Lucene search
K

5 matches found

OSV
OSV
added 4 days ago2 views

CVE-2026-61439 PraisonAI before 4.6.78 Prompt Injection Defense Bypass

PraisonAI versions before 4.6.78 contain a prompt injection defense misconfiguration where the block threshold defaults to CRITICAL severity, allowing HIGH-level threats to pass through unblocked. Attackers can submit single-vector prompt injection attacks such as instruction overrides or financi...

8.7CVSS6.1AI score0.0026EPSS
Exploits0References4
Snyk
Snyk
added 2026/06/18 2:26 p.m.6 views

Incorrect Authorization

Overview praisonai is a PraisonAI TypeScript AI Agents Framework - Node.js, npm, and Javascript AI Agents Framework Affected versions of this package are vulnerable to Incorrect Authorization due to the approval callback onToolCall being invoked only after the execution of tools in the AgentLoop...

8.8CVSS5.9AI score
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/09 8:2 a.m.5 views

CVE-2026-30856

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.0, a vulnerability involving tool name collision and indirect prompt injection allows a malicious remote MCP server to hijack tool execution. By exploiting an ambiguous naming...

5.9CVSS5.9AI score0.00255EPSS
Exploits1References1
Snyk
Snyk
added 2025/09/11 11:26 p.m.5 views

Origin Validation Error

Overview mcp-neo4j-cypher is an A simple Neo4j MCP server Affected versions of this package are vulnerable to Origin Validation Error via the lack of proper origin validation in the server's request handling. An attacker can execute unauthorized tool invocations against locally running instances ...

7.4CVSS6.8AI score0.00206EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2025/01/09 11:55 a.m.8 views

Product Walkthrough: How Reco Discovers Shadow AI in SaaS

As SaaS providers race to integrate AI into their product offerings to stay competitive and relevant, a new challenge has emerged in the world of AI: shadow AI. Shadow AI refers to the unauthorized use of AI tools and copilots at organizations. For example, a developer using ChatGPT to assist wit...

6AI score
Exploits0
Rows per page
Query Builder