Lucene search
K

126613 matches found

Packet Storm
Packet Storm
added 2026/04/02 12:0 a.m.126 views

📄 Bloomberg Memray Cross Site Scripting

Bloomberg Memray prior to versions 1.19.2 rendered the command line of the tracked process directly into generated HTML reports without escaping, allowing for cross site scripting attacks. CVE-2026-32722 Bloomberg Memray’s Stored XSS via Unescaped Command-Line Metadata Intro I found this issue...

6.1CVSS5.4AI score0.00302EPSS
Exploits2
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.7 views

Lean Crypto Library 安全漏洞

Lean Crypto Library is a lightweight quantum-resistant cryptographic algorithm library developed by smuellerDD as an individual project. Versions of Lean Crypto Library prior to 1.7.1 contained security vulnerabilities. These vulnerabilities stemmed from integer overflows that occurred when the...

5.9CVSS5.8AI score0.00162EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.5 views

vLLM 输入验证错误漏洞

vLLM is an open-source LLM-based inference and service engine that features high throughput and efficient memory usage. Versions of vLLM prior to 0.5.5 and 0.18.0 contained a vulnerability related to input validation errors. This vulnerability stemmed from inconsistencies in the audio mono downmi...

7.1CVSS5.8AI score0.00267EPSS
Exploits0References4
Packet Storm
Packet Storm
added 2026/04/02 12:0 a.m.137 views

📄 Langflow 1.8.4 File Write / Traversal / Remote Code Execution

Langflow versions 1.8.4 and below have an issue where the POST /api/v2/files endpoint does not sanitize the filename parameter from the multipart form data, allowing an attacker to write files to arbitrary locations on the filesystem using path traversal sequences. When Langflow runs with...

8.8CVSS6.6AI score0.02104EPSS
Exploits4
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.7 views

PT-2026-29834

Name of the Vulnerable Software and Affected Versions OpenSSH versions prior to 10.3 Description OpenSSH versions before 10.3 incorrectly handle ECDSA algorithms. Specifically, the software misinterprets the listing of any ECDSA algorithm in the PubkeyAcceptedAlgorithms or...

8.1CVSS5.7AI score0.00419EPSS
Exploits0References56
OPENSUSE Linux
OPENSUSE Linux
added 2026/04/02 12:0 a.m.4 views

Security update for tomcat10 (important)

openSUSE security update: security update for tomcat10 ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20444-1 Rating: important References: bsc1252753 bsc1252756 bsc1252905 bsc1253460 bsc1258371 bsc1258385 bsc1258387 Cross-References: CVE-2025-5575...

8.7CVSS6.8AI score0.66535EPSS
Exploits4References7
OSV
OSV
added 2026/04/01 11:50 p.m.6 views

GHSA-F23M-R3PF-42RH lodash vulnerable to Prototype Pollution via array path bypass in `_.unset` and `_.omit`

Impact Lodash versions 4.17.23 and earlier are vulnerable to prototype pollution in the .unset and .omit functions. The fix for CVE-2025-13465 only guards against string key members, so an attacker can bypass the check by passing array-wrapped path segments. This allows deletion of properties fro...

6.5CVSS5.9AI score0.00317EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/04/01 11:50 p.m.38 views

lodash vulnerable to Prototype Pollution via array path bypass in `_.unset` and `_.omit`

Impact Lodash versions 4.17.23 and earlier are vulnerable to prototype pollution in the .unset and .omit functions. The fix for CVE-2025-13465 only guards against string key members, so an attacker can bypass the check by passing array-wrapped path segments. This allows deletion of properties fro...

6.5CVSS5.9AI score0.00317EPSS
Exploits0References4Affected Software4
OSV
OSV
added 2026/04/01 11:41 p.m.3 views

GHSA-GCP9-5JC8-976X phpMyFAQ has a LIKE Wildcard Injection in Search.php — Unescaped % and _ Metacharacters Enable Broad Content Disclosure

Summary The searchCustomPages method in phpmyfaq/src/phpMyFAQ/Search.php uses realescapestring via escape to sanitize the search term before embedding it in LIKE clauses. However, realescapestring does not escape SQL LIKE metacharacters % match any sequence and match any single character. An...

6.9CVSS5.9AI score0.00336EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/04/01 11:41 p.m.7 views

phpMyFAQ has a LIKE Wildcard Injection in Search.php — Unescaped % and _ Metacharacters Enable Broad Content Disclosure

Summary The searchCustomPages method in phpmyfaq/src/phpMyFAQ/Search.php uses realescapestring via escape to sanitize the search term before embedding it in LIKE clauses. However, realescapestring does not escape SQL LIKE metacharacters % match any sequence and match any single character. An...

6.9CVSS6AI score0.00336EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/04/01 11:40 p.m.3 views

GHSA-Q56X-G2FJ-4RJ6 ONNX: TOCTOU arbitrary file read/write in save_external_dat

Summary The saveexternaldata method seems to include multiple issues introducing a local TOCTOU vulnerability, an arbitrary file read/write on any system. It potentially includes a path validation bypass on Windows systems. Regarding the TOCTOU, an attacker seems to be able to overwrite victim's...

7.1CVSS5.7AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/01 11:40 p.m.12 views

ONNX: TOCTOU arbitrary file read/write in save_external_dat

Summary The saveexternaldata method seems to include multiple issues introducing a local TOCTOU vulnerability, an arbitrary file read/write on any system. It potentially includes a path validation bypass on Windows systems. Regarding the TOCTOU, an attacker seems to be able to overwrite victim's...

5.7AI score
Exploits0References2Affected Software1
OSV
OSV
added 2026/04/01 11:27 p.m.2 views

GHSA-44C2-3RW4-5GVH PraisonAI Has SSRF in FileTools.download_file() via Unvalidated URL

Summary FileTools.downloadfile in praisonaiagents validates the destination path but performs no validation on the url parameter, passing it directly to httpx.stream with followredirects=True. An attacker who controls the URL can reach any host accessible from the server including cloud metadata...

8.6CVSS5.9AI score0.00405EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/04/01 11:27 p.m.6 views

PraisonAI Has SSRF in FileTools.download_file() via Unvalidated URL

Summary FileTools.downloadfile in praisonaiagents validates the destination path but performs no validation on the url parameter, passing it directly to httpx.stream with followredirects=True. An attacker who controls the URL can reach any host accessible from the server including cloud metadata...

8.6CVSS5.9AI score0.00405EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/04/01 11:21 p.m.4 views

GHSA-X6M9-GXVR-7JPV PraisonAI: SSRF via Unvalidated api_base in passthrough() Fallback

Summary passthrough and apassthrough in praisonai accept a caller-controlled apibase parameter that is concatenated with endpoint and passed directly to httpx.Client.request when the litellm primary path raises AttributeError. No URL scheme validation, private IP filtering, or domain allowlist is...

7.7CVSS5.9AI score0.00337EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/04/01 11:21 p.m.6 views

PraisonAI: SSRF via Unvalidated api_base in passthrough() Fallback

Summary passthrough and apassthrough in praisonai accept a caller-controlled apibase parameter that is concatenated with endpoint and passed directly to httpx.Client.request when the litellm primary path raises AttributeError. No URL scheme validation, private IP filtering, or domain allowlist is...

7.7CVSS5.9AI score0.00337EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/04/01 11:21 p.m.3 views

GHSA-8W9J-HC3G-3G7F PraisonAI Has ReDoS via Unvalidated User-Controlled Regex in MCPToolIndex.search_tools()

Summary MCPToolIndex.searchtools compiles a caller-supplied string directly as a Python regular expression with no validation, sanitization, or timeout. A crafted regex causes catastrophic backtracking in the re engine, blocking the Python thread for hundreds of seconds and causing a complete...

6.5CVSS5.9AI score0.00402EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/04/01 11:21 p.m.9 views

PraisonAI Has ReDoS via Unvalidated User-Controlled Regex in MCPToolIndex.search_tools()

Summary MCPToolIndex.searchtools compiles a caller-supplied string directly as a Python regular expression with no validation, sanitization, or timeout. A crafted regex causes catastrophic backtracking in the re engine, blocking the Python thread for hundreds of seconds and causing a complete...

7.5CVSS5.9AI score0.00402EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/04/01 11:18 p.m.3 views

GHSA-W37C-QQFP-C67F PraisonAI: Shell Injection in run_python() via Unescaped $() Substitution

Summary runpython in praisonai constructs a shell command string by interpolating user-controlled code into python3 -c "" and passing it to subprocess.run..., shell=True. The escaping logic only handles \ and ", leaving $ and backtick substitutions unescaped, allowing arbitrary OS command executi...

7.8CVSS6.3AI score0.00545EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/04/01 11:18 p.m.8 views

PraisonAI: Shell Injection in run_python() via Unescaped $() Substitution

Summary runpython in praisonai constructs a shell command string by interpolating user-controlled code into python3 -c "" and passing it to subprocess.run..., shell=True. The escaping logic only handles \ and ", leaving $ and backtick substitutions unescaped, allowing arbitrary OS command executi...

9.8CVSS6.2AI score0.00545EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder