Lucene search
+L

1393 matches found

Github Security Blog
Github Security Blog
added 2026/04/15 7:46 p.m.23 views

Improper neutralization of specific syntax patterns for unauthorized expressions in Thymeleaf

Impact A security bypass vulnerability exists in the expression execution mechanisms of Thymeleaf up to and including 3.1.3.RELEASE. Although the library provides mechanisms to prevent expression injection, it fails to properly neutralize specific syntax patterns that allow for the execution of...

9CVSS5.9AI score0.00776EPSS
Exploits0References3Affected Software3
Github Security Blog
Github Security Blog
added 2026/04/15 7:46 p.m.10 views

Improper restriction of the scope of accessible objects in Thymeleaf expressions

Impact A security bypass vulnerability exists in the expression execution mechanisms of Thymeleaf up to and including 3.1.3.RELEASE. Although the library provides mechanisms to prevent expression injection, it fails to properly restrict the scope of accessible objects, allowing specific potential...

9CVSS5.9AI score0.00862EPSS
Exploits0References3Affected Software3
Positive Technologies
Positive Technologies
added 2026/04/15 12:0 a.m.9 views

PT-2026-33215

Name of the Vulnerable Software and Affected Versions Thymeleaf versions prior to 3.1.4.RELEASE Description A security bypass exists in the expression execution mechanisms. The library fails to properly neutralize specific syntax patterns, which allows for the execution of unauthorized expression...

9CVSS6.2AI score0.00776EPSS
Exploits0References21
Github Security Blog
Github Security Blog
added 2026/04/10 7:28 p.m.7 views

PraisonAI Vulnerable to Server-Side Request Forgery via Unvalidated webhook_url in Jobs API

Summary The /api/v1/runs endpoint accepts an arbitrary webhookurl in the request body with no URL validation. When a submitted job completes success or failure, the server makes an HTTP POST request to this URL using httpx.AsyncClient. An unauthenticated attacker can use this to make the server...

10CVSS6.2AI score0.0028EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/04/10 7:28 p.m.2 views

GHSA-8FRJ-8Q3M-XHGM PraisonAI Vulnerable to Server-Side Request Forgery via Unvalidated webhook_url in Jobs API

Summary The /api/v1/runs endpoint accepts an arbitrary webhookurl in the request body with no URL validation. When a submitted job completes success or failure, the server makes an HTTP POST request to this URL using httpx.AsyncClient. An unauthenticated attacker can use this to make the server...

7.2CVSS6.2AI score0.0028EPSS
Exploits1References4
OSV
OSV
added 2026/04/10 7:24 p.m.2 views

GHSA-7J2F-XC8P-FJMQ PraisonAIAgents: Path Traversal via Unvalidated Glob Pattern in list_files Bypasses Workspace Boundary

Summary The listfiles tool in FileTools validates the directory parameter against workspace boundaries via validatepath, but passes the pattern parameter directly to Path.glob without any validation. Since Python's Path.glob supports .. path segments, an attacker can use relative path traversal i...

5.3CVSS5.9AI score0.00311EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.8 views

PT-2026-33210

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.6.4 Description The '/api/av/removeUnusedAttributeView' endpoint constructs a filesystem path using the user-controlled id parameter without validation or path boundary enforcement. This allows an attacker to inject...

8.5CVSS5.9AI score0.00287EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.11 views

FastGPT 代码问题漏洞

FastGPT is an open-source knowledge base question-answering system based on large language models, developed by Labring. Versions of FastGPT prior to 4.14.10.3 contained code vulnerabilities. These vulnerabilities stemmed from the unvalidated acceptance of any URL via the...

5.3CVSS5.9AI score0.00253EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/09 9:18 p.m.4 views

CVE-2026-40114 PraisonAI has Server-Side Request Forgery via Unvalidated webhook_url in Jobs API

PraisonAI is a multi-agent teams system. Prior to 4.5.128, the /api/v1/runs endpoint accepts an arbitrary webhookurl in the request body with no URL validation. When a submitted job completes success or failure, the server makes an HTTP POST request to this URL using httpx.AsyncClient. An...

7.2CVSS6AI score0.0028EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/09 6:31 p.m.13 views

EUVD-2025-209390

A Reflected Cross-Site Scripting XSS affects LimeSurvey versions prior to 6.15.11+250909, due to the lack of validation of gid parameter in getInstance function in application/models/QuestionCreate.php. This allows an attacker to craft a malicious URL and compromise the logged in user...

5.9AI score0.00227EPSS
Exploits1References3
NVD
NVD
added 2026/04/08 3:16 p.m.8 views

CVE-2026-39394

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.4.0, the Install::index controller reads the host POST parameter without any validation and passes it directly into updateEnvSettings, which...

9.8CVSS0.00516EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/08 12:0 a.m.9 views

CVE-2026-31040

A vulnerability was identified in stata-mcp prior to v1.13.0 where insufficient validation of user-supplied Stata do-file content can lead to command execution...

5.9AI score0.00557EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/07 6:31 p.m.4 views

EUVD-2026-19814

Cockpit's remote login feature passes user-supplied hostnames and usernames from the web interface to the SSH client without validation or sanitization. An attacker with network access to the Cockpit web service can craft a single HTTP request to the login endpoint that injects malicious SSH...

9.8CVSS6.4AI score0.142EPSS
Exploits4References3
NVD
NVD
added 2026/04/06 10:16 p.m.4 views

CVE-2026-35475

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, the redirect parameter is taken directly from $GET with no URL validation or whitelist check, then used verbatim in a header"Location: ..." call. This vulnerability is fixed in 3.6.9...

6.1CVSS0.00186EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/06 9:13 p.m.16 views

CVE-2026-35474 WeGIA - Open Redirect - atualizacao redirection - Unvalidated $_GET['redirect']

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, open redirect has been found in WeGIA webapp. The redirect parameter is taken directly from $GET with no URL validation or whitelist check, then used verbatim in a header"Location: ..." call. This vulnerability is fixed in 3.6.9...

5.1CVSS0.00183EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/06 9:12 p.m.3 views

CVE-2026-35473 WeGIA - Open Redirect - IentradaControle - listarId() - Unvalidated $_GET['nextPage']

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with metodo=listarId and nomeClasse=IentradaControle. T...

5.1CVSS6AI score0.00183EPSS
Exploits1References1
OSV
OSV
added 2026/04/06 9:5 p.m.4 views

CVE-2026-35472 WeGIA - Open Redirect - EstoqueControle - listarTodos() - Unvalidated $_GET['nextPage']

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with metodo=listarTodos and nomeClasse=EstoqueControle...

5.1CVSS6.1AI score0.00224EPSS
Exploits1References3
VulnCheck KEV
VulnCheck KEV
added 2026/04/05 12:0 a.m.11 views

VulnCheck KEV: CVE-2025-59528

Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5, Flowise is vulnerable to remote code execution. The CustomMCP node allows users to input configuration settings for connecting to an external MCP server. This node parses the user-provided...

10CVSS6.1AI score0.90183EPSS
In wildExploits21References12
NVD
NVD
added 2026/04/03 11:17 p.m.13 views

CVE-2026-34935

PraisonAI is a multi-agent teams system. From version 4.5.15 to before version 4.5.69, the --mcp CLI argument is passed directly to shlex.split and forwarded through the call chain to anyio.openprocess with no validation, allowlist check, or sanitization at any hop, allowing arbitrary OS command...

9.8CVSS0.00824EPSS
Exploits1References2
CVE
CVE
added 2026/04/03 10:52 p.m.16 views

CVE-2026-34939

PraisonAI is vulnerable to a Regular Expression Denial of Service (ReDoS) through MCPToolIndex.search_tools(), where the function compiles a caller-supplied string directly into a Python regex with no validation or timeout. A crafted pattern can trigger catastrophic backtracking, blocking the Pyt...

7.5CVSS5.8AI score0.00402EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder