Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9 matches found

AstraLinux
AstraLinuxadded 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: net: rose: Fix for timer race conditions against user threads. The Rose timers only acquire the socket spinlock, without checking whether the socket is owned by a specific user thread. Add a check and reinitialize the timers i...

7CVSS6.8AI score0.00151EPSS
Exploits0References2
CNVD
CNVDadded 2026/04/20 12:0 a.m.5 views

PraisonAI SQL Injection Vulnerability

PraisonAI is a low-code multi-intelligent body collaboration framework. PraisonAI suffers from a SQL injection vulnerability that stems from the getalluserthreads function constructing raw SQL queries using unescaped thread IDs, which can be exploited by an attacker to cause SQL injection and gai...

9.8CVSS5.7AI score0.00533EPSS
Exploits1
CVE
CVEadded 2026/04/04 1:51 p.m.16 views

CVE-2018-25250

CVE-2018-25250 affects the MyBB plugin “Last User’s Threads in Profile” version 1.2. The issue is a persistent XSS vulnerability whereby an attacker can inject malicious scripts by supplying script tags in the subject field of new threads. When users visit the attacker's profile page, the payload...

7.2CVSS5.9AI score0.00201EPSS
Exploits1References3Affected Software1
CVE
CVEadded 2026/04/03 10:49 p.m.10 views

CVE-2026-34934

Summary: PraisonAI is affected by a second‑order SQL injection in the get_all_user_threads flow. The function builds raw SQL queries by interpolating unescaped thread IDs retrieved from the DB, enabling an attacker to inject via update_thread. When PraisonAI loads the thread list, the payload can...

9.8CVSS5.8AI score0.00533EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichmentadded 2026/04/03 10:49 p.m.2 views

CVE-2026-34934 PraisonAI: Second-Order SQL Injection in `get_all_user_threads`

PraisonAI is a multi-agent teams system. Prior to version 4.5.90, the getalluserthreads function constructs raw SQL queries using f-strings with unescaped thread IDs fetched from the database. An attacker stores a malicious thread ID via updatethread. When the application loads the thread list, t...

9.8CVSS5.9AI score0.00533EPSS
Exploits1References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2025-5216

Malicious code in bioql PyPI...

7CVSS7.2AI score0.00151EPSS
Exploits0References9
CVE
CVEadded 2025/09/04 3:32 p.m.17 views

CVE-2025-38689

CVE-2025-38689 affects the Linux kernel’s x86 FPU code. When CONFIG_X86_DEBUG_FPU is enabled, AVX-512 timestamp handling calls x86_task_fpu() without a NULL check, returning NULL for kernel threads (PF_KTHREAD) and triggering a NULL pointer dereference when reading /proc/[kthread]/arch_status. Th...

5.5CVSS6AI score0.00128EPSS
Exploits0References2Affected Software1
Microsoft CVE
Microsoft CVEadded 2025/03/14 7:0 a.m.3 views

net: rose: fix timer races against user threads

...

7CVSS7.3AI score0.00151EPSS
Exploits0
SUSE CVE
SUSE CVEadded 2025/02/28 2:22 a.m.1 views

SUSE CVE-2025-21718

In the Linux kernel, the following vulnerability has been resolved: net: rose: fix timer races against user threads Rose timers only acquire the socket spinlock, without checking if the socket is owned by one user thread. Add a check and rearm the timers if needed. BUG: KASAN: slab-use-after-free...

7.8CVSS6.7AI score0.00151EPSS
Exploits0References21
Rows per page
Query Builder