CVE-2026-47416

The connected GitHub advisory details a workspace‑privilege escalation in praisonai-platform. A member can exploit PATCH /workspaces/{workspace_id}/members/{user_id} to set their own role to a higher level (e.g., “owner”) because the route uses a default min_role of “member” in the dependency and...

CVE-2026-47409

CVE-2026-47409 is expanded by a connected advisory on praisonai-platform: the DELETE /workspaces/{workspace_id}/members/{user_id} endpoint lacks caller-permission checks and owner-protection, allowing a member to delete the workspace owner and lock them out. Root cause: MemberService.remove(...) ...

CVE-2026-47414

The connected advisory identifies a cross-workspace IDOR in praisonai-platform: label endpoints allow operations on labels and issue-label associations without validating workspace_id against the target workspace. Root cause: LabelService.get, update, delete, add_to_issue, remove_from_issue, and ...

CVE-2026-47406

Summary: The connected advisory for praisonai-platform reveals a cross-workspace IDOR in dependency endpoints. The routes POST /workspaces/{workspace_id}/issues/{issue_id}/dependencies, GET /workspaces/{workspace_id}/issues/{issue_id}/dependencies, and DELETE /workspaces/{workspace_id}/issues/{is...

CVE-2026-47410

The connected advisory for praisonai-platform (GHSA-3QG8-5G3R-79V5) discloses a concrete insecure default JWT secret flaw in auth_service.py. The code sets JWT_SECRET to the public default _DEFAULT_SECRET = "dev-secret-change-me" unless PLATFORM_JWT_SECRET is provided, and only raises in producti...

CVE-2026-47405

The connected advisory describes a privilege-escalation in PraisonAI Platform RBAC. A missing authorization check on workspace-management routes (patch/delete workspace, and member management endpoints) allows any authenticated workspace member (min_role default: member) to self-promote, grant ow...

CVE-2026-47399

Summary (CVE-2026-47399 context): PraisonAI Platform suffers a systemic object-level access control flaw where workspace membership is checked at the URL level, but the service layer resolves objects by global UUID without validating ownership. This allows an authenticated user from one workspace...

CVE-2026-47407

The connected GHSA advisory describes a cross-tenant IDOR and member-role escalation in PraisonAI Platform. The auth dependency only validates membership of the URL prefix workspace_id, while inner resource lookups (agents, issues, projects, labels, dependencies) are performed by primary key with...

CVE-2026-47408

The connected advisory describes an insecure direct object reference in praisonai-platform: the endpoint GET /workspaces/{workspace_id}/issues/{issue_id}/activity fails to verify the workspace-scoping before listing issue activity. The route list_issue_activity calls ActivityService.list_for_issu...

CVE-2026-48169

CVE-2026-48169 (connections: GHSA-GV23-XRM3-8C62) describes multiple security gaps in the PraisonAI Platform API. The core issue is cross-workspace access: route-layer workspace_id checks exist, but service-layer reads (get/update/delete) use global lookups not filtered by workspace, enabling cro...

CVE-2026-47397

CVE-2026-47397 has concrete details in the connected advisory: PraisonAI <= 4.6.37 contains an Arbitrary File Write in its Python API. The root cause is in code/tools/write_file.py where path validation is skipped when workspace=None (validation is bypassed because workspace is always None in ...

CVE-2026-47391

Summary of CVE-2026-47391 context (with connected evidence): The PraisonAI A2A first‑party example exposes an unauthenticated JSON‑RPC endpoint (/a2a) when bound to 0.0.0.0 and without an auth_token, and registers a calculate(expression) tool implemented via Python eval. An unauthenticated remote...

CVE-2026-47394

CVE-2026-47394 is a reserved candidate; connected advisories describe an unauthenticated read vulnerability in PraisonAI’s MCP server dispatch, where JSON arguments to handlers are invoked as kwargs without input validation. Concrete details in the GitHub advisory GHSA-9CR9-25Q5-8PRJ show that wo...

