|
511
|
8.4 |
HIGH
Local
|
-
|
-
|
PraisonAI is a multi-agent teams system. Versions 4.5.138 and below are vulnerable to arbitrary code execution through automatic, unsanitized import of a tools.py file from the current working direct…
Update
|
CWE-94
CWE-426
Code Injection
Untrusted Search Path
|
CVE-2026-40287
|
2026-04-18 00:24 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
512
|
9.8 |
CRITICAL
Network
|
-
|
-
|
PraisonAI is a multi-agent teams system. In versions below 4.5.139 of PraisonAI and 1.5.140 of praisonaiagents, the workflow engine is vulnerable to arbitrary command and code execution through untru…
Update
|
CWE-78
CWE-94
OS Command
Code Injection
|
CVE-2026-40288
|
2026-04-18 00:24 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
513
|
9.1 |
CRITICAL
Network
|
-
|
-
|
PraisonAI is a multi-agent teams system. In versions below 4.5.139 of PraisonAI and 1.5.140 of praisonaiagents, the browser bridge (praisonai browser start) is vulnerable to unauthenticated remote se…
Update
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-40289
|
2026-04-18 00:24 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
514
|
9.1 |
CRITICAL
Network
|
-
|
-
|
PraisonAI is a multi-agent teams system. In versions 4.5.139 and below, the GitHub Actions workflows are vulnerable to ArtiPACKED attack, a known credential leakage vector caused by using actions/che…
Update
|
CWE-829
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2026-40313
|
2026-04-18 00:24 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
515
|
- |
|
-
|
-
|
PraisonAI is a multi-agent teams system. Prior to 4.5.133, there is an SQL identifier injection vulnerability in SQLiteConversationStore where the table_prefix configuration value is directly concate…
Update
|
CWE-89
SQL Injection
|
CVE-2026-40315
|
2026-04-18 00:24 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
516
|
- |
|
-
|
-
|
MCPHub in versions below 0.11.0 is vulnerable to authentication bypass. Some endpoints are not protected by authentication middleware, allowing an unauthenticated attacker to perform actions in the n…
Update
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2025-13822
|
2026-04-18 00:24 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
517
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Kiuwan SAST improperly authorizes SSO logins for locally disabled mapped user accounts, allowing disabled users to continue accessing the application. Kiuwan Cloud was affected, and Kiuwan SAST on-pr…
Update
|
CWE-863
Incorrect Authorization
|
CVE-2026-24069
|
2026-04-18 00:24 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
518
|
7.4 |
HIGH
Network
|
-
|
-
|
In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used, similar to the "funky chunks" techniques outlined here:
* https://w4ke.info/2025/06/18/funk…
Update
|
CWE-444
HTTP Request Smuggling
|
CVE-2026-2332
|
2026-04-18 00:24 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
519
|
7.1 |
HIGH
Network
|
-
|
-
|
A vulnerability has been identified in Industrial Edge Management Pro V1 (All versions >= V1.7.6 < V1.15.17), Industrial Edge Management Pro V2 (All versions >= V2.0.0 < V2.1.1), Industrial Edge Mana…
Update
|
CWE-305
Authentication Bypass by Primary Weakness
|
CVE-2026-33892
|
2026-04-18 00:24 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
520
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache PDFBox Examples.
This issue affects the
ExtractEmbeddedFiles example in Apache PDFBox: from 2.…
Update
|
CWE-22
Path Traversal
|
CVE-2026-33929
|
2026-04-18 00:24 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
