Lucene search
K

7 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/18 10:12 p.m.8 views

CVE-2026-56074

PraisonAI before 1.5.128 caches tool approval decisions by tool name only, not by invocation arguments, allowing subsequent executecommand calls to bypass approval prompts. Attackers can exploit this by obtaining initial approval for a benign command, then silently exfiltrate API keys and...

6.8CVSS5.3AI score0.00116EPSS
Exploits0References3
OSV
OSV
added 2026/05/19 8:37 p.m.14 views

MAL-2026-4758 Malicious code in nebulix-ai (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 93ea83117b0ae362a2b55ad581d69b3600c81b78d2e90c19bb1ea9eea2266a4c The package's documented NebulixEngine.chat API hardcodes two Firebase Realtime Database URLs owned by the author...

5.8AI score
Exploits0References2
Cvelist
Cvelist
added 2026/04/21 4:46 p.m.30 views

CVE-2026-40569 FreeScout's Mass Assignment in Mailbox Connection Settings Enables Silent Email Exfiltration

FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a mass assignment vulnerability in the mailbox connection settings endpoints of FreeScout connectionIncomingSave at app/Http/Controllers/MailboxesController.php:468 and connectionOutgoingSave at line 398...

9CVSS0.00296EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/21 4:46 p.m.5 views

CVE-2026-40569 FreeScout's Mass Assignment in Mailbox Connection Settings Enables Silent Email Exfiltration

FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a mass assignment vulnerability in the mailbox connection settings endpoints of FreeScout connectionIncomingSave at app/Http/Controllers/MailboxesController.php:468 and connectionOutgoingSave at line 398...

9CVSS5.8AI score0.00296EPSS
Exploits0References3
CVE
CVE
added 2026/04/21 4:46 p.m.21 views

CVE-2026-40569

Vulnerability summary (CVE-2026-40569): FreeScout (self-hosted help desk) versions prior to 1.8.213 suffer a mass assignment flaw in the mailbox connection settings endpoints (connectionIncomingSave and connectionOutgoingSave). The code passes $request->all() directly to $mailbox->fill() wi...

9CVSS5.8AI score0.00296EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/08 7:35 p.m.7 views

Malicious code in aioutil3 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 cb06e8bed4bc80c83b203abcee07556086a0c41f2b52d72d4a3b3740ddfa95d0 This is a malicious clone of legitimate python-utils. The modified code introduces a function that silently exfiltrates given data to a hardcoded location. Wha...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/03/08 7:35 p.m.4 views

MAL-2026-1289 Malicious code in aioutil3 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 cb06e8bed4bc80c83b203abcee07556086a0c41f2b52d72d4a3b3740ddfa95d0 This is a malicious clone of legitimate python-utils. The modified code introduces a function that silently exfiltrates given data to a hardcoded location. Wha...

5.9AI score
Exploits0References1
Rows per page
Query Builder