Lucene search
K

1387 matches found

Vulnrichment
Vulnrichment
added 2026/04/03 10:49 p.m.3 views

CVE-2026-34934 PraisonAI: Second-Order SQL Injection in `get_all_user_threads`

PraisonAI is a multi-agent teams system. Prior to version 4.5.90, the getalluserthreads function constructs raw SQL queries using f-strings with unescaped thread IDs fetched from the database. An attacker stores a malicious thread ID via updatethread. When the application loads the thread list, t...

9.8CVSS5.9AI score0.00533EPSS
Exploits1References1
CVE
CVE
added 2026/04/03 10:49 p.m.13 views

CVE-2026-34934

Summary: PraisonAI is affected by a second‑order SQL injection in the get_all_user_threads flow. The function builds raw SQL queries by interpolating unescaped thread IDs retrieved from the DB, enabling an attacker to inject via update_thread. When PraisonAI loads the thread list, the payload can...

9.8CVSS5.8AI score0.00533EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/04/03 10:49 p.m.15 views

CVE-2026-34934 PraisonAI: Second-Order SQL Injection in `get_all_user_threads`

PraisonAI is a multi-agent teams system. Prior to version 4.5.90, the getalluserthreads function constructs raw SQL queries using f-strings with unescaped thread IDs fetched from the database. An attacker stores a malicious thread ID via updatethread. When the application loads the thread list, t...

9.8CVSS0.00533EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/04/03 6:47 p.m.4 views

CVE-2026-23460

A flaw was found in the Linux kernel's net/rose component. A local user can trigger a NULL pointer dereference by calling connect a second time while a connection attempt is already in progress. This improper handling of concurrent connection attempts can lead to a system crash, resulting in a...

5.9AI score0.00123EPSS
Exploits0References4
NVD
NVD
added 2026/04/03 4:16 p.m.6 views

CVE-2026-23460

In the Linux kernel, the following vulnerability has been resolved: net/rose: fix NULL pointer dereference in rosetransmitlink on reconnect syzkaller reported a bug 1, and the reproducer is available at 2. ROSE sockets use four sk-skstate values: TCPCLOSE, TCPLISTEN, TCPSYNSENT, and TCPESTABLISHE...

5.5CVSS0.00123EPSS
Exploits0References8
EUVD
EUVD
added 2026/04/03 3:30 p.m.5 views

EUVD-2026-18651

UNSUPPORTED WHEN ASSIGNED Focalboard version 8.0 fails to sanitize category IDs before incorporating them into dynamic SQL statements when reordering categories. An attacker can inject a malicious SQL payload into the category id field, which is stored in the database and later executed unsanitiz...

8.1CVSS5.9AI score0.00309EPSS
Exploits0References2
OSV
OSV
added 2026/04/03 3:30 p.m.2 views

GHSA-P32Q-V29X-WQ9R Focalboard doesn't sanitize category IDs before incorporating them into dynamic SQL statements

UNSUPPORTED WHEN ASSIGNED Focalboard version 8.0 fails to sanitize category IDs before incorporating them into dynamic SQL statements when reordering categories. An attacker can inject a malicious SQL payload into the category id field, which is stored in the database and later executed unsanitiz...

8.1CVSS5.9AI score0.00309EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/03 3:30 p.m.7 views

Focalboard doesn't sanitize category IDs before incorporating them into dynamic SQL statements

UNSUPPORTED WHEN ASSIGNED Focalboard version 8.0 fails to sanitize category IDs before incorporating them into dynamic SQL statements when reordering categories. An attacker can inject a malicious SQL payload into the category id field, which is stored in the database and later executed unsanitiz...

8.1CVSS5.9AI score0.00309EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/03 3:15 p.m.2 views

CVE-2026-23460

In the Linux kernel, the following vulnerability has been resolved: net/rose: fix NULL pointer dereference in rosetransmitlink on reconnect syzkaller reported a bug 1, and the reproducer is available at 2. ROSE sockets use four sk-skstate values: TCPCLOSE, TCPLISTEN, TCPSYNSENT, and TCPESTABLISHE...

