|
1501
|
5.4 |
MEDIUM
Network
|
adobe
|
experience_manager
|
Adobe Experience Manager versions FP11.4 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts in…
|
CWE-79
Cross-site Scripting
|
CVE-2025-49534
|
2026-04-15 03:16 |
2025-07-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1502
|
5.4 |
MEDIUM
Network
|
adobe
|
experience_manager
|
Las versiones 11.4 y anteriores de Adobe Experience Manager se ven afectadas por una vulnerabilidad de Cross-Site Scripting (XSS) Almacenado que un atacante con pocos privilegios podría aprovechar pa…
|
CWE-79
Cross-site Scripting
|
CVE-2025-49534
|
2026-04-15 03:16 |
2025-07-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1503
|
8.8 |
HIGH
Network
|
microsoft
|
excel
excel_viewer
office
office_compatibility_pack
office_excel
office_excel_viewer
|
Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1; and Excel in…
|
CWE-94
Code Injection
|
CVE-2009-0238
|
2026-04-15 03:16 |
2009-02-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1504
|
8.8 |
HIGH
Network
|
microsoft
|
excel
excel_viewer
office
office_compatibility_pack
office_excel
office_excel_viewer
|
Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3 y 2007 SP1; Excel Viewer 2003 Gold y SP3; Excel Viewer; Compatibility Pack para Word, Excel y PowerPoint 2007 File Formats SP1; y Excel de Microsof…
|
CWE-94
Code Injection
|
CVE-2009-0238
|
2026-04-15 03:16 |
2009-02-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1505
|
9.8 |
CRITICAL
Network
|
praison
|
praisonai
|
PraisonAI is a multi-agent teams system. Prior to version 4.5.90, the get_all_user_threads function constructs raw SQL queries using f-strings with unescaped thread IDs fetched from the database. An …
|
CWE-89
SQL Injection
|
CVE-2026-34934
|
2026-04-15 03:15 |
2026-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1506
|
9.8 |
CRITICAL
Network
|
praison
|
praisonai
|
PraisonAI is a multi-agent teams system. From version 4.5.15 to before version 4.5.69, the --mcp CLI argument is passed directly to shlex.split() and forwarded through the call chain to anyio.open_pr…
|
CWE-78
OS Command
|
CVE-2026-34935
|
2026-04-15 03:14 |
2026-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1507
|
7.7 |
HIGH
Network
|
praison
|
praisonai
|
PraisonAI is a multi-agent teams system. Prior to version 4.5.90, passthrough() and apassthrough() in praisonai accept a caller-controlled api_base parameter that is concatenated with endpoint and pa…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-34936
|
2026-04-15 03:14 |
2026-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1508
|
8.8 |
HIGH
Network
|
doobidoo
|
mcp-memory-service
|
mcp-memory-service is an open-source memory backend for multi-agent systems. Prior to version 10.25.1, when the HTTP server is enabled (MCP_HTTP_ENABLED=true), the application configures FastAPI's CO…
|
CWE-942
NVD-CWE-Other
Permissive Cross-domain Policy with Untrusted Domains
|
CVE-2026-33010
|
2026-04-15 03:12 |
2026-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1509
|
8.8 |
HIGH
Network
|
doobidoo
|
mcp-memory-service
|
mcp-memory-service es un backend de memoria de código abierto para sistemas multiagente. Antes de la versión 10.25.1, cuando el servidor HTTP está habilitado (MCP_HTTP_ENABLED=true), la aplicación co…
|
CWE-942
NVD-CWE-Other
Permissive Cross-domain Policy with Untrusted Domains
|
CVE-2026-33010
|
2026-04-15 03:12 |
2026-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1510
|
9.8 |
CRITICAL
Network
|
praison
|
praisonaiagents
|
PraisonAI is a multi-agent teams system. Prior to version 1.5.90, run_python() in praisonai constructs a shell command string by interpolating user-controlled code into python3 -c "<code>" and passin…
|
CWE-78
OS Command
|
CVE-2026-34937
|
2026-04-15 03:09 |
2026-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
