CVE-2026-40313 PraisonAI: ArtiPACKED Vulnerability via GitHub Actions Credential Persistence

PraisonAI is a multi-agent teams system. In versions 4.5.139 and below, the GitHub Actions workflows are vulnerable to ArtiPACKED attack, a known credential leakage vector caused by using actions/checkout without setting persist-credentials: false. By default, actions/checkout writes the...

CVE-2026-40313

Summary: PraisonAI versions ≤ 4.5.139 expose GitHub Actions credential leakage via ArtiPACKED attack due to actions/checkout persisting GITHUB_TOKEN (and sometimes ACTIONS_RUNTIME_TOKEN) in the repository’s .git/config when artifacts are uploaded from workflows. This can allow read-access users t...

org.webjars.npm:axios (=0.15.3), org.webjars.npm:github-build (=1.2.0) +1 more potentially affected by CVE-2026-40895 via org.webjars.npm:follow-redirects (=1.0.0)

org.webjars.npm:follow-redirects MAVEN version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:follow-redirects and may be impacted: - org.webjars.npm:axios =0.15.3 - org.webjars.npm:github-build =1.2.0 -...

PT-2026-32595

Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 4.5.140 Description GitHub Actions workflows are susceptible to an ArtiPACKED attack, which is a credential leakage vector. This occurs when actions/checkout is used without setting persist-credentials: false. By...

PT-2026-32722

Name of the Vulnerable Software and Affected Versions GitHub Copilot affected versions not specified Visual Studio Code affected versions not specified Description Improper neutralization of special elements used in a command, known as command injection, allows an authorized attacker to disclose...

PraisonAI 安全漏洞

PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI 4.5.139 and earlier contained security vulnerabilities. These vulnerabilities stemmed from known credential exposure risks in GitHub Actions workflows, which could allow attackers to...

Microsoft GitHub Copilot and Visual Studio Code 命令注入漏洞

Microsoft GitHub Copilot and Visual Studio Code are a set of intelligent coding tools developed by the American company Microsoft. There is a command injection vulnerability present in Microsoft GitHub Copilot and Visual Studio Code. Attackers can exploit this vulnerability to obtain sensitive...

KLA90982 Multiple vulnerabilities in Microsoft Developer Tools

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to obtain sensitive information, bypass security restrictions, cause denial of service, gain privileges, spoof user interface. Below is a complete list of vulnerabilities: 1. An...

Linux Distros Unpatched Vulnerability : CVE-2026-33929

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache PDFBox Examples. This issue affects the ExtractEmbeddedFile...

GHSA-875V-7M49-8X88

creationtimestamp| type| source ---|---|--- 2026-04-13 23:20:55+00:00| seen| Telegram/1z3cy8b4nyTXxlXgo7X-5B9mikKWob2N9UfH7kQzWNiwJw...

Out-of-bounds Read

Overview Magick.NET-Q8-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

GHSA-2599-H6XX-HPXP vulnerabilities

Vulnerabilities for packages: py3-cassandra-medusa...

GHSA-JCXM-M3JX-F287

creationtimestamp| type| source ---|---|--- 2026-04-13 19:19:04+00:00| published-proof-of-concept| Telegram/61DYlWTca6IkcTFpN2RYBtwr9MKXFEKysLP63-1xRoUERI...

CVE-2026-40907

creationtimestamp| type| source ---|---|--- 2026-04-13 12:03:15+00:00| published-proof-of-concept| https://github.com/WWBN/AVideo/security/advisories/GHSA-gpgp-w4x2-h3h7...

GHSA-3P68-RC4W-QGX5

creationtimestamp| type| source ---|---|--- 2026-04-13 12:02:56+00:00| seen| https://gist.github.com/subaruoutbacksteakhouse/755867cb60dca06f145990b4865d6eee 2026-04-20 01:05:19+00:00| seen| https://gist.github.com/konard/dc529ad3e07305daab99c78bc17d7ea6 2026-04-27 21:04:47+00:00| seen|...

OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident

OpenAI revealed a GitHub Actions workflow used to sign its macOS apps led to the download of the malicious Axios library on March 31, but noted that no user data or internal system was compromised. "Out of an abundance of caution, we are taking steps to protect the process that certifies our macO...

sigma-audit

Sigma Stack Audit Full-spectrum security audit combining five...

GHSA-67JX-R9PV-98RJ vulnerabilities

Vulnerabilities for packages: traefik...

GHSA-9M3C-QCXR-9X87 vulnerabilities

Vulnerabilities for packages: nacos-docker, ontop-fips, kayenta, thingsboard, camunda, camunda-zeebe, kayenta-fips, ontop, nacos...

CVE-2026-4106

creationtimestamp| type| source ---|---|--- 2026-04-12 01:00:04+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/79929 2026-04-12 02:46:41+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2026/CVE-2026-4106.yaml 2026-04-12 03:00:07+00:00|...