5.7AI score0.00123EPSS
Exploits0References9Affected Software1
NVD
NVD
added 2026/04/03 2:16 p.m.5 views

CVE-2026-25773

UNSUPPORTED WHEN ASSIGNED Focalboard version 8.0 fails to sanitize category IDs before incorporating them into dynamic SQL statements when reordering categories. An attacker can inject a malicious SQL payload into the category id field, which is stored in the database and later executed unsanitiz...

8.1CVSS0.00309EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/03 1:24 p.m.22 views

CVE-2026-25773 Focalboard Second-Order SQL Injection in category reorder endpoint allows data exfiltration (unsupported product, no fix)

UNSUPPORTED WHEN ASSIGNED Focalboard version 8.0 fails to sanitize category IDs before incorporating them into dynamic SQL statements when reordering categories. An attacker can inject a malicious SQL payload into the category id field, which is stored in the database and later executed unsanitiz...

8.1CVSS0.00309EPSS
Exploits0References1
CVE
CVE
added 2026/04/03 1:24 p.m.18 views

CVE-2026-25773

CVE-2026-25773 — Focalboard 8.0 Second-Order SQL Injection in category reorder : The vulnerability arises from insufficient sanitization of category IDs used in dynamic SQL during category reordering. An authenticated attacker can store a malicious SQL payload in the category ID field, which is l...

8.1CVSS5.9AI score0.00309EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/03 1:24 p.m.3 views

CVE-2026-25773

UNSUPPORTED WHEN ASSIGNED Focalboard version 8.0 fails to sanitize category IDs before incorporating them into dynamic SQL statements when reordering categories. An attacker can inject a malicious SQL payload into the category id field, which is stored in the database and later executed unsanitiz...

8.1CVSS5.9AI score0.00309EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/03 1:24 p.m.2 views

CVE-2026-25773 Focalboard Second-Order SQL Injection in category reorder endpoint allows data exfiltration (unsupported product, no fix)

UNSUPPORTED WHEN ASSIGNED Focalboard version 8.0 fails to sanitize category IDs before incorporating them into dynamic SQL statements when reordering categories. An attacker can inject a malicious SQL payload into the category id field, which is stored in the database and later executed unsanitiz...

8.1CVSS5.9AI score0.00309EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/03 10:58 a.m.2 views

CVE-2026-29132

SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker with access to a victim's GINA account to bypass a second-password check and read protected emails...

7.5CVSS5.9AI score0.00251EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/04/03 3:29 a.m.21 views

Better Auth Has Two-Factor Authentication Bypass via Premature Session Caching (session.cookieCache)

Summary Under certain configurations, sessions may be considered valid before two-factor authentication 2FA is fully completed. This can allow access to authenticated routes without verifying the second factor. --- Description When two-factor authentication is enabled, the authentication flow...

5.9AI score
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/04/03 2:43 a.m.8 views

EUVD-2026-18951

Electron: Out-of-bounds read in second-instance IPC on macOS and Linux...

5.3CVSS5.9AI score0.00219EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/03 2:43 a.m.5 views

Out-of-bounds Read

Overview electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Out-of-bounds Read in the second-instance event handler when parsing a crafted second-instance message via the...

5.8CVSS5.9AI score0.00219EPSS
Exploits0References2
OSV
OSV
added 2026/04/03 2:43 a.m.1 views

GHSA-3C8V-CFP5-9885 Electron: Out-of-bounds read in second-instance IPC on macOS and Linux

Impact On macOS and Linux, apps that call app.requestSingleInstanceLock were vulnerable to an out-of-bounds heap read when parsing a crafted second-instance message. Leaked memory could be delivered to the app's second-instance event handler. This issue is limited to processes running as the same...

5.3CVSS5.9AI score0.00219EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/03 2:43 a.m.5 views

Electron: Out-of-bounds read in second-instance IPC on macOS and Linux

Impact On macOS and Linux, apps that call app.requestSingleInstanceLock were vulnerable to an out-of-bounds heap read when parsing a crafted second-instance message. Leaked memory could be delivered to the app's second-instance event handler. This issue is limited to processes running as the same...

5.3CVSS5.9AI score0.00219EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder