Lucene search
K

126621 matches found

Github Security Blog
Github Security Blog
added 2026/04/01 11:41 p.m.7 views

phpMyFAQ has a LIKE Wildcard Injection in Search.php — Unescaped % and _ Metacharacters Enable Broad Content Disclosure

Summary The searchCustomPages method in phpmyfaq/src/phpMyFAQ/Search.php uses realescapestring via escape to sanitize the search term before embedding it in LIKE clauses. However, realescapestring does not escape SQL LIKE metacharacters % match any sequence and match any single character. An...

6.9CVSS6AI score0.00336EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/04/01 11:40 p.m.3 views

GHSA-Q56X-G2FJ-4RJ6 ONNX: TOCTOU arbitrary file read/write in save_external_dat

Summary The saveexternaldata method seems to include multiple issues introducing a local TOCTOU vulnerability, an arbitrary file read/write on any system. It potentially includes a path validation bypass on Windows systems. Regarding the TOCTOU, an attacker seems to be able to overwrite victim's...

7.1CVSS5.7AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/01 11:40 p.m.12 views

ONNX: TOCTOU arbitrary file read/write in save_external_dat

Summary The saveexternaldata method seems to include multiple issues introducing a local TOCTOU vulnerability, an arbitrary file read/write on any system. It potentially includes a path validation bypass on Windows systems. Regarding the TOCTOU, an attacker seems to be able to overwrite victim's...

5.7AI score
Exploits0References2Affected Software1
OSV
OSV
added 2026/04/01 11:27 p.m.2 views

GHSA-44C2-3RW4-5GVH PraisonAI Has SSRF in FileTools.download_file() via Unvalidated URL

Summary FileTools.downloadfile in praisonaiagents validates the destination path but performs no validation on the url parameter, passing it directly to httpx.stream with followredirects=True. An attacker who controls the URL can reach any host accessible from the server including cloud metadata...

8.6CVSS5.9AI score0.00405EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/04/01 11:27 p.m.6 views

PraisonAI Has SSRF in FileTools.download_file() via Unvalidated URL

Summary FileTools.downloadfile in praisonaiagents validates the destination path but performs no validation on the url parameter, passing it directly to httpx.stream with followredirects=True. An attacker who controls the URL can reach any host accessible from the server including cloud metadata...

8.6CVSS5.9AI score0.00405EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/04/01 11:21 p.m.4 views

GHSA-X6M9-GXVR-7JPV PraisonAI: SSRF via Unvalidated api_base in passthrough() Fallback

Summary passthrough and apassthrough in praisonai accept a caller-controlled apibase parameter that is concatenated with endpoint and passed directly to httpx.Client.request when the litellm primary path raises AttributeError. No URL scheme validation, private IP filtering, or domain allowlist is...

7.7CVSS5.9AI score0.00337EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/04/01 11:21 p.m.6 views

PraisonAI: SSRF via Unvalidated api_base in passthrough() Fallback

Summary passthrough and apassthrough in praisonai accept a caller-controlled apibase parameter that is concatenated with endpoint and passed directly to httpx.Client.request when the litellm primary path raises AttributeError. No URL scheme validation, private IP filtering, or domain allowlist is...

7.7CVSS5.9AI score0.00337EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/04/01 11:21 p.m.3 views

GHSA-8W9J-HC3G-3G7F PraisonAI Has ReDoS via Unvalidated User-Controlled Regex in MCPToolIndex.search_tools()

Summary MCPToolIndex.searchtools compiles a caller-supplied string directly as a Python regular expression with no validation, sanitization, or timeout. A crafted regex causes catastrophic backtracking in the re engine, blocking the Python thread for hundreds of seconds and causing a complete...

6.5CVSS5.9AI score0.00402EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/04/01 11:21 p.m.9 views

PraisonAI Has ReDoS via Unvalidated User-Controlled Regex in MCPToolIndex.search_tools()

Summary MCPToolIndex.searchtools compiles a caller-supplied string directly as a Python regular expression with no validation, sanitization, or timeout. A crafted regex causes catastrophic backtracking in the re engine, blocking the Python thread for hundreds of seconds and causing a complete...

7.5CVSS5.9AI score0.00402EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/04/01 11:18 p.m.3 views

GHSA-W37C-QQFP-C67F PraisonAI: Shell Injection in run_python() via Unescaped $() Substitution

Summary runpython in praisonai constructs a shell command string by interpolating user-controlled code into python3 -c "" and passing it to subprocess.run..., shell=True. The escaping logic only handles \ and ", leaving $ and backtick substitutions unescaped, allowing arbitrary OS command executi...

