CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

43 matches found

NVD•added 2026/05/08 2:16 p.m.•6 views

CVE-2026-44336

PraisonAI is a multi-agent teams system. Prior to version 4.6.34, PraisonAI's MCP Model Context Protocol server praisonai mcp serve registers four file-handling tools by default — praisonai.rules.create, praisonai.rules.show, praisonai.rules.delete, and praisonai.workflow.show. Each accepts a pat...

9.6CVSS0.00135EPSS

Exploits1References1

RedhatCVE•added 2026/04/30 8:48 p.m.•1 views

CVE-2026-7403

A security flaw has been discovered in geldata gel-mcp 0.1.0. This impacts the function listrules/fetchrule of the file src/gelmcp/server.py. The manipulation of the argument rulename results in path traversal. The attack may be performed from remote. The exploit has been released to the public a...

6.9CVSS5.4AI score0.00018EPSS

Exploits0References1

Cvelist•added 2026/04/29 8:0 p.m.•22 views

CVE-2026-7403 geldata gel-mcp server.py fetch_rule path traversal

6.9CVSS0.00018EPSS

Exploits0References5

EUVD•added 2026/04/29 8:0 p.m.•2 views

EUVD-2026-26287

6.9CVSS5.4AI score0.00018EPSS

Exploits0References5

ATTACKERKB•added 2026/04/29 8:0 p.m.•1 views

CVE-2026-7403

6.9CVSS5.4AI score0.00018EPSS

Exploits0References5Affected Software1

CNNVD•added 2026/04/29 12:0 a.m.•4 views

Gel MCP server 路径遍历漏洞

The Gel MCP server is a MCP server tool developed by Gel for the Gel open-source database. Version 0.1.0 of the Gel MCP server contains a path traversal vulnerability. This vulnerability stems from improper handling of the parameter rulename in the listrules/fetchrule function located in the file...

6.9CVSS6AI score0.00018EPSS

Exploits0References1

Positive Technologies•added 2026/04/29 12:0 a.m.•2 views

PT-2026-36005

A security flaw has been discovered in geldata gel-mcp 0.1.0. This impacts the function list rules/fetch rule of the file src/gel mcp/server.py. The manipulation of the argument rule name results in path traversal. The attack may be performed from remote. The exploit has been released to the publ...

6.9CVSS5.4AI score0.00018EPSS

Exploits0References5

RedhatCVE•added 2026/02/20 7:40 p.m.•2 views

CVE-2026-23606

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Advanced Content Filtering rule creation workflow. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv1$txtRuleName parameter to...

5.4CVSS5.4AI score0.00045EPSS

Exploits0References1

RedhatCVE•added 2026/02/20 7:40 p.m.•3 views

CVE-2026-23605

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Attachment Filtering rule creation workflow. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv1$TXBRuleName parameter to...

5.4CVSS5.4AI score0.00045EPSS

Exploits0References1

RedhatCVE•added 2026/02/20 7:40 p.m.•3 views

CVE-2026-23604

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Keyword Filtering rule creation workflow. An authenticated user can supply HTML/JavaScript in the ctl00$ContentPlaceHolder1$pv1$TXBRuleName parameter to...

5.4CVSS5.4AI score0.00045EPSS

Exploits0References1

OSV•added 2026/02/19 6:24 p.m.•1 views

CVE-2026-23606

5.4CVSS5.8AI score0.00045EPSS

Exploits0References2

OSV•added 2026/02/19 6:24 p.m.•1 views

CVE-2026-23604

5.4CVSS5.8AI score0.00045EPSS

Exploits0References2

OSV•added 2026/02/19 6:24 p.m.•1 views

CVE-2026-23605

5.4CVSS5.8AI score

Exploits0References2

NVD•added 2026/02/19 6:24 p.m.•2 views

CVE-2026-23606

5.4CVSS0.00045EPSS

Exploits0References2

Vulnrichment•added 2026/02/19 5:55 p.m.•1 views

CVE-2026-23606 GFI MailEssentials AI < 22.4 Advanced Content Filtering Rule Stored XSS

5.4CVSS5.4AI score0.00045EPSS

Exploits0References2

Cvelist•added 2026/02/19 5:55 p.m.•18 views

CVE-2026-23606 GFI MailEssentials AI < 22.4 Advanced Content Filtering Rule Stored XSS

5.4CVSS0.00045EPSS

Exploits0References2

CVE•added 2026/02/19 5:54 p.m.•5 views

CVE-2026-23605

GFI MailEssentials AI (before 22.4) contains a stored XSS in the Attachment Filtering rule creation workflow. An authenticated user can inject HTML/JavaScript into the ctl00$ContentPlaceHolder1$pv1$TXB_RuleName parameter of /MailEssentials/pages/MailSecurity/attachmentchecking.aspx. The input is ...

5.4CVSS5.4AI score0.00045EPSS

Exploits0References2Affected Software1

Cvelist•added 2026/02/19 5:54 p.m.•18 views

CVE-2026-23605 GFI MailEssentials AI < 22.4 Attachment Filtering Rule Stored XSS

5.4CVSS0.00045EPSS

Exploits0References2

Cvelist•added 2026/02/19 5:54 p.m.•18 views

CVE-2026-23604 GFI MailEssentials AI < 22.4 Keyword Filtering Rule Stored XSS

5.4CVSS0.00045EPSS

Exploits0References2

OSV•added 2025/12/23 6:19 p.m.•2 views

GHSA-C89F-8G7G-59WJ LibreNMS Alert Rule API Cross-Site Scripting Vulnerability

Please find POC file here https://trendmicro-my.sharepoint.com/:u:/p/kholoudaltookhy/IQCfcnOE5ykQSb6Fm-HFI872AZzeIJxU-3aDk0jheXNE?e=zkN76d ZDI-CAN-28575: LibreNMS Alert Rule API Cross-Site Scripting Vulnerability -- CVSS ----------------------------------------- 4.3:...

4.3CVSS6.2AI score0.00001EPSS

Exploits1References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by