Search

6,192 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

CRITICAL9.6CVE-2026-47413praisonai-platform: Any workspace member can add arbitrary user as owner via POST /workspaces/{id}/members6/1/2026
CRITICAL9.6CVE-2026-47428Vitest browser mode serves unsanitized otelCarrier query parameter as inline script6/1/2026
CRITICAL9.8CVE-2026-47429When Vitest UI server is listening, arbitrary file can be read and executed6/1/2026
CRITICAL9.6CVE-2026-47416praisonai-platform: Any workspace member can promote themselves or others to owner via PATCH /workspaces/{id}/members/{user_id}5/29/2026
CRITICAL9.8CVE-2026-47410praisonai-platform: JWT signing key defaults to hardcoded "dev-secret-change-me", allowing token forgery for any user when PLATFORM_ENV is unset5/29/2026
CRITICAL9.8CVE-2026-47391PraisonAI's unauthenticated A2A official example can reach real LLM-driven `eval()` tool execution5/29/2026
CRITICAL9.9CVE-2026-47392PraisonAI vulnerable to sandbox escape via `print.__self__` builtins module leak in `execute_code` (subprocess mode)5/29/2026
CRITICAL9.8CVE-2026-47393PraisonAI `deploy --type api` emits a Flask server with authentication disabled by default5/29/2026
CRITICAL9.8CVE-2026-47396PraisonAI call server exposes unauthenticated agent listing, invocation, and deletion when CALL_SERVER_TOKEN is unset5/29/2026
CRITICAL9.8CVE-2026-45700EPSS 0.02%FreeRDP is a free implementation of the Remote Desktop Protocol.5/29/2026
CRITICAL9.9CVE-2026-45372EPSS 0.04%cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library.5/29/2026
CRITICAL9.8CVE-2026-8838EPSS 0.08%amazon-redshift-python-driver vulnerable to Remote Code Execution via eval() Injection5/29/2026
CRITICAL10.0CVE-2026-47140NodeVM builtin denylist bypass via process and inspector/promises allows host code execution5/29/2026
CRITICAL9.8CVE-2026-47210vm2 sandbox escape via JSPI-backed Promise `.finally()` species bypass5/29/2026
CRITICAL10.0CVE-2026-47137vm2 has a CVE-2023-37903 patch bypass: nesting:true without explicit require still allows full RCE5/29/2026
CRITICAL10.0CVE-2026-47208vm2 is Vulnerable to Sandbox Breakout Through Promise Species5/29/2026
CRITICAL10.0CVE-2026-47131vm2 has a Sandbox Escape issue5/29/2026
CRITICAL9.6CVE-2026-2611EPSS 0.04%Improper Origin Validation in mlflow/mlflow5/29/2026
CRITICAL9.8CVE-2026-48902EPSS 0.00%Joomla! Core - [20260518] - Transport encryption downgrade for password and username reset links5/29/2026
CRITICAL9.6CVE-2026-9967EPSS 0.08%Out of bounds write in GPU in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a…5/28/2026
CRITICAL9.6CVE-2026-9918EPSS 0.08%Inappropriate implementation in Tint in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox es…5/28/2026
CRITICAL9.0CVE-2026-9891EPSS 0.12%Use after free in Extensions in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to…5/28/2026
CRITICAL9.6CVE-2026-9886EPSS 0.07%Use after free in Base in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape vi…5/28/2026
CRITICAL9.0CVE-2026-9881EPSS 0.02%Use after free in Bluetooth in Google Chrome on Mac prior to 148.0.7778.216 allowed an attacker who convinced a user to install a malicious…5/28/2026
CRITICAL9.6CVE-2026-9876EPSS 0.10%Use after free in WebGL in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox esca…5/28/2026

Page 1 of 248Next →