Lucene search
K

8 matches found

NVD
NVD
added 2026/06/02 8:16 p.m.12 views

CVE-2026-40181

React Router is a router for React. In versions 7.0.0 through 7.14.0 and 6.7.0 through 6.30.3, certain URLs passed to the redirect function can trigger an open redirect to an external domain due to path values starting with // being reinterpreted as protocol-relative URLs. The level of impact...

8.7CVSS0.00162EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/08 1:35 p.m.40 views

CVE-2026-44338 PraisonAI ships and generates a legacy API server with authentication disabled by default, allowing unauthenticated workflow execution

PraisonAI is a multi-agent teams system. From version 2.5.6 to before version 4.6.34, PraisonAI ships a legacy Flask API server with authentication disabled by default. When that server is used, any caller that can reach it can access /agents and trigger the configured agents.yaml workflow throug...

7.3CVSS0.26799EPSS
Exploits3References1
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.22 views

PT-2026-39003

Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 4.6.34 Description The Model Context Protocol MCP server in PraisonAI contains a path traversal flaw in its file-handling tools. The server registers four tools by default: 'praisonai.rules.create',...

9.6CVSS6.3AI score0.00619EPSS
Exploits1References11
Positive Technologies
Positive Technologies
added 2026/05/03 12:0 a.m.17 views

PT-2026-39005

Name of the Vulnerable Software and Affected Versions PraisonAI versions 2.5.6 through 4.6.33 Description PraisonAI ships a legacy Flask API server that has authentication disabled by default due to hard-coded AUTH ENABLED = False and AUTH TOKEN = None variables in the api server.py file. This...

7.5CVSS6AI score0.26799EPSS
Exploits3References65
Snyk
Snyk
added 2024/01/09 6:25 p.m.4 views

Authorization Bypass

Overview Microsoft.IdentityModel.Protocols.SignedHttpRequest is a package that includes types that provide support for the SignedHttpRequest protocol Affected versions of this package are vulnerable to Authorization Bypass via the SignedHttpRequest protocol or the SignedHttpRequestValidator. The...

8.8CVSS6.8AI score0.02214EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 4:52 a.m.3 views

SUSE CVE-2017-3257

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: InnoDB. Supported versions that are affected are 5.6.34 and earlier5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL...

6.5CVSS8AI score0.0257EPSS
Exploits0References15
RedHat Linux
RedHat Linux
added 2017/10/12 7:53 a.m.4 views

mysql: Server: InnoDB unspecified vulnerability (CPU Jan 2017)

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: InnoDB. Supported versions that are affected are 5.6.34 and earlier5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL...

6.5CVSS7.2AI score0.0257EPSS
Exploits0References5
OSV
OSV
added 2017/01/27 10:59 p.m.2 views

ALPINE-CVE-2017-3257

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: InnoDB. Supported versions that are affected are 5.6.34 and earlier5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL...

6.5CVSS6.2AI score0.0257EPSS
Exploits0References1
Rows per page
Query Builder