Lucene search
K

145 matches found

CVE
CVE
added 2026/05/04 2:30 a.m.29 views

CVE-2026-7723

Technical details about CVE-2026-7723 are not publicly available in the provided documents. Monitor for official updates and patches; upgrading to 3.6.14 is mentioned in the description as a fix.

7.5CVSS6.5AI score0.00421EPSS
Exploits0References8
OSV
OSV
added 2026/05/04 2:30 a.m.4 views

CVE-2026-7723 PrefectHQ prefect WebSocket Endpoint in missing authentication

A flaw has been found in PrefectHQ prefect up to 3.6.13. Affected is an unknown function of the file /api/events/in of the component WebSocket Endpoint. Executing a manipulation can lead to missing authentication. The attack may be performed from remote. The exploit has been published and may be...

6.9CVSS5.3AI score0.00421EPSS
Exploits0References10
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.10 views

Prefect 授权问题漏洞

Prefect is a workflow orchestration tool developed by Prefect OpenSource, enabling developers to build, monitor data pipelines, and respond to changes in those pipelines. Prefect versions 3.6.13 and earlier have a vulnerability related to authorization. This vulnerability stems from an unknown...

7.5CVSS7.1AI score0.00421EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/04/25 4:50 p.m.123 views

Exploit for Missing Authentication for Critical Function in Coreweave Marimo

CVE-2026-39987 — Marimo Pre-Auth RCE For educational and...

9.8CVSS8AI score0.95645EPSS
Exploits11
Packet Storm
Packet Storm
added 2026/04/20 12:0 a.m.86 views

📄 dcontrol 1.0.9 Remote Screen Capture

dcontrol version 1.0.9 suffers from an unauthenticated remote screen capture vulnerability via the WebSocket endpoint at /ws. The application allows any client to connect to the WebSocket without authentication and request screenshots of the target system's display by sending a "screen" message...

5.8AI score
Exploits0
NVD
NVD
added 2026/04/14 4:17 a.m.5 views

CVE-2026-40289

PraisonAI is a multi-agent teams system. In versions below 4.5.139 of PraisonAI and 1.5.140 of praisonaiagents, the browser bridge praisonai browser start is vulnerable to unauthenticated remote session hijacking due to missing authentication and a bypassable origin check on its /ws WebSocket...

9.1CVSS0.00356EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/14 3:5 a.m.10 views

CVE-2026-40289 PraisonAI Browser Server allows unauthenticated WebSocket clients to hijack connected extension sessions

PraisonAI is a multi-agent teams system. In versions below 4.5.139 of PraisonAI and 1.5.140 of praisonaiagents, the browser bridge praisonai browser start is vulnerable to unauthenticated remote session hijacking due to missing authentication and a bypassable origin check on its /ws WebSocket...

9.1CVSS5.8AI score0.00356EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/14 3:5 a.m.26 views

CVE-2026-40289 PraisonAI Browser Server allows unauthenticated WebSocket clients to hijack connected extension sessions

PraisonAI is a multi-agent teams system. In versions below 4.5.139 of PraisonAI and 1.5.140 of praisonaiagents, the browser bridge praisonai browser start is vulnerable to unauthenticated remote session hijacking due to missing authentication and a bypassable origin check on its /ws WebSocket...

9.1CVSS0.00356EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/14 3:5 a.m.2 views

CVE-2026-40289

PraisonAI is a multi-agent teams system. In versions below 4.5.139 of PraisonAI and 1.5.140 of praisonaiagents, the browser bridge praisonai browser start is vulnerable to unauthenticated remote session hijacking due to missing authentication and a bypassable origin check on its /ws WebSocket...

9.1CVSS5.8AI score0.00356EPSS
Exploits1References2Affected Software2
GithubExploit
GithubExploit
added 2026/04/13 6:6 p.m.144 views

Exploit for CVE-2026-39987

markdown CVE-2026-39987 - Marimo Este script es SOLO para f...

9.3CVSS5.9AI score0.95645EPSS
Exploits11
Veracode
Veracode
added 2026/04/11 5:35 a.m.12 views

Missing Authentication For Critical Function

marimo is vulnerable to Missing Authentication For Critical Function. The vulnerability is due to missing authentication validation in the /terminal/ws WebSocket endpoint, which allows an attacker to establish a shell and execute arbitrary system commands without authentication...

