|
3031
|
7.8 |
HIGH
Local
|
-
|
-
|
electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.7.9, a code execution (RCE) vulnerability exists in electerm's SFTP open with system edito…
|
CWE-78
CWE-88
OS Command
Argument Injection
|
CVE-2026-43943
|
2026-05-9 00:54 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3032
|
9.8 |
CRITICAL
Network
|
-
|
-
|
PraisonAI is a multi-agent teams system. Prior to version 4.6.9, the fix for PraisonAI's MCP command handling does not add a command allowlist or argument validation to parse_mcp_command(), allowing …
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-41497
|
2026-05-9 00:53 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3033
|
8.4 |
HIGH
Local
|
-
|
-
|
PraisonAI is a multi-agent teams system. From version 4.5.139 to before version 4.6.32, CVE-2026-40287's fix gated tools.py auto-import behind PRAISONAI_ALLOW_LOCAL_TOOLS=true in two files (tool_reso…
|
CWE-94
Code Injection
|
CVE-2026-44334
|
2026-05-9 00:53 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3034
|
- |
|
-
|
-
|
PraisonAI is a multi-agent teams system. Prior to version 1.6.32, the URL checking logic in PraisonAI has a logical flaw that could be bypassed by attackers, leading to SSRF attacks. This issue has b…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-44335
|
2026-05-9 00:53 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3035
|
6.3 |
MEDIUM
Network
|
-
|
-
|
PraisonAI is a multi-agent teams system. From version 2.4.1 to before version 4.6.34, PraisonAI exposes optional SQL/CQL-backed knowledge-store implementations that build table and index identifiers …
|
CWE-20
CWE-89
Improper Input Validation
SQL Injection
|
CVE-2026-44337
|
2026-05-9 00:53 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3036
|
7.3 |
HIGH
Network
|
-
|
-
|
PraisonAI is a multi-agent teams system. From version 2.5.6 to before version 4.6.34, PraisonAI ships a legacy Flask API server with authentication disabled by default. When that server is used, any …
|
CWE-306
CWE-668
CWE-1188
Missing Authentication for Critical Function
Exposure of Resource to Wrong Sphere
Insecure Default Initialization of Resource
|
CVE-2026-44338
|
2026-05-9 00:53 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3037
|
8.6 |
HIGH
Network
|
-
|
-
|
PraisonAI is a multi-agent teams system. Prior to praisonai version 4.6.37 and praisonaiagents version 1.6.37, praisonaiagents resolves unresolved tool names against module globals and __main__ after…
|
CWE-470
Unsafe Reflection
|
CVE-2026-44339
|
2026-05-9 00:53 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3038
|
- |
|
-
|
-
|
PraisonAI is a multi-agent teams system. Prior to version 4.6.37, the _safe_extractall helper that all recipe pull, recipe publish, and recipe unpack flows route through validates each archive member…
|
CWE-22
CWE-59
Path Traversal
Link Following
|
CVE-2026-44340
|
2026-05-9 00:53 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3039
|
- |
|
-
|
-
|
LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.74.2 to before version 1.83.7, two endpoints used to preview an MCP server before saving it — POST…
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-42271
|
2026-05-9 00:52 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3040
|
- |
|
-
|
-
|
A vulnerability in Remote Spark SparkView before build 1122 allows an attacker to bypasses the local connection check and achieve arbitrary code execution as root on the server side. Depending on imp…
|
CWE-290
CWE-807
Authentication Bypass by Spoofing
Reliance on Untrusted Inputs in a Security Decision
|
CVE-2026-6213
|
2026-05-9 00:51 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
