123164 matches found
PT-2026-45064
Summary Type: Insecure default cryptographic key. The JWT signing secret defaults to the hardcoded literal "dev-secret-change-me" when PLATFORM JWT SECRET is unset. A safety check exists but only fires when PLATFORM ENV != "dev"; the default value of PLATFORM ENV is "dev", so the check is silentl...
PT-2026-45054
Summary PraisonAI's direct-prompt CLI automatically expands @url: mentions in raw prompt text before agent execution begins. If a prompt contains @url:, the CLI calls MentionsParser.process.... The @url: handler then performs a direct urllib.request.urlopen request to the attacker-controlled URL...
PT-2026-45051
Summary execute code in praisonaiagents/tools/python tools.py v1.6.37, subprocess sandbox mode can be fully bypassed using print. self to retrieve the real Python builtins module, from which import can be extracted via vars and runtime string construction. This achieves arbitrary OS command...
PT-2026-45058
Summary PraisonAI Platform's workspace-scoped REST routes contain a systemic object-level authorization flaw that allows an authenticated user from one workspace to access, modify, and delete objects belonging to another workspace by supplying the victim object's global UUID. The affected pattern...
PT-2026-45017
Name of the Vulnerable Software and Affected Versions russh versions 0.34.0 through 0.61.0 Description When SSH compression is enabled, the software accepts compressed packets that pass initial transport packet-length checks but expand to a much larger size upon decompression. This occurs because...
PT-2026-45006
NB: All tags and branches in this repository are past their end of life, so the vulnerability will not be fixed. The advisory is posted on the request of the researcher, for the information of anyone who might still use this software. Impact There is a security vulnerability in eZ Publish Legacy,...
PT-2026-45016
Summary Sender::send in src/lib.rs contains an unsafe block in the DISCONNECTED arm that transmutes a raw pointer mut Producer into the bytes of a value-level Consumer. The author's intent, visible in the surrounding comment at lines 386-390, was a value transmute. The shipped code is one level o...
PT-2026-45019
Summary Binary delta apply intermediate-symlink traversal in malicious .delta Autoupdate/SUBinaryDeltaApply.m enforces relativePath.pathComponents containsObject:@".." and rejects writes whose immediate parent directory IS itself a symbolic link, but does not detect symlinks deeper in the relativ...
PT-2026-45049
Summary PraisonAI's spider tools URL validation can be bypassed using alternate loopback host encodings. The affected component is: text praisonaiagents/tools/spider tools.py The tool contains a URL validation function intended to block local or unsafe targets before fetching attacker-controlled...
PT-2026-45035
Name of the Vulnerable Software and Affected Versions Boxlite versions 0.8.2 and earlier Description Boxlite is a sandbox service that enables the creation of lightweight virtual machines to run untrusted code within OCI containers. The service allows users to configure a timeout for processes...
PT-2026-45018
Name of the Vulnerable Software and Affected Versions Russh versions 0.34.0-beta.1 through 0.60.x Description The server authentication path in the Russh library fails to separate internal user authentication state when the request principal changes across SSH MSG USERAUTH REQUEST messages...
Linux Distros Unpatched Vulnerability : CVE-2026-48863
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - libsolv - None Ubuntu Linux - Unknown description CVE-2026-48863 Note that Nessus relies on the presence of the package as reported by the vendor...
Linux Distros Unpatched Vulnerability : CVE-2026-46160
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - btrfs: fix missing lastunlinktrans update when removing a directory When removing a directory we are not updating its lastunlinktrans field, which can result in...
Linux Distros Unpatched Vulnerability : CVE-2026-8643
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pip would treat consolescripts and guiscripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leadin...
Linux Distros Unpatched Vulnerability : CVE-2026-48095
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - 7-Zip is a file archiver with a high compression ratio. Versions 26.00 and prior contain a heap buffer overflow vulnerability caused by an under-allocation in t...
Linux Distros Unpatched Vulnerability : CVE-2026-46186
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bluetooth: virtiobt: validate rx pkttype header length virtbtrxhandle reads the leading pkttype byte from the RX skb and forwards the remainder to hcirecvframe...
Linux Distros Unpatched Vulnerability : CVE-2026-47734
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - dulwich - None Ubuntu Linux - Unknown description CVE-2026-47734 Note that Nessus relies on the presence of the package as reported by the vendor...
Linux Distros Unpatched Vulnerability : CVE-2026-47712
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - dulwich - None Ubuntu Linux - Unknown description CVE-2026-47712 Note that Nessus relies on the presence of the package as reported by the vendor...
Linux Distros Unpatched Vulnerability : CVE-2026-48754
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ubuntu Linux - Unknown description CVE-2026-48754 Note that Nessus relies on the presence of the package as reported by the vendor. %NASLMINLEVEL 80900 C Tenabl...
Linux Distros Unpatched Vulnerability : CVE-2026-48753
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ubuntu Linux - Unknown description CVE-2026-48753 Note that Nessus relies on the presence of the package as reported by the vendor. %NASLMINLEVEL 80900 C Tenabl...