11 matches found
PT-2026-31996
Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 4.5.128 Description PraisonAI’s Model Context Protocol MCP integration allows spawning background servers via stdio using user-supplied command strings, such as MCP"npx -y @smithery/cli ...". These commands are...
PraisonAI 参数注入漏洞
PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI prior to 4.5.128 contained a parameter injection vulnerability. This vulnerability stemmed from the deploy.py script, which did not validate the values containing commas when constructin...
CVE-2026-25438
The CVE describes a Reflected XSS in the WordPress Gutenberg Blocks “Unlimited blocks for Gutenberg” plugin, affecting versions up to and including 1.2.8. The root cause is improper neutralization of input during web page generation. The affected component is the WordPress Gutenberg Blocks integr...
CVE-2025-12817
creationtimestamp| type| source ---|---|--- 2025-11-13 15:04:13+00:00| seen| https://infosec.exchange/users/cR0w/statuses/115542999175905854 2025-11-14 17:36:20+00:00| seen| https://seclists.org/oss-sec/2025/q4/182 2025-12-26 11:15:11+00:00| seen|...
CVE-2025-62940
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Nick Diego Blox Lite blox-lite allows Stored XSS.This issue affects Blox Lite: from n/a through = 1.2.8...
Linux Distros Unpatched Vulnerability : CVE-2025-62594
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ImageMagick is a software suite to create, edit, compose, or convert bitmap images. ImageMagick versions prior to 7.1.2-8 are vulnerable to denial-of-service du...
Deno 数据伪造问题漏洞
Deno is a simple, modern and secure JavaScript and TypeScript runtime environment from Deno Open Source. A data forgery issue vulnerability exists in Deno versions 1.46.0 through 2.1.6, which stems from the AES-256-GCM and AES-128-GCM unvalidated authentication tags, and could lead to a failure o...
kernel: vmwgfx: NULL pointer dereference in vmw_cmd_dx_define_query
A NULL pointer dereference issue was found in the Linux kernel's vmwgfx driver in vmwcmddxdefinequery. This flaw allows a local, unprivileged attacker with access to either /dev/dri/card0 or /dev/dri/rendererD128, who can issue an ioctl on the resulting file descriptor, to crash the system, causi...
CVE-2001-1228
creationtimestamp| type| source ---|---|--- 2023-12-24 08:20:31+00:00| seen| https://t.me/arpsyndicate/2161...
OPENSUSE-SU-2021:0567-1 Security update for chromium
This update for chromium fixes the following issues: - Chromium 89.0.4389.128 boo1184700: CVE-2021-21206: Use after free in blink CVE-2021-21220: Insufficient validation of untrusted input in v8 for x8664...
MISP cross-site scripting vulnerability (CNVD-2021-07507)
MISP is an open source software solution. The product is used to collect, store, distribute and share cybersecurity metrics and has features such as threat cybersecurity event analysis and malware analysis. A cross-site scripting vulnerability exists in MISP version 2.4.128. The vulnerability ste...