9.8CVSS8.1AI score0.95645EPSS
Exploits11References6Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/09 9:20 p.m.3 views

CVE-2026-40116 PraisonAI's Unauthenticated WebSocket Endpoint Proxies to Paid OpenAI Realtime API Without Rate Limits

PraisonAI is a multi-agent teams system. Prior to 4.5.128, the /media-stream WebSocket endpoint in PraisonAI's call module accepts connections from any client without authentication or Twilio signature validation. Each connection opens an authenticated session to OpenAI's Realtime API using the...

7.5CVSS5.8AI score0.00372EPSS
Exploits1References1
CVE
CVE
added 2026/04/09 9:20 p.m.23 views

CVE-2026-40116

CVE-2026-40116 affects PraisonAI prior to 4.5.128: the /media-stream WebSocket endpoint accepted unauthenticated connections and bypassed Twilio validation, proxying each connection to OpenAI’s Realtime API using the server key with no concurrency/rate/size limits. This could allow an unauthentic...

7.5CVSS5.9AI score0.00372EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/09 5:16 p.m.4 views

CVE-2026-39987 marimo Affected by Pre-Auth Remote Code Execution via Terminal WebSocket Authentication Bypass

marimo is a reactive Python notebook. Prior to 0.23.0, Marimo has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint /terminal/ws lacks authentication validation, allowing an unauthenticated attacker to obtain a full PTY shell and execute arbitrary system commands. Unlike other WebSock...

9.3CVSS6.2AI score0.95645EPSS
Exploits11References3
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.7 views

marimo 访问控制错误漏洞

Marimo is an open-source interactive Python notebook that supports reactive programming and SQL queries. Versions of Marimo prior to 0.23.0 contained a access control vulnerability. This vulnerability stemmed from the lack of authentication for the terminal WebSocket endpoint, allowing...

9.8CVSS7.6AI score0.95645EPSS
Exploits11References4
Snyk
Snyk
added 2026/04/08 9:50 p.m.3 views

Missing Authentication for Critical Function

Overview marimo is an A library for making reactive notebooks and apps Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the terminal/ws WebSocket endpoint, which lacks authentication validation. An unauthenticated attacker can gain unauthorized...

9.8CVSS7.6AI score0.95645EPSS
Exploits11References2
Github Security Blog
Github Security Blog
added 2026/04/08 9:50 p.m.17 views

Marimo: Pre-Auth Remote Code Execution via Terminal WebSocket Authentication Bypass

Summary Marimo 19.6k stars has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint /terminal/ws lacks authentication validation, allowing an unauthenticated attacker to obtain a full PTY shell and execute arbitrary system commands. Unlike other WebSocket endpoints e.g., /ws that correct...

9.8CVSS6.2AI score0.95645EPSS
Exploits11References8Affected Software1
OSV
OSV
added 2026/04/08 9:50 p.m.3 views

GHSA-2679-6MX9-H9XC Marimo: Pre-Auth Remote Code Execution via Terminal WebSocket Authentication Bypass

Summary Marimo 19.6k stars has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint /terminal/ws lacks authentication validation, allowing an unauthenticated attacker to obtain a full PTY shell and execute arbitrary system commands. Unlike other WebSocket endpoints e.g., /ws that correct...

9.8CVSS6.1AI score0.95645EPSS
Exploits11References8
RedhatCVE
RedhatCVE
added 2026/04/07 10:51 a.m.16 views

CVE-2026-5631

A vulnerability has been found in assafelovic gpt-researcher up to 3.4.3. This affects the function extractcommanddata of the file backend/server/serverutils.py of the component ws Endpoint. Such manipulation of the argument args leads to code injection. The attack may be performed from remote. T...

7.5CVSS5.5AI score0.00311EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/06 9:31 a.m.3 views

EUVD-2026-19186

A vulnerability has been found in assafelovic gpt-researcher up to 3.4.3. This affects the function extractcommanddata of the file backend/server/serverutils.py of the component ws Endpoint. Such manipulation of the argument args leads to code injection. The attack may be performed from remote. T...

7.5CVSS6.7AI score0.00311EPSS
Exploits0References6
Rows per page
Query Builder