CVE-2026-47392

PRAISONA I AP to exploit sandbox escape via print.self leak in execute_code (subprocess mode) of the PraisonAI agents, enabling arbitrary OS command execution on the host. Root cause: multiple gaps in AST-based validation, including missing self in blocked attributes, unblocked builtins (vars), a...

CVE-2026-47395

PRAIS0NAI PraisonAI direct-prompt CLI vulnerability (CVE-2026-47395) arises from the MentionsParser URL handling (@url:...) which makes an unrestricted HTTP request to the attacker-controlled URL. The issue allows local SSRF/local content disclosure by fetching loopback or private-network resourc...

CVE-2026-47393

CVE-2026-47393 entry is linked to PraisonAI issues around CVE-2026-44338: PraisonAI 4.6.33 generates a Flask API server via the deploy --type api generator with authentication disabled by default. The vulnerable artifact is praisonai==4.6.33, whose defaults set auth_enabled to False and auth_toke...

CVE-2026-47396

The connected GHSA advisory details a concrete vulnerability in PraisonAI's call server: when CALL_SERVER_TOKEN is unset, authentication is disabled (verify_token() returns success), exposing sensitive agent-control endpoints on all interfaces. Affected: the router praisonai.api.agent_invoke (pat...

CVE-2026-47390

The connected GHSA advisory for PraisonAI spider_tools documents a SSRF protection bypass in spider_tools.py. The URL validator blocks only exact host strings (e.g., localhost, 127.0.0.1) and does not normalize or fully validate after DNS resolution, allowing alternate loopback representations (l...

CVE-2026-47398

CVE-2026-47398 has no description in the Initial document, but connected document GHSA-78R8-WWQV-R299 details a concrete RCE in PraisonAI: two unguarded spec.loader.exec_module call sites in praisonai/agents_generator.py (load_tools_from_module and load_tools_from_module_class) that execute modul...

CVE-2026-47233

CVE-2026-47233 (CVE entry reserved) is linked to a GitHub advisory for Admidio: an authenticated, non-admin user can delete inventory fields via mode=field_delete due to missing admin-right checks (only CSRF validation is performed). The vulnerability affects inventory_field deletion path: field_...

CVE-2026-47234

The connected GHSA advisory details a vulnerability in Admidio (v5.0.9) where debug logging writes raw cookie values for ADM...AUTO_LOGIN_ID and ADM...SESSION_ID via Set Cookie and Session Started logs. This exposes session tokens and auto-login credentials in logs, enabling potential credential ...

CVE-2026-47232

The connected advisory shows a concrete issue in Admidio v5.0.9: the sensitive export route in modules/sso/keys.php (case 'export') allows exporting a private key and certificate as a PKCS#12 bundle without CSRF protection. The code comments out the CSRF check, so an attacker-controlled page can ...

CVE-2026-47231

The GHSA advisory details an IDOR in Admidio’s documents-files.php, where the move_save handler validates only the destination folder’s rights and not the source folder containing the file. Specifically, it loads a file by UUID and moves it to a destination folder after only checking the destinat...

CVE-2026-47230

The connected GitHub advisory describes an IDOR in Admidio: the top-level rights check in modules/documents-files.php validates folder_uuid, but file_rename actions operate on file_uuid without re-verifying the file’s parent folder. renameFile() uses getFileForDownload() (read rights only) and pr...

CVE-2026-47229

CVE-2026-47229 / GHSA-XG76-5QJ2-2HHV (Admidio) : A CSRF weakness in the SSO client enable workflow allows an authenticated admin to toggle SAML/OIDC client enabled state via a GET request (no CSRF token) in modules/sso/clients.php. The vulnerable path sets the smc_enabled/ocl_enabled flag and per...

CVE-2026-47228

Summary (CVE-2026-47228 / Admidio) : The GitHub advisory details a CSRF flaw in Admidio’s modules/registration.php when mode=send_login is used. The code path regenerates a user’s password via User::sendNewPassword() and emails the plaintext to the target user without validating a CSRF token and,...

