bypass in the iApp's xApp isolation mechanism. The equality function eq xapp ric gen id in src/ric/iApp/xapp ric id.c compares m0-xapp id against itself m0-xapp id instead of the other argument m1-xapp id, effectively ignoring the xApp identity dimension. ...

5.8AI score0.00454EPSS
Exploits1References3
MariaDBUnix
MariaDBUnix
added 2026/05/30 1:59 a.m.13 views

CVE-2026-48163

Disclaimer: This data contains information about vulnerable...

5.7AI score0.00654EPSS
Exploits0
MariaDBUnix
MariaDBUnix
added 2026/05/30 1:59 a.m.11 views

CVE-2026-48165

Disclaimer: This data contains information about vulnerable...

5.7AI score0.00967EPSS
Exploits0
Snyk
Snyk
added 2026/05/29 2:7 p.m.7 views

Cross-site Scripting (XSS)

Overview @haxtheweb/haxcms-nodejs is a HAXcms nodejs backend Affected versions of this package are vulnerable to Cross-site Scripting XSS via the saveNode endpoint due to insufficient sanitization of the node.body parameter, allowing event handler attributes without whitespace to bypass the HTML...

8.7CVSS5.4AI score0.00228EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2026/05/27 12:0 a.m.41 views

MIRAGE: Context-Aware Prompt Injection against Mobile GUI Agents Via User-Generated Content

Mobile graphical user interface GUI agents driven by vision-language models VLMs perceive the screen as rendered pixels and choose actions from what they see, so they cannot reliably separate trusted interface elements from user-generated content. We present MIRAGE Mobile Injection of Realistic...

5.8AI score
Exploits0
Rows per page
Query Builder