Lucene search
K

31 matches found

OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-477 PraisonAI has critical RCE via `type: job` workflow YAML

praisonai workflow run loads untrusted YAML and if type: job executes steps through JobWorkflowExecutor in jobworkflow.py. This supports: - run: → shell command execution via subprocess.run - script: → inline Python execution via exec - python: → arbitrary Python script execution A malicious YAML...

9.8CVSS6.2AI score0.00609EPSS
Exploits1References6
CVE
CVE
added 2026/06/19 11:49 a.m.25 views

CVE-2026-53915

CVE-2026-53915 : In JetBrains GoLand prior to 2026.1.3, remote code execution is possible through untrusted project configuration. According to CVSS 3.1 data, the vulnerability has a base score of 7.1 (HIGH) with network attack vector, no privileges required, user interaction required, and both c...

8.8CVSS6.5AI score0.00253EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/12 9:0 a.m.8 views

EUVD-2026-36400

A further incomplete fix for a previous advisory CVE-2026-44417 Untrusted JMS configuration can lead to RCE for Apache CXF has been identified, which can allow code execution capabilities, if untrusted users are allowed to configure JMS for Apache CXF. Users are recommended to upgrade to versions...

8.1CVSS5.7AI score0.00646EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.12 views

PT-2026-48851

A further incomplete fix for a previous advisory CVE-2026-44417 Untrusted JMS configuration can lead to RCE for Apache CXF has been identified, which can allow code execution capabilities, if untrusted users are allowed to configure JMS for Apache CXF. Users are recommended to upgrade to versions...

5.7AI score0.00646EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:31 p.m.12 views

CVE-2022-49036

An inclusion of functionality from untrusted control sphere vulnerability in OpenSSL configuration in Synology Active Backup for Business Recovery Media Creator before 2.5.0-2081 allows local users to execute arbitrary code via unspecified vectors...

7.8CVSS6AI score0.00123EPSS
Exploits0References1
NVD
NVD
added 2026/06/03 2:16 p.m.18 views

CVE-2026-5241

A vulnerability in the LightGlue model loading path of huggingface/transformers version 5.2.0 allows an attacker-controlled model repository to execute arbitrary code during model initialization. The issue arises because the trustremotecode parameter, intended to prevent remote code execution, is...

9.6CVSS0.00519EPSS
Exploits1References6
EUVD
EUVD
added 2026/06/03 1:26 p.m.11 views

EUVD-2022-55998

An inclusion of functionality from untrusted control sphere vulnerability in OpenSSL configuration in Synology Active Backup for Business Recovery Media Creator before 2.5.0-2081 allows local users to execute arbitrary code via unspecified vectors...

7.8CVSS6.2AI score0.00123EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/03 12:33 p.m.13 views

EUVD-2026-34084

A vulnerability in the LightGlue model loading path of huggingface/transformers version 5.2.0 allows an attacker-controlled model repository to execute arbitrary code during model initialization. The issue arises because the trustremotecode parameter, intended to prevent remote code execution, is...

8CVSS7.9AI score0.00519EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/05/26 1:30 p.m.4 views

Apache CXF: Untrusted JMS configuration can lead to RCE

The fix for CVE-2025-48913: Apache CXF: Untrusted JMS configuration can lead to RCE was not complete, meaning that another path in the code might lead to code execution capabilities, if untrusted users are allowed to configure JMS for Apache CXF. Users are recommended to upgrade to versions 4.2.1...

9.8CVSS7.5AI score0.00739EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/22 12:17 p.m.6 views

CVE-2026-44417

The fix for CVE-2025-48913: Apache CXF: Untrusted JMS configuration can lead to RCE was not complete, meaning that another path in the code might lead to code execution capabilities, if untrusted users are allowed to configure JMS for Apache CXF. Users are recommended to upgrade to versions 4.2.1...

9.8CVSS7.5AI score0.00739EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/05/22 12:17 p.m.16 views

EUVD-2026-31432

The fix for CVE-2025-48913: Apache CXF: Untrusted JMS configuration can lead to RCE was not complete, meaning that another path in the code might lead to code execution capabilities, if untrusted users are allowed to configure JMS for Apache CXF. Users are recommended to upgrade to versions 4.2.1...

9.8CVSS7.5AI score0.00739EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/14 11:22 a.m.52 views

CVE-2026-45205 Apache Commons Configuration: StackOverflowError for YAML input with cycles

Uncontrolled Recursion vulnerability in Apache Commons. When processing an untrusted configuration file, Commons Configuration will throw a StackOverflowError for YAML input with cycles. This issue affects Apache Commons: from 2.2 before 2.15.0. Users are recommended to upgrade to version 2.15.0,...

0.00487EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/14 11:22 a.m.10 views

EUVD-2026-30267

Uncontrolled Recursion vulnerability in Apache Commons. When processing an untrusted configuration file, Commons Configuration will throw a StackOverflowError for YAML input with cycles. This issue affects Apache Commons: from 2.2 before 2.15.0. Users are recommended to upgrade to version 2.15.0,...

5.3CVSS5.8AI score0.00487EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.14 views

PT-2026-40906

Name of the Vulnerable Software and Affected Versions Apache Commons versions 2.2 through 2.14.x Description An uncontrolled recursion issue exists when processing untrusted configuration files. Specifically, the software throws a StackOverflowError—a runtime error that occurs when the call stack...

5.3CVSS5.8AI score0.00487EPSS
Exploits0References25
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.11 views

PraisonAI 代码注入漏洞

PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI prior to 4.5.139 and praisonaiagents prior to 1.5.140 contained a code injection vulnerability. This vulnerability stemmed from the workflow engine processing untrusted YAML files, which...

9.8CVSS6AI score0.00609EPSS
Exploits1References1
Snyk
Snyk
added 2026/02/19 8:44 p.m.4 views

Cross-site Scripting (XSS)

Overview pannellum is a lightweight, free, and open source panorama viewer for the web. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the attributes configuration property in hot spots. An attacker can execute arbitrary JavaScript code by supplying a malicious...

6.1CVSS5.8AI score0.00319EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/30 11:45 p.m.6 views

EUVD-2025-205849

theshit vulnerable to unsafe loading of user-owned Python rules when running as root...

6.7CVSS6.5AI score0.0012EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/11/04 11:9 p.m.5 views

CVE-2025-64109 Cursor CLI Beta: Command Injection via Untrusted MCP Configuration

Cursor is a code editor built for programming with AI. In versions and below, a vulnerability in the Cursor CLI Beta allowed an attacker to achieve remote code execution through the MCP Model Context Protocol server mechanism by uploading a malicious MCP configuration in .cursor/mcp.json file in ...

8.8CVSS7.8AI score0.00471EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/01/27 9:30 a.m.15 views

Apache Solr vulnerable to Execution with Unnecessary Privileges

Core creation allows users to replace "trusted" configset files with arbitrary configuration Solr instances that 1 use the "FileSystemConfigSetService" component the default in "standalone" or "user-managed" mode, and 2 are running without authentication and authorization are vulnerable to a sort...

5.5CVSS7.4AI score0.01136EPSS
Exploits0References7Affected Software1
Positive Technologies
Positive Technologies
added 2024/08/13 12:0 a.m.5 views

PT-2024-11959 · Drtm +2 · Drtm +2

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue involves improper re-initialization of IOMMU during the DRTM event, which may permit an untrusted platform configuration to persist. This coul...

10CVSS6AI score0.00299EPSS
Exploits0References10
Rows per page
Query Builder