CVE-2026-47227

The CVE is linked to GHSA-RWJR-QJJ3-MQ2F describing a cross‑module category permission bug in Admidio. Due to dead code (checking mode vs. type) and missing per‑record authorization, an administrator for one module can delete/reorder/rename categories owned by other modules via modules/categories...

CVE-2026-47226

This CVE-2026-47226 entry relates to Admidio (v5.0.9) where an authenticated user with upload rights on any one folder can delete files from other folders where they only have view rights. Root cause: the authorization check uses attacker-controlled folder_uuid when performing file_delete, and th...

CVE-2026-47211

CVE-2026-47211 / GHSA-C4M7-2GWP-VW76 : The Ouroboros advisory details a remote code execution (RCE) vulnerability caused by loading environment variables from the current working directory’s .env file. Specifically, untrusted project-local overrides such as OUROBOROS_CLI_PATH and OPENCODE_CLI_PAT...

CVE-2026-9831

The CVE-2026-9831 entry describes a race condition in the shared Extreme Platform ONE IAM Gateway API-key authentication path. Under high-concurrency traffic, requests authenticated with an Extreme Platform ONE /IAM API key could intermittently return data for a different tenant, indicating cross...

CVE-2026-47695

CC-Tweaked contains an SSRF bypass vulnerability where an attacker who can run Lua can reach internal IPv4 services through NAT64 by abusing the IPv6 NAT64 prefix 64:ff9b::/96. The HTTP API by design filters private ranges but fails to recognize NAT64 addresses, causing http.request/http.websocke...

CVE-2026-47184

The CVE entry CVE-2026-47184 is associated with a GitHub Advisory for zeroconf. A memory-exhaustion vulnerability exists in zeroconf’s DNS cache: unbounded caching of every response into cache, _expirations, _expire_heap, and service_cache with no cap, allowing a LAN-local attacker to flood multi...

CVE-2026-47183

The CVE-2026-47183 entry corresponds to a memory exhaustion issue in the zeroconf Python package (python-zeroconf/zeroconf) caused by unbounded exception-dedup state stored from mDNS name-decoding paths. An unauthenticated, LAN-local attacker can drive memory growth by sending crafted packets to ...

CVE-2026-47180

CVE-2026-47180 corresponds to a zeroconf issue (GHSA-9PGC-3CCV-5297) involving an unbounded recursion in the DNS compression-pointer decoder for mDNS. The vulnerability allows any unauthenticated host on the local link (UDP/5353, 224.0.0.251 / ff02::fb) to degrade the mDNS listener, causing high ...

CVE-2026-46385

Summary (CVE-2026-46385) iskorotkov/avro’s Go Avro decoder can trigger remote, unauthenticated CPU exhaustion by looping up to math.MaxInt64 iterations when decoding large attacker-controlled block counts, because inner loops did not check the reader’s error state after each decode. Affected: git...

CVE-2026-46384

CVE-2026-46384 affects iskorotkov/avro (Go) prior to v2.33.0. The root causes are integer overflow and narrowing in Avro decoding paths, including: ReadBlockHeader narrowing on 32-bit targets; cumulative size overflow in arrayDecoder.Decode / mapDecoder.Decode / mapDecoderUnmarshaler.Decode; MinI...

CVE-2026-45149

The CVE-2026-45149 issue affects the brace-expansion library (Julian Gruber) where the max option was applied too late for 5.0.0–5.0.5. When expanding a large numeric range (e.g., {1..10000000}), the code builds all intermediate elements before enforcing max, allocating about 505 MB and taking ~8...

CVE-2026-45294

FreeScout (PHP/Laravel) before version 1.8.219 is vulnerable. The password reset endpoint returns visually distinct responses based on whether the submitted email belongs to an existing user, enabling unauthenticated enumeration of valid helpdesk agent email addresses. Root cause: inadequate obfu...

