Lucene search
+L

4016 matches found

nvd
nvd
added 14 hours ago4 views

CVE-2026-11371

The BetterDocs WordPress plugin before 4.5.5 does not sanitise an AI-generated documentation summary before storing and outputting it, and the feature that generates it is exposed to unauthenticated users, allowing them to store a malicious payload via prompt injection that executes in the browse...

6.1CVSS
Exploits0References1
attackerkb
attackerkb
added 15 hours ago4 views

CVE-2026-11371

The BetterDocs WordPress plugin before 4.5.5 does not sanitise an AI-generated documentation summary before storing and outputting it, and the feature that generates it is exposed to unauthenticated users, allowing them to store a malicious payload via prompt injection that executes in the browse...

6.1CVSS6.1AI score
Exploits0References1
cvelist
cvelist
added 15 hours ago11 views

CVE-2026-11371 BetterDocs < 4.5.5 - Unauthenticated Stored XSS via AI Doc Summarizer Prompt Injection

The BetterDocs WordPress plugin before 4.5.5 does not sanitise an AI-generated documentation summary before storing and outputting it, and the feature that generates it is exposed to unauthenticated users, allowing them to store a malicious payload via prompt injection that executes in the browse...

Exploits0References1
cve
cve
added 15 hours ago5 views

CVE-2026-11371

The BetterDocs WordPress plugin before 4.5.5 does not sanitise an AI-generated documentation summary before storing and outputting it, and the feature that generates it is exposed to unauthenticated users, allowing them to store a malicious payload via prompt injection that executes in the browse...

6.1CVSS6.1AI score
Exploits0References1
euvd
euvd
added 15 hours ago4 views

EUVD-2026-44870

The BetterDocs WordPress plugin before 4.5.5 does not sanitise an AI-generated documentation summary before storing and outputting it, and the feature that generates it is exposed to unauthenticated users, allowing them to store a malicious payload via prompt injection that executes in the browse...

6.1CVSS6.1AI score
Exploits0References1
cve
cve
added yesterday6 views

CVE-2026-58658

Summary. CVE-2026-58658 affects GPUStack up to version 2.2.1 and was fixed by commit 4e20551. An unauthenticated attacker can abuse unprotected /serveLogs and /debug endpoints on the worker port to disclose sensitive information and configure logs. Specifically, attackers can enumerate model inst...

8.8CVSS6.1AI score
Exploits0References3
euvd
euvd
added 3 days ago9 views

EUVD-2026-43262

A vulnerability was found in usestrix strix up to 1.0.2. This affects an unknown function of the file systemprompt.jinja of the component PyPI Handler. Performing a manipulation results in inclusion of functionality from untrusted control sphere. The attack is possible to be carried out remotely...

5.1CVSS5.4AI score0.00238EPSS
Exploits0References5
cve
cve
added 3 days ago17 views

CVE-2026-15519

The CVE-2026-15519 entry affects usestrix strix up to 1.0.2, specifically the PyPI Handler’s file system_prompt.jinja. A manipulation can cause inclusion of functionality from an untrusted control sphere. The vulnerability is exploitable remotely with network impact and a high attack complexity; ...

5.1CVSS5.4AI score0.00238EPSS
Exploits0References5
nvd
nvd
added 5 days ago7 views

CVE-2026-61447

PraisonAI before 1.6.78 contains a remote code execution vulnerability in CodeAgent.executepython that executes LLM-generated Python code without AST validation, import restrictions, or sandbox enforcement. Attackers can influence LLM output through prompt injection to exfiltrate all environment...

10CVSS0.00544EPSS
Exploits0References2
nvd
nvd
added 5 days ago6 views

CVE-2026-61439

PraisonAI versions before 4.6.78 contain a prompt injection defense misconfiguration where the block threshold defaults to CRITICAL severity, allowing HIGH-level threats to pass through unblocked. Attackers can submit single-vector prompt injection attacks such as instruction overrides or financi...

8.7CVSS0.0026EPSS
Exploits0References2
cve
cve
added 5 days ago26 views

CVE-2026-61447

PraxionAI before 1.6.78 exposes a remote code execution flaw in CodeAgent._execute_python() that executes LLM-generated Python code without AST validation, import restrictions, or sandboxing. This enables prompt-injection to exfiltrate environment secrets and run arbitrary code on the host. The v...

10CVSS6.7AI score0.00544EPSS
Exploits0References2
cvelist
cvelist
added 5 days ago35 views

CVE-2026-61447 PraisonAI before 1.6.78 Remote Code Execution via CodeAgent

PraisonAI before 1.6.78 contains a remote code execution vulnerability in CodeAgent.executepython that executes LLM-generated Python code without AST validation, import restrictions, or sandbox enforcement. Attackers can influence LLM output through prompt injection to exfiltrate all environment...

10CVSS0.00544EPSS
Exploits0References2
euvd
euvd
added 5 days ago11 views

EUVD-2026-43182

PraisonAI before 1.6.78 contains a remote code execution vulnerability in CodeAgent.executepython that executes LLM-generated Python code without AST validation, import restrictions, or sandbox enforcement. Attackers can influence LLM output through prompt injection to exfiltrate all environment...

10CVSS6.7AI score0.00544EPSS
Exploits0References2
euvd
euvd
added 5 days ago6 views

EUVD-2026-43181

PraisonAI before 4.6.78 contains arbitrary file write and command execution vulnerabilities in the AICoder component due to missing path validation and command sanitization in LLM tool calls. Attackers can inject malicious prompts through the chat interface to write files to arbitrary filesystem...

9.9CVSS6.3AI score0.00538EPSS
Exploits0References2
cve
cve
added 5 days ago22 views

CVE-2026-61445

Summary (CVE-2026-61445) PraisonAI prior to 4.6.78 exposes arbitrary file write and command execution via the AICoder component. The root cause is missing path validation and lack of command sanitization in LLM tool calls, enabling an attacker to inject malicious prompts through the chat interfac...

9.9CVSS6.3AI score0.00538EPSS
Exploits0References2
cve
cve
added 5 days ago19 views

CVE-2026-61439

Summary: CVE-2026-61439 affects PraisonAI

8.7CVSS6.1AI score0.0026EPSS
Exploits0References2
cvelist
cvelist
added 5 days ago35 views

CVE-2026-61439 PraisonAI before 4.6.78 Prompt Injection Defense Bypass

PraisonAI versions before 4.6.78 contain a prompt injection defense misconfiguration where the block threshold defaults to CRITICAL severity, allowing HIGH-level threats to pass through unblocked. Attackers can submit single-vector prompt injection attacks such as instruction overrides or financi...

8.7CVSS0.0026EPSS
Exploits0References2
euvd
euvd
added 5 days ago13 views

EUVD-2026-43179

PraisonAI versions before 4.6.78 contain a prompt injection defense misconfiguration where the block threshold defaults to CRITICAL severity, allowing HIGH-level threats to pass through unblocked. Attackers can submit single-vector prompt injection attacks such as instruction overrides or financi...

8.7CVSS6.1AI score0.0026EPSS
Exploits0References2
osv
osv
added 5 days ago2 views

CVE-2026-61439 PraisonAI before 4.6.78 Prompt Injection Defense Bypass

PraisonAI versions before 4.6.78 contain a prompt injection defense misconfiguration where the block threshold defaults to CRITICAL severity, allowing HIGH-level threats to pass through unblocked. Attackers can submit single-vector prompt injection attacks such as instruction overrides or financi...

8.7CVSS6.1AI score0.0026EPSS
Exploits0References4
ptsecurity
ptsecurity
added 5 days ago9 views

PT-2026-57440

Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 1.6.78 Description A remote code execution issue exists in the CodeAgent. execute python function. The software executes Python code generated by a Large Language Model LLM without employing Abstract Syntax Tree AST...

10CVSS6.7AI score0.00544EPSS
Exploits0References10
Rows per page
Query Builder