|
1481
|
7.2 |
HIGH
Network
|
fortinet
|
fortianalyzer
fortianalyzer_cloud
fortimanager
fortimanager_cloud
|
An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7…
|
CWE-89
SQL Injection
|
CVE-2025-61848
|
2026-04-21 03:05 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1482
|
8.8 |
HIGH
Adjacent
|
fortinet
|
fortios
|
A missing authentication for critical function vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiOS …
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2025-53847
|
2026-04-21 03:04 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1483
|
4.3 |
MEDIUM
Network
|
fortinet
|
fortivoice
fortindr
|
An exposure of sensitive information to an unauthorized actor vulnerability in Fortinet FortiNDR 7.6.0, FortiNDR 7.4.0 through 7.4.8, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.…
|
CWE-200
Information Exposure
|
CVE-2024-23104
|
2026-04-21 03:03 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1484
|
8.4 |
HIGH
Local
|
praison
|
praisonai
praisonaiagents
|
PraisonAI is a multi-agent teams system. Versions 4.5.138 and below are vulnerable to arbitrary code execution through automatic, unsanitized import of a tools.py file from the current working direct…
|
CWE-94
CWE-426
Code Injection
Untrusted Search Path
|
CVE-2026-40287
|
2026-04-21 02:47 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1485
|
9.8 |
CRITICAL
Network
|
praison
|
praisonai
praisonaiagents
|
PraisonAI is a multi-agent teams system. In versions below 4.5.139 of PraisonAI and 1.5.140 of praisonaiagents, the workflow engine is vulnerable to arbitrary command and code execution through untru…
|
CWE-78
CWE-94
OS Command
Code Injection
|
CVE-2026-40288
|
2026-04-21 02:47 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1486
|
9.1 |
CRITICAL
Network
|
praison
|
praisonai
praisonaiagents
|
PraisonAI is a multi-agent teams system. In versions below 4.5.139 of PraisonAI and 1.5.140 of praisonaiagents, the browser bridge (praisonai browser start) is vulnerable to unauthenticated remote se…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-40289
|
2026-04-21 02:46 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1487
|
9.1 |
CRITICAL
Network
|
praison
|
praisonai
|
PraisonAI is a multi-agent teams system. In versions 4.5.139 and below, the GitHub Actions workflows are vulnerable to ArtiPACKED attack, a known credential leakage vector caused by using actions/che…
|
CWE-829
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2026-40313
|
2026-04-21 02:39 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1488
|
9.8 |
CRITICAL
Network
|
praison
|
praisonai
|
PraisonAI is a multi-agent teams system. Prior to 4.5.133, there is an SQL identifier injection vulnerability in SQLiteConversationStore where the table_prefix configuration value is directly concate…
|
CWE-89
SQL Injection
|
CVE-2026-40315
|
2026-04-21 02:38 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1489
|
5.5 |
MEDIUM
Network
|
maxkb
|
maxkb
|
MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain an incomplete fix for CVE-2025-53928, where a Remote Code Execution vulnerability still exists in the MCP node of…
|
CWE-20
CWE-78
Improper Input Validation
OS Command
|
CVE-2026-39417
|
2026-04-21 02:36 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1490
|
7.4 |
HIGH
Network
|
maxkb
|
maxkb
|
MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, sandbox network protection can be bypassed by using socket.sendto() with the MSG_FASTOPEN flag. This allows authentic…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-39418
|
2026-04-21 02:36 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
