Search

3,739 results

Severity:CRITICAL HIGH MEDIUM LOW|Ecosystem:npm PyPI Maven Debian Alpine|⚠ In KEV only

MEDIUM5.5CVE-2026-44022Docling: Potential Path Traversal via LaTeX \includegraphics and \input Commands6/3/2026
HIGH8.1CVE-2026-47412praisonai-platform: Any workspace member can delete the entire workspace via DELETE /workspaces/{id}6/1/2026
HIGH8.3CVE-2026-47415praisonai-platform: Issue endpoints accept any issue_id without workspace ownership check, cross-workspace read/update/delete IDOR6/1/2026
MEDIUM6.5CVE-2026-47411praisonai-platform: Any workspace member can rewrite workspace name, description, and settings via PATCH /workspaces/{id}6/1/2026
HIGH8.1CVE-2026-47417praisonai-platform: Comment endpoints accept any issue_id without workspace ownership check, cross-workspace comment read and post IDOR6/1/2026
HIGH8.1CVE-2026-47418praisonai-platform: Project endpoints accept any project_id without workspace ownership check, cross-workspace read/update/delete IDOR6/1/2026
MEDIUM6.5CVE-2026-42360EPSS 0.05%Apache Airflow: Rendered template truncation bypasses nested sensitive-key masking6/1/2026
MEDIUM5.9CVE-2026-41017EPSS 0.02%Apache Airflow: JWT cookie missing Secure flag in JWTRefreshMiddleware behind HTTPS-terminating proxy6/1/2026
MEDIUM6.5CVE-2026-45192EPSS 0.04%Apache Airflow: Incomplete Redaction of Sensitive Fields in Connection Extra API Response6/1/2026
HIGH8.1CVE-2026-47409praisonai-platform: Missing authorization on member removal enables full workspace takeover by any user regardless of role5/29/2026
HIGH7.6CVE-2026-47414praisonai-platform: Label endpoints' unchecked label_id/issue_id enable cross-workspace label IDOR (edit, delete, link)5/29/2026
HIGH8.1CVE-2026-47406praisonai-platform: IDOR in dependency endpoints allows cross-workspace issue linking, reading, and deletion due to missing ownership checks5/29/2026
HIGH8.8CVE-2026-47405PraisonAI Platform: Missing role checks let any workspace member become owner and control workspace membership5/29/2026
HIGH8.8CVE-2026-47399PraisonAI Platform workspace-scoped routes allow cross-workspace object access by global object ID5/29/2026
MEDIUM6.5CVE-2026-47408praisonai-platform: list_issue_activity returns activity log for any issue regardless of workspace ownership5/29/2026
HIGH8.8CVE-2026-48169PraisonAI has Cross-Workspace IDOR and Privilege Escalation via Platform API5/29/2026
MEDIUM5.5CVE-2026-47395PraisonAI CLI automatically resolves @url mentions in prompt text and can read loopback URLs into model context5/29/2026
MEDIUM5.5CVE-2026-47390PraisonAI spider_tools SSRF protection bypass via alternate loopback host encodings5/29/2026
HIGH8.1CVE-2026-47398PraisonAI: Arbitrary code execution via unguarded `spec.loader.exec_module` in `agents_generator.py` - sibling of CVE-2026-443345/29/2026
MEDIUM6.5CVE-2026-47213BoxLite has a Timeout Bypass Vulnerability5/29/2026
MEDIUM6.5CVE-2026-47184zeroconf has unbounded DNS record cache that allows LAN-local memory exhaustion via multicast flood5/29/2026
MEDIUM6.5CVE-2026-47183zeroconf: Unbounded exception-dedup state retains packet buffers via traceback frame locals, enabling LAN-local memory exhaustion5/29/2026
MEDIUM6.5CVE-2026-47180zeroconf has unbounded recursion in DNS compression-pointer decoder that allows LAN-local denial of service5/29/2026
HIGH8.8CVE-2026-42305Dulwich has an arbitrary file write via NTFS-hostile tree entries on Windows5/28/2026
MEDIUM5.5CVE-2026-47144Shamefile has an arbitrary file read via shamefile.yaml in shame next5/28/2026

Page 1 of 150Next →