4 matches found
CVE-2026-39307
PraisonAI is a multi-agent teams system. Prior to 1.5.113, The PraisonAI templates installation feature is vulnerable to a "Zip Slip" Arbitrary File Write attack. When downloading and extracting template archives from external sources e.g., GitHub, the application uses Python's zipfile.extractall...
CVE-2026-39307
PraisonAI is a multi-agent teams system. Prior to 1.5.113, The PraisonAI templates installation feature is vulnerable to a "Zip Slip" Arbitrary File Write attack. When downloading and extracting template archives from external sources e.g., GitHub, the application uses Python's zipfile.extractall...
PYSEC-2021-9
In Django 2.2 before 2.2.18, 3.0 before 3.0.12, and 3.1 before 3.1.6, the django.utils.archive.extract method used by "startapp --template" and "startproject --template" allows directory traversal via an archive with absolute paths or relative paths with dot segments...
BP Blog 6.0 (id) Remote Blind SQL Injection Vulnerability
BP Blog 6.0 id Remote Blind SQL Injection Vulnerability JosS, Jose Luis Gуngora Fernбndez Spanish Hackers Team www.spanish-hackers.com + Info: Software: bp blog HomePage: http://blog.betaparticle.com/ Exploit: Blind SQL Injection High Vuln file: templatepermalink.asp Vuln file2:...