7.8CVSS6.3AI score0.00545EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/04/01 11:18 p.m.8 views

PraisonAI: Shell Injection in run_python() via Unescaped $() Substitution

Summary runpython in praisonai constructs a shell command string by interpolating user-controlled code into python3 -c "" and passing it to subprocess.run..., shell=True. The escaping logic only handles \ and ", leaving $ and backtick substitutions unescaped, allowing arbitrary OS command executi...

9.8CVSS6.2AI score0.00545EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/01 11:1 p.m.5 views

CVE-2025-62184

Pega Platform versions 8.1.0 through 25.1.0 are affected by a Stored Cross-site Scripting vulnerability in a user interface component. Requires an administrative user and given extensive access rights, impact to Confidentiality is low and Integrity is none...

4.8CVSS5.9AI score0.00258EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/01 11:1 p.m.5 views

CVE-2026-34611

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo endpoint objects/emailAllUsers.json.php allows administrators to send HTML emails to every registered user on the platform. While the endpoint verifies admin session status, it does not validate a CSRF token...

6.5CVSS6AI score0.00157EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/04/01 11:1 p.m.5 views

CVE-2026-34613

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo endpoint objects/pluginSwitch.json.php allows administrators to enable or disable any installed plugin. The endpoint checks for an active admin session but does not validate a CSRF token. Additionally, the plugin...

6.5CVSS5.9AI score0.00201EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/04/01 11:0 p.m.4 views

CVE-2026-34739

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the UserLocation plugin's testIP.php page reflects the ip request parameter directly into an HTML input element without applying htmlspecialchars or any other output encoding. This allows an attacker to inject arbitrary HTM...

6.1CVSS6AI score0.0022EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/04/01 11:0 p.m.5 views

CVE-2026-34381

Admidio is an open-source user management solution. From version 5.0.0 to before version 5.0.8, Admidio relies on admmyfiles/.htaccess to deny direct HTTP access to uploaded documents. The Docker image ships with AllowOverride None in the Apache configuration, which causes Apache to silently igno...

7.5CVSS5.7AI score0.00575EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/04/01 11:0 p.m.2 views

CVE-2026-34394

WWBN AVideo is an open source video platform. In versions 26.0 and prior, AVideo's admin plugin configuration endpoint admin/save.json.php lacks any CSRF token validation. There is no call to isGlobalTokenValid or verifyToken before processing the request. Combined with the application's explicit...

8.1CVSS6AI score0.00233EPSS
Exploits1References1
vulnersOsv
vulnersOsv
added 2026/04/01 10:38 p.m.4 views

algokit (>=2.9.0 <=2.10.0), biopipen (>=1.0.0 <=1.3.8) +9 more potentially affected by CVE-2026-34730 via copier (>=9.0.1 <=9.11.3)

copier PYPI version =9.0.1, =2.9.0, =1.0.0, =2.2.2, =1.2.1, =4.13.6, =4.13.6, =5.0.0b4, =4.13.6, =4.13.6, =2.14.1, =2.51.0 Source cves: CVE-2026-34730 Source advisory: SNYK:PYTHON-COPIER-15874120...

5.5CVSS5.4AI score0.00287EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/04/01 10:28 p.m.4 views

algokit (>=2.9.0 <=2.10.0), biopipen (>=1.0.0 <=1.3.8) +9 more potentially affected by CVE-2026-34726 via copier (>=9.0.1 <=9.11.3)

copier PYPI version =9.0.1, =2.9.0, =1.0.0, =2.2.2, =1.2.1, =4.13.6, =4.13.6, =5.0.0b4, =4.13.6, =4.13.6, =2.14.1, =2.51.0 Source cves: CVE-2026-34726 Source advisory: SNYK:PYTHON-COPIER-15874119...

4.4CVSS5.4AI score0.00383EPSS
Exploits1
OSV
OSV
added 2026/04/01 10:17 p.m.1 views

GHSA-2599-H6XX-HPXP Poetry Has Wheel Path Traversal Which Can Lead to Arbitrary File Write

Summary A crafted wheel can contain ../ paths that Poetry writes to disk without containment checks, allowing arbitrary file write with the privileges of the Poetry process. Impact Arbitrary file write path traversal from untrusted wheel content. Impacts users/CI/CD systems installing malicious o...

7.1CVSS6AI score0.00468EPSS
Exploits1References6
Rows per page
Query Builder