Lucene search
K

10 matches found

OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-487 PraisonAIAgents has an OS Command Injection via shell=True in Memory Hooks Executor (memory/hooks.py)

Summary The memory hooks executor in praisonaiagents passes a user-controlled command string directly to subprocess.run with shell=True at src/praisonai-agents/praisonaiagents/memory/hooks.py lines 303 to 305. No sanitization, no shlex.quote, no character filter, and no allowlist check exists...

9.3CVSS6.3AI score0.00229EPSS
Exploits1References5
CVE
CVE
added 2026/06/11 8:9 p.m.42 views

CVE-2026-53816

OpenClaw before 2026.5.18 is affected by an insufficient provenance validation vulnerability in node event handling. A malicious or compromised paired node can send crafted node.event messages to the gateway, allowing forging of exec lifecycle events and steering target sessions into exec-event p...

8.6CVSS5.5AI score0.00342EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/04/09 10:16 p.m.6 views

CVE-2026-40111

PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, he memory hooks executor in praisonaiagents passes a user-controlled command string directly to subprocess.run with shell=True at src/praisonai-agents/praisonaiagents/memory/hooks.py. No sanitization is performed and shell...

9.3CVSS0.00229EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/09 9:14 p.m.19 views

CVE-2026-40111 PraisonAIAgents has an OS Command Injection via shell=True in Memory Hooks Executor (memory/hooks.py)

PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, he memory hooks executor in praisonaiagents passes a user-controlled command string directly to subprocess.run with shell=True at src/praisonai-agents/praisonaiagents/memory/hooks.py. No sanitization is performed and shell...

9.3CVSS0.00229EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/09 9:14 p.m.2 views

CVE-2026-40111

PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, he memory hooks executor in praisonaiagents passes a user-controlled command string directly to subprocess.run with shell=True at src/praisonai-agents/praisonaiagents/memory/hooks.py. No sanitization is performed and shell...

9.3CVSS6AI score0.00229EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.6 views

PT-2026-31780

Name of the Vulnerable Software and Affected Versions PraisonAIAgents versions prior to 1.5.128 Description PraisonAIAgents is a multi-agent teams system. The memory hooks executor in PraisonAIAgents passes a user-controlled command string directly to subprocess.run with shell=True at...

9.3CVSS5.8AI score0.00229EPSS
Exploits1References10
OpenVAS
OpenVAS
added 2024/03/08 12:0 a.m.14 views

Fedora: Security Advisory for jakarta-interceptors (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS9.2AI score0.02578EPSS
Exploits3References2
Fedora
Fedora
added 2024/03/07 10:33 p.m.23 views

[SECURITY] Fedora 40 Update: jakarta-interceptors-2.0.0-12.fc40

Jakarta Interceptors defines a means of interposing on business method invocations and specific events=EF=BF=BD=EF=BF=BD=EF=BF=BDsuch as lifecycle e vents and timeout events=EF=BF=BD=EF=BF=BD=EF=BF=BDthat occur on instances of Jakarta EE compon ents and other managed classes...

8.8CVSS9.1AI score0.02578EPSS
Exploits3
Veracode
Veracode
added 2020/12/31 5:3 p.m.27 views

Information Disclosure

xen is vulnerable to information disclosure. The vulnerability exists as a guest administrator can observe non-sensitive domain and device lifecycle events relating to other guests...

2.3CVSS1.5AI score0.00306EPSS
Exploits0References7Affected Software1
Prion
Prion
added 2020/12/15 6:15 p.m.27 views

Design/Logic Flaw

An issue was discovered in Xen through 4.14.x. Neither xenstore implementation does any permission checks when reporting a xenstore watch event. A guest administrator can watch the root xenstored node, which will cause notifications for every created, modified, and deleted key. A guest...

2.1CVSS4.5AI score0.00306EPSS
Exploits0References4Affected Software3
Rows per page
Query Builder