Lucene search
+L

25938 matches found

EUVD
EUVD
added 3 days ago6 views

EUVD-2026-44643

PraisonAI before 4.6.78 contains a remote code execution vulnerability in JobWorkflowExecutor.execinlinepython due to insufficient AST validation of workflow script steps. Attackers can create malicious YAML workflow files with import os statements followed by os.system calls that bypass sandbox...

7.3CVSS6.6AI score0.00202EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-44636

PraisonAI before 4.6.78 contains an unenforced security policy vulnerability in the default Subprocess Sandbox backend where blockedcommands, blockedpaths, blockedimports, allowsubprocess, and allowfilewrite restrictions are completely ignored. Attackers can execute arbitrary subprocess commands,...

8.7CVSS6.3AI score0.00241EPSS
Exploits0References2
Cvelist
Cvelist
added 3 days ago29 views

CVE-2026-60085 PraisonAI before 4.6.78 Unenforced Security Policy in Subprocess Sandbox

PraisonAI before 4.6.78 contains an unenforced security policy vulnerability in the default Subprocess Sandbox backend where blockedcommands, blockedpaths, blockedimports, allowsubprocess, and allowfilewrite restrictions are completely ignored. Attackers can execute arbitrary subprocess commands,...

8.7CVSS0.00241EPSS
Exploits0References2
OSV
OSV
added 3 days ago4 views

CVE-2026-60085 PraisonAI before 4.6.78 Unenforced Security Policy in Subprocess Sandbox

PraisonAI before 4.6.78 contains an unenforced security policy vulnerability in the default Subprocess Sandbox backend where blockedcommands, blockedpaths, blockedimports, allowsubprocess, and allowfilewrite restrictions are completely ignored. Attackers can execute arbitrary subprocess commands,...

8.7CVSS6.3AI score0.00241EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 3 days ago5 views

firefox: thunderbird: Sandbox escape due to incorrect boundary conditions in the Networking component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape due to incorrect boundary conditions in the Networking component...

9.6CVSS6AI score0.00393EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 3 days ago5 views

firefox: thunderbird: Information disclosure, sandbox escape in the Security: Process Sandboxing component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Information disclosure, sandbox escape in the Security: Process Sandboxing component...

4.7CVSS6AI score0.00175EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 3 days ago5 views

firefox: thunderbird: Sandbox escape in the Security: Process Sandboxing component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape in the Security: Process Sandboxing component...

9.6CVSS6AI score0.00393EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 3 days ago6 views

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

9.6CVSS6.1AI score0.00476EPSS
Exploits0References30
RedHat Linux
RedHat Linux
added 3 days ago5 views

firefox: thunderbird: Sandbox escape in the DOM: Workers component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape in the DOM: Workers component...

9.6CVSS6AI score0.00363EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 3 days ago5 views

firefox: thunderbird: Information disclosure, sandbox escape in the Security: Process Sandboxing component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Information disclosure, sandbox escape in the Security: Process Sandboxing component...

4.7CVSS6AI score0.00185EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 3 days ago8 views

firefox: thunderbird: Sandbox escape in the DOM: Navigation component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape in the DOM: Navigation component...

9.6CVSS6AI score0.00393EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 3 days ago7 views

RHEL 8 : thunderbird (RHSA-2026:39428)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:39428 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: thunderbird: Sandbox escape in the DOM: Workers...

9.6CVSS6.2AI score0.00476EPSS
Exploits0References60
Tenable Nessus
Tenable Nessus
added 3 days ago8 views

Google Chrome < 150.0.7871.124 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 150.0.7871.124. It is, therefore, affected by multiple vulnerabilities as referenced in the 202607stable-channel-update-for-desktop0353146366 advisory. - Use after free in UI in Google Chrome on Linux prior to...

9.6CVSS6.2AI score0.00328EPSS
Exploits0References31
Tenable Nessus
Tenable Nessus
added 3 days ago8 views

RHEL 9 : thunderbird (RHSA-2026:39706)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:39706 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: thunderbird: Sandbox escape in the DOM: Workers...

9.6CVSS6.2AI score0.00476EPSS
Exploits0References60
OSV
OSV
added 4 days ago4 views

DEBIAN-CVE-2026-49981

Twig is a template language for PHP. Prior to 3.27.0, the per-template filter, tag, and function allow-list verdict is computed when a Template instance is constructed and can remain cached after sandbox state changes between renders, allowing a later sandboxed render to reuse a template that was...

8.2CVSS6.1AI score0.00362EPSS
Exploits0References1
NVD
NVD
added 4 days ago7 views

CVE-2026-49981

Twig is a template language for PHP. Prior to 3.27.0, the per-template filter, tag, and function allow-list verdict is computed when a Template instance is constructed and can remain cached after sandbox state changes between renders, allowing a later sandboxed render to reuse a template that was...

8.2CVSS0.00362EPSS
Exploits0References3
NVD
NVD
added 4 days ago9 views

CVE-2026-48807

Twig is a template language for PHP. Prior to 3.27.0, the sandbox toString checks do not fully cover Traversable values passed to join and replace filters or operands evaluated by the in and not in operators, allowing contained Stringable objects to be coerced to strings without consulting the...

9.1CVSS0.00215EPSS
Exploits0References2
NVD
NVD
added 4 days ago8 views

CVE-2026-48808

Twig is a template language for PHP. Prior to 3.27.0, the column filter passes the active sandbox state as a boolean but does not forward the current Source to SandboxExtension::checkPropertyAllowed, so SourcePolicyInterface decisions are lost and a template author can read public or magic...

7.5CVSS0.00239EPSS
Exploits0References3
NVD
NVD
added 4 days ago8 views

CVE-2026-48805

Twig is a template language for PHP. Prior to 3.27.0, deprecated internal wrappers in src/Resources/core.php do not forward the current sandbox state to CoreExtension::checkArrow, arraySome, and arrayEvery, allowing legacy calls such as twigarraysome, twigarrayevery, and twigcheckarrowinsandbox t...

9.1CVSS0.0027EPSS
Exploits0References3
NVD
NVD
added 4 days ago9 views

CVE-2026-48806

Twig is a template language for PHP. Prior to 3.27.0, ArrayExpression does not guard dynamic mapping keys that are coerced to strings, allowing PHP to invoke toString on a Stringable object used as a mapping key without calling SandboxExtension::ensureToStringAllowed. This issue is fixed in versi...

9.1CVSS0.00234EPSS
Exploits0References3
Rows per page
Query Builder