Lucene search
K

225 matches found

NVD
NVD
added 5 days ago7 views

CVE-2026-54771

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.3, a Langroid application exposing a chat interface to untrusted users may allow direct tool invocation via raw JSON payloads, even when tools are registered with use=False, handle=True. Version...

8.1CVSS0.00392EPSS
Exploits0References1
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-466 PraisonAI call server exposes unauthenticated agent listing, invocation, and deletion when CALL_SERVER_TOKEN is unset

Summary PraisonAI's call server exposes a network-facing agent control API without authentication when CALLSERVERTOKEN is not configured. The affected component is the praisonai.api.agentinvoke router as mounted by praisonai.api.call. The authentication helper verifytoken fails open when...

9.8CVSS5.8AI score0.00075EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/09 2:58 a.m.12 views

CVE-2026-11466

A weakness has been identified in zilliztech deep-searcher up to 0.0.2. This affects the function CollectionRouter.invoke of the file deepsearcher/agent/collectionrouter.py. This manipulation of the argument kwargs causes improper access controls. Remote exploitation of the attack is possible. Th...

5.5CVSS5.6AI score0.00253EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/08 12:30 a.m.9 views

EUVD-2026-34997

A weakness has been identified in zilliztech deep-searcher up to 0.0.2. This affects the function CollectionRouter.invoke of the file deepsearcher/agent/collectionrouter.py. This manipulation of the argument kwargs causes improper access controls. Remote exploitation of the attack is possible. Th...

5.5CVSS5.2AI score0.00253EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/06/07 11:0 p.m.9 views

CVE-2026-11466 zilliztech deep-searcher collection_router.py CollectionRouter.invoke access control

A weakness has been identified in zilliztech deep-searcher up to 0.0.2. This affects the function CollectionRouter.invoke of the file deepsearcher/agent/collectionrouter.py. This manipulation of the argument kwargs causes improper access controls. Remote exploitation of the attack is possible. Th...

5.5CVSS5.6AI score0.00253EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/07 12:0 a.m.16 views

PT-2026-47197

Name of the Vulnerable Software and Affected Versions zilliztech deep-searcher versions prior to 0.0.3 Description Improper access controls in the CollectionRouter.invoke function within the deepsearcher/agent/collection router.py file allow for remote exploitation. This issue is caused by the...

5.5CVSS6.1AI score0.00253EPSS
Exploits0References10
CNNVD
CNNVD
added 2026/06/07 12:0 a.m.12 views

deep-searcher 访问控制错误漏洞

Deep-Searcher is a private data search and intelligent question-answering tool developed by Zilliz, based on large models and VectorDB. Versions of Deep-Searcher 0.0.2 and earlier contain an access control vulnerability. This vulnerability stems from the operation of the CollectionRouter.invoke...

5.5CVSS5.6AI score0.00253EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/05 7:46 p.m.10 views

CVE-2026-42471

Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The sync-invoke client Connection.php:76 calls unserialize on data received from the server response, enabling client-side RCE if connecting to a malicious server...

8.1CVSS5.5AI score0.01757EPSS
Exploits2References1
OSV
OSV
added 2026/05/29 10:27 p.m.13 views

GHSA-86QC-R5V2-V6X6 PraisonAI call server exposes unauthenticated agent listing, invocation, and deletion when CALL_SERVER_TOKEN is unset

Summary PraisonAI's call server exposes a network-facing agent control API without authentication when CALLSERVERTOKEN is not configured. The affected component is the praisonai.api.agentinvoke router as mounted by praisonai.api.call. The authentication helper verifytoken fails open when...

9.8CVSS5.8AI score0.00075EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/29 10:27 p.m.27 views

PraisonAI call server exposes unauthenticated agent listing, invocation, and deletion when CALL_SERVER_TOKEN is unset

Summary PraisonAI's call server exposes a network-facing agent control API without authentication when CALLSERVERTOKEN is not configured. The affected component is the praisonai.api.agentinvoke router as mounted by praisonai.api.call. The authentication helper verifytoken fails open when...

5.8AI score0.00075EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/28 9:36 a.m.13 views

CVE-2026-46152

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: drop stray 'static' from fast-RX rxresult ieee80211invokefastrx is documented as safe for parallel RX, but its per-invocation rxresult is declared static. Concurrent callers then share one instance and can overwri...

5.8AI score0.00167EPSS
Exploits0References6Affected Software1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fixed an issue where access to qmiinvokehandler was allowed outside its bounds. Currently, there is no terminator entry for ath12kqmimsghandlers, resulting in the following KASAN warnings:...

7.1CVSS5.5AI score0.00233EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerability in Linux

A issue was discovered in the Linux kernel through version 5.11.6. The fastrpcinternalinvoke function in drivers/misc/fastrpc.c does not prevent user applications from sending kernel RPC messages, also known as CID-20c40794eb85. This is a related issue to CVE-2019-2308...

7.8CVSS6.2AI score0.00305EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/08 8:21 p.m.10 views

CVE-2025-63705

NPM package node-ts-ocr 1.0.15 is vulnerable to OS Command Injection via the invokeImageOcr function in src/index.js...

8.8CVSS5.8AI score0.01185EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/07 3:38 p.m.15 views

node-ts-ocr is vulnerable to OS Command Injection via the invokeImageOcr function in src/index.js

NPM package node-ts-ocr 1.0.15 is vulnerable to OS Command Injection via the invokeImageOcr function in src/index.js...

8.8CVSS5.8AI score0.01185EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2026/05/07 3:27 p.m.11 views

Command Injection

Overview node-ts-ocr is an A simple wrapper around command-line utils to assist in PDF / Image OCR Optical Character Recognition processing using Tesseract. Affected versions of this package are vulnerable to Command Injection via the invokeImageOcr function. An attacker can execute arbitrary...

9.8CVSS6AI score0.01185EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/07 12:0 a.m.36 views

CVE-2025-63705

NPM package node-ts-ocr 1.0.15 is vulnerable to OS Command Injection via the invokeImageOcr function in src/index.js...

0.01185EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/05 11:25 a.m.25 views

EUVD-2026-27295

OpenClaw versions 2026.4.10 before 2026.4.14 contain a missing authorization vulnerability in the Microsoft Teams SSO invoke handler that fails to apply sender allowlist checks. Attackers can bypass sender authorization by sending SSO invoke requests that are processed without proper validation,...

6.3CVSS5.8AI score0.00231EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/05 11:25 a.m.7 views

CVE-2026-43572

OpenClaw versions 2026.4.10 before 2026.4.14 contain a missing authorization vulnerability in the Microsoft Teams SSO invoke handler that fails to apply sender allowlist checks. Attackers can bypass sender authorization by sending SSO invoke requests that are processed without proper validation,...

6.3CVSS5.8AI score0.00231EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/05/05 11:25 a.m.32 views

CVE-2026-43572

OpenClaw 2026.4.10

6.3CVSS5.8AI score0.00231EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder