Lucene search
+L

5 matches found

redhatcve
redhatcve
added 2026/04/06 10:57 a.m.5 views

CVE-2026-34934

PraisonAI is a multi-agent teams system. Prior to version 4.5.90, the getalluserthreads function constructs raw SQL queries using f-strings with unescaped thread IDs fetched from the database. An attacker stores a malicious thread ID via updatethread. When the application loads the thread list, t...

9.8CVSS5.9AI score0.00533EPSS
Exploits1References1
attackerkb
attackerkb
added 2026/04/03 10:49 p.m.2 views

CVE-2026-34934

PraisonAI is a multi-agent teams system. Prior to version 4.5.90, the getalluserthreads function constructs raw SQL queries using f-strings with unescaped thread IDs fetched from the database. An attacker stores a malicious thread ID via updatethread. When the application loads the thread list, t...

9.8CVSS5.8AI score0.00533EPSS
Exploits1References2Affected Software1
cve
cve
added 2026/04/03 10:49 p.m.18 views

CVE-2026-34934

Summary: PraisonAI is affected by a second‑order SQL injection in the get_all_user_threads flow. The function builds raw SQL queries by interpolating unescaped thread IDs retrieved from the DB, enabling an attacker to inject via update_thread. When PraisonAI loads the thread list, the payload can...

9.8CVSS5.8AI score0.00533EPSS
Exploits1References1Affected Software1
snyk
snyk
added 2026/01/01 6:28 a.m.6 views

Directory Traversal

Overview chainlit is a Build Conversational AI. Affected versions of this package are vulnerable to Directory Traversal via the updatethreadelement and deletethreadelement handlers in backend/chainlit/server.py. An authenticated attacker can read arbitrary files from the server by sending a craft...

7.1CVSS6.5AI score0.08843EPSS
Exploits1References3
osv
osv
added 2019/09/25 8:18 a.m.6 views

OPENSUSE-SU-2019:2184-1 Security update for varnish

This update for varnish fixes the following issues: Security issue fixed: - CVE-2019-15892: Fixed a potential denial of service by sending crafted HTTP/1 requests boo1149382. Non-security issues fixed: - Updated the package to release 6.2.1. - Added a thread pool watchdog which will restart the...

7.8CVSS7.4AI score0.05789EPSS
Exploits0References3
Rows per page
Query Builder