Lucene search
+L

11 matches found

NVD
NVD
added 6 days ago8 views

CVE-2026-60089

PraisonAI pip package praisonaiagents before 1.6.78 automatically loads defaults from a project-local .praisonai/config.toml when constructing an Agent, and does not validate the defaults.output.outputfile path. A repository-controlled config file can set outputfile to an absolute or '..' travers...

6.9CVSS0.00141EPSS
Exploits0References3
Cvelist
Cvelist
added 6 days ago29 views

CVE-2026-60089 PraisonAI before 1.6.78 Path Traversal via config.toml

PraisonAI pip package praisonaiagents before 1.6.78 automatically loads defaults from a project-local .praisonai/config.toml when constructing an Agent, and does not validate the defaults.output.outputfile path. A repository-controlled config file can set outputfile to an absolute or '..' travers...

6.9CVSS0.00141EPSS
Exploits0References3
NVD
NVD
added 2026/07/08 3:16 p.m.7 views

CVE-2026-49145

App::Ack versions through 3.10.0 for Perl read arbitrary files via --files-from in a project .ackrc. ack searches up the directory hierarchy from the current directory for a project .ackrc and loads its options. The project-source option blocklist in App::Ack::ConfigLoader does not include...

7.5CVSS0.00329EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/08 2:55 p.m.5 views

EUVD-2026-42274

App::Ack versions before 3.10.0 for Perl allow memory exhaustion via an unbounded context value in a project .ackrc. ack searches up the directory hierarchy from the current directory for a project .ackrc and loads its options. The -B and -C context options accepted any positive integer, and ack...

7.5CVSS6.1AI score0.0038EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 5:23 p.m.6 views

EUVD-2025-32311

Cursor is a code editor built for programming with AI. In versions 1.7 and below, automatic loading of project-specific CLI configuration from the current working directory /.cursor/cli.json could override certain global configurations in Cursor CLI. This allowed users running the CLI inside a...

8.8CVSS7.3AI score0.00421EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/03 5:23 p.m.13 views

CVE-2025-61592 Cursor CLI: Arbitrary Code Execution Possible through Permissive CLI Config

Cursor is a code editor built for programming with AI. In versions 1.7 and below, automatic loading of project-specific CLI configuration from the current working directory /.cursor/cli.json could override certain global configurations in Cursor CLI. This allowed users running the CLI inside a...

8.8CVSS0.00421EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/08/13 10:28 p.m.12 views

CVE-2025-55012

Zed is a multiplayer code editor. Prior to version 0.197.3, in the Zed Agent Panel allowed for an AI agent to achieve Remote Code Execution RCE by bypassing user permission checks. An AI Agent could have exploited a permissions bypass vulnerability to create or modify a project-specific...

8.5CVSS8.4AI score0.00205EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/11 9:25 p.m.9 views

CVE-2025-55012 Zed AI Agent Remote Code Execution

Zed is a multiplayer code editor. Prior to version 0.197.3, in the Zed Agent Panel allowed for an AI agent to achieve Remote Code Execution RCE by bypassing user permission checks. An AI Agent could have exploited a permissions bypass vulnerability to create or modify a project-specific...

8.5CVSS0.00205EPSS
Exploits0References1
OSV
OSV
added 2025/04/16 11:15 p.m.3 views

CVE-2025-1568

Access Control Vulnerability in Gerrit chromiumos project configuration in Google ChromeOS 16063.87.0 allows an attacker with a registered Gerrit account to inject malicious code into ChromeOS projects and potentially achieve Remote Code Execution and Denial of Service via editing trusted pipelin...

8.8CVSS5.9AI score0.00353EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/06/25 1:6 p.m.8 views

Malicious code in u-workflow.module.common.project-config (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
OSV
OSV
added 2024/06/25 1:6 p.m.4 views

MAL-2024-3251 Malicious code in u-workflow.module.common.project-config (npm)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0
Rows per page
Query Builder