|
1641
|
8.1 |
HIGH
Network
|
linuxfoundation
|
kedro
|
Kedro is a toolbox for production-ready data science. Prior to 1.3.0, the _get_versioned_path() method in kedro/io/core.py constructs filesystem paths by directly interpolating user-supplied version …
|
CWE-22
Path Traversal
|
CVE-2026-35167
|
2026-04-15 00:26 |
2026-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1642
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
There exists an arbitrary memory read within the Linux Kernel BPF - Constants provided to fill pointers in structs passed in to bpf_sys_bpf are not verified and can point anywhere, including memory n…
|
CWE-125
Out-of-bounds Read
|
CVE-2022-2785
|
2026-04-15 00:23 |
2022-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1643
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
Se presenta una lectura de memoria arbitraria dentro del BPF del Kernel de Linux - Las constantes proporcionadas para rellenar los punteros en los structs pasados a bpf_sys_bpf no son verificados y p…
|
CWE-125
Out-of-bounds Read
|
CVE-2022-2785
|
2026-04-15 00:23 |
2022-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1644
|
7.1 |
HIGH
Network
|
lfprojects
|
model_context_protocol_servers
|
In mcp-server-git versions prior to 2025.12.17, the git_diff and git_checkout functions passed user-controlled arguments directly to git CLI commands without sanitization. Flag-like values (e.g., `--…
|
CWE-88
Argument Injection
|
CVE-2025-68144
|
2026-04-15 00:23 |
2025-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1645
|
- |
|
-
|
-
|
PraisonAI is a multi-agent teams system. Prior to 4.5.128, cmd_unpack in the recipe CLI extracts .praison tar archives using raw tar.extract() without validating archive member paths. A .praison bund…
|
CWE-22
Path Traversal
|
CVE-2026-40157
|
2026-04-15 00:16 |
2026-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1646
|
7.7 |
HIGH
Network
|
-
|
-
|
PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, the web_crawl() function in praisonaiagents/tools/web_crawl_tools.py accepts arbitrary URLs from AI agents with zero validation. No sc…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-40150
|
2026-04-15 00:16 |
2026-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1647
|
5.4 |
MEDIUM
Network
|
-
|
-
|
PraisonAI is a multi-agent teams system. Prior to 4.5.128, the Flask API endpoint in src/praisonai/api.py renders agent output as HTML without effective sanitization. The _sanitize_html function reli…
|
CWE-79
Cross-site Scripting
|
CVE-2026-40112
|
2026-04-15 00:16 |
2026-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1648
|
9.6 |
CRITICAL
Network
|
-
|
-
|
Cross-Site Request Forgery (CSRF) vulnerability in mndpsingh287 Theme Editor theme-editor allows Code Injection.This issue affects Theme Editor: from n/a through <= 3.2.
|
CWE-352
Origin Validation Error
|
CVE-2026-39640
|
2026-04-15 00:16 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1649
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Portfolio grandportfolio allows Cross Site Request Forgery.This issue affects Grand Portfolio: from n/a through <= 3.3.
|
CWE-352
Origin Validation Error
|
CVE-2026-39634
|
2026-04-15 00:16 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1650
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Blog grandblog allows Cross Site Request Forgery.This issue affects Grand Blog: from n/a through <= 3.1.
|
CWE-352
Origin Validation Error
|
CVE-2026-39632
|
2026-04-15 00:16 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