CVE-2026-47123

FreeScout (PHP/Laravel) prior to 1.8.220 is affected. The FetchEmails command has two paths to identify agent replies via In-Reply-To / References headers. The notification path (notify-{thread_id}-{user_id}-…) derives thread_id and user_id from Message-ID without HMAC verification, enabling an e...

CVE-2026-48557

The CVE affects Spatie Laravel Media Library prior to 11.23.0. In FileAdder::defaultSanitizer(), the file upload filter only checks the final filename suffix, allowing double-extension names like shell.php.jpg to bypass the blocklist, since inner .php stems are preserved by pathinfo(). The blockl...

CVE-2026-48810

FreeScout (Laravel PHP) contains a vulnerability where ThreadPolicy::edit allows a user with PERM_EDIT_CONVERSATIONS who created a message in Mailbox A to rewrite the thread after being removed from the mailbox, due to a missing mailbox membership check (the same issue observed in ThreadPolicy::d...

CVE-2026-48811

FreeScout (Laravel) contains a vulnerability where a non-admin can permanently delete an internal note (private thread) in any conversation, even after mailbox access is revoked. The root cause is the ThreadPolicy::delete authorization not verifying mailbox membership, allowing former members to ...

CVE-2026-47122

The CVE entry CVE-2026-47122 is associated with Sparkle's AppInstaller post-stage-1 XPC listener, where after _performedStage1Installation is YES, new connections to the -spki Mach service are accepted without team-ID or code-signing checks. This allows a local attacker to inject a forged SPUSent...

CVE-2026-47121

CVE-2026-47121 is a defense‑in‑depth issue in Sparkle’s delta application flow. The advisory details that Autoupdate/SUBinaryDeltaApply.m can be coerced to process symlinks in .delta payloads, and that a shallow parent‑symlink check (only one level up; skips deeper components) allows a malicious ...

CVE-2026-45700

FreeRDP (prior to 3.26.0) has a heap-buffer-overflow in the planar bitmap decoder. The bug occurs in freerdp_bitmap_decompress_planar() validating X destination coordinate against nDstStep; an attacker can bypass the check with large nDstStep and nXDst, causing planar_decompress_plane_rle() to wr...

CVE-2026-44420

CVE-2026-44420 affects FreeRDP before version 3.26.0. A malicious RDP client can trigger a heap-buffer-overflow write in the server-side clipboard (cliprdr) channel by sending a CB_CLIP_CAPS PDU with a too-small capabilitySetLength, which can crash the server (remote DoS) and may be exploitable f...

CVE-2026-44422

CVE-2026-44422 affects FreeRDP prior to 3.26.0. The RDPEAR NDR parser incorrectly reused a non-null NDR pointer ref-id across multiple logical pointer fields, causing the same heap object to be assigned to two outputs. The destructor then frees both pointers, enabling a heap use-after-free / doub...

CVE-2026-44421

CVE-2026-44421 affects FreeRDP prior to 3.26.0. A malicious RDP server can trigger a heap-buffer-overflow in the client via crafted RDPGFX PDUs in gdi_CacheToSurface, by validating a destination rectangle clamped to UINT16_MAX but copying using the original cacheEntry->width/height, causing a ...

CVE-2026-46599

The CVE-2026-46599 entry corresponds to excessive resource consumption in the TIFF PackBits decompression in golang.org/x/image/tiff. The root cause is that the TIFF decoder does not place a limit on the size of PackBits-compressed data, enabling a malicious image (even small in dimensions) to dr...

CVE-2026-44287

CVE-2026-44287 : In FastGPT, before 4.15.0-beta1, the JavaScript sandbox worker at projects/code-sandbox/src/pool/worker.ts:356 blocks dynamic import() with the regex /\bimport\s*(/. The payload import/**/("child_process") parses as valid dynamic import, escaping detection because the regex only ...