Lucene search
K

307 matches found

NVD
NVD
added 4 days ago6 views

CVE-2026-61432

PraisonAI praisonaiagents before 1.6.78 contains a path traversal vulnerability in the FastContext feature praisonaiagents.context.fast. FastContextAgent.executetool prepends the configured workspacepath only for relative paths and neither rejects absolute paths nor canonicalizes joined paths...

6.9CVSS0.00278EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-42898

PraisonAI praisonaiagents before 1.6.78 contains a path traversal vulnerability in the FastContext feature praisonaiagents.context.fast. FastContextAgent.executetool prepends the configured workspacepath only for relative paths and neither rejects absolute paths nor canonicalizes joined paths...

6.9CVSS6.1AI score0.00278EPSS
Exploits0References3
Snyk
Snyk
added 2026/07/03 10:19 p.m.5 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS via the git grep process. An attacker can exhaust server resources by initiating expensive or long-running search operations without restriction. Details Denial of Service DoS describes a family of attacks, all aim...

8.7CVSS6AI score0.00466EPSS
Exploits0References2
NVD
NVD
added 2026/07/03 9:16 p.m.5 views

CVE-2026-26307

Gitea versions before 1.25.5 do not enforce a timeout on git grep searches, allowing expensive searches to consume server resources...

7.5CVSS0.00466EPSS
Exploits0References4
CVE
CVE
added 2026/07/03 8:19 p.m.15 views

CVE-2026-26307

CVE-2026-26307 affects Gitea versions before 1.25.5. The vulnerability arises because the git grep searches do not enforce a timeout, allowing expensive searches to consume server resources and cause a DoS condition. Affected component: the Git subsystem within Gitea (as noted in multiple sources...

7.5CVSS6AI score0.00466EPSS
Exploits0References4
OSV
OSV
added 2026/07/03 8:19 p.m.3 views

CVE-2026-26307 Gitea git grep search lacks a timeout

Gitea versions before 1.25.5 do not enforce a timeout on git grep searches, allowing expensive searches to consume server resources...

7.5CVSS6AI score0.00466EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/03 8:19 p.m.35 views

CVE-2026-26307 Gitea git grep search lacks a timeout

Gitea versions before 1.25.5 do not enforce a timeout on git grep searches, allowing expensive searches to consume server resources...

0.00466EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/03 8:19 p.m.7 views

EUVD-2026-41631

Gitea versions before 1.25.5 do not enforce a timeout on git grep searches, allowing expensive searches to consume server resources...

6AI score0.00466EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.8 views

PT-2026-55599

Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.25.5 Description The software does not enforce a timeout on git grep searches, which can allow expensive search operations to consume excessive server resources. Recommendations Update to version 1.25.5 or later...

7.5CVSS6.1AI score0.00466EPSS
Exploits0References7
NVD
NVD
added 2026/06/24 6:17 p.m.10 views

CVE-2026-48703

Warp is an agentic development environment. From 0.2025.04.09.08.11.stable00 until 0.2026.05.06.15.42.stable01, Warp contains a command execution policy bypass in Agent code search tools. The affected Grep and FileGlob actions are authorized as read/search operations, but their implementations...

7.8CVSS0.00177EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 5:25 p.m.30 views

CVE-2026-48703 Warp: Command Injection via Warp code search tool arguments

Warp is an agentic development environment. From 0.2025.04.09.08.11.stable00 until 0.2026.05.06.15.42.stable01, Warp contains a command execution policy bypass in Agent code search tools. The affected Grep and FileGlob actions are authorized as read/search operations, but their implementations...

7.8CVSS0.00177EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/24 5:25 p.m.5 views

CVE-2026-48703

Warp is an agentic development environment. From 0.2025.04.09.08.11.stable00 until 0.2026.05.06.15.42.stable01, Warp contains a command execution policy bypass in Agent code search tools. The affected Grep and FileGlob actions are authorized as read/search operations, but their implementations...

7.8CVSS6.1AI score0.00177EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/24 5:25 p.m.6 views

EUVD-2026-39011

Warp is an agentic development environment. From 0.2025.04.09.08.11.stable00 until 0.2026.05.06.15.42.stable01, Warp contains a command execution policy bypass in Agent code search tools. The affected Grep and FileGlob actions are authorized as read/search operations, but their implementations...

7.8CVSS6.1AI score0.00177EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.20 views

PT-2026-48373

Name of the Vulnerable Software and Affected Versions Warp versions 0.2025.04.09.08.11.stable 00 through 0.2026.05.06.15.42.stable 00 Description Warp contains a command execution policy bypass within its Agent code search tools. The Grep and FileGlob actions, which are authorized as read or sear...

7.8CVSS6.1AI score0.00177EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/01 8:45 p.m.13 views

CVE-2026-10291 Enderfga claw-orchestrator Session Grep Endpoint embedded-server.ts validateRegex redos

A security vulnerability has been detected in Enderfga claw-orchestrator up to 3.7.0. The impacted element is the function validateRegex of the file claw-orchestrator/src/embedded-server.ts of the component Session Grep Endpoint. The manipulation of the argument body.pattern leads to inefficient...

5.3CVSS5.4AI score0.00354EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/06/01 8:45 p.m.34 views

CVE-2026-10291 Enderfga claw-orchestrator Session Grep Endpoint embedded-server.ts validateRegex redos

A security vulnerability has been detected in Enderfga claw-orchestrator up to 3.7.0. The impacted element is the function validateRegex of the file claw-orchestrator/src/embedded-server.ts of the component Session Grep Endpoint. The manipulation of the argument body.pattern leads to inefficient...

5.3CVSS0.00354EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/05/22 7:57 a.m.16 views

CVE-2026-48172

LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation possibly to root, as exploited in the wild in May 2026. Detection is best done via a command line of grep -rE "cpaneljsonapifunc=redisAble" /var/cpanel/logs /usr/local/cpanel/logs/ 2/dev/null in Bash. If you get no output,...

10CVSS5.8AI score0.18914EPSS
Exploits1References1
CVE
CVE
added 2026/05/21 12:38 a.m.49 views

CVE-2026-48172

The vulnerability CVE-2026-48172 affects LiteSpeed User-End cPanel Plugin prior to 2.4.5. The issue stems from mishandling of Redis enable/disable features, enabling privilege escalation (possibly to root). In-the-wild exploitation was reported in May 2026. Detection guidance is provided: run gre...

10CVSS5.8AI score0.18914EPSS
In wildExploits1References4Affected Software2
RedhatCVE
RedhatCVE
added 2026/04/20 7:22 p.m.9 views

CVE-2026-40515

OpenHarness before commit bd4df81 contains a permission bypass vulnerability that allows attackers to read sensitive files by exploiting incomplete path normalization in the permission checker. Attackers can invoke the built-in grep and glob tools with sensitive root directories that are not...

8.7CVSS5.8AI score0.0023EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/17 6:31 p.m.5 views

EUVD-2026-23450

OpenHarness before commit bd4df81 contains a permission bypass vulnerability that allows attackers to read sensitive files by exploiting incomplete path normalization in the permission checker. Attackers can invoke the built-in grep and glob tools with sensitive root directories that are not...

8.7CVSS5.8AI score0.0023EPSS
Exploits1References4
Rows per page
Query Builder