搜尋
4,316 筆結果- CRITICAL9.6CVE-2026-47413praisonai-platform: Any workspace member can add arbitrary user as owner via POST /workspaces/{id}/members
- CRITICAL9.6CVE-2026-47416praisonai-platform: Any workspace member can promote themselves or others to owner via PATCH /workspaces/{id}/members/{user_id}
- CRITICAL9.8CVE-2026-47410praisonai-platform: JWT signing key defaults to hardcoded "dev-secret-change-me", allowing token forgery for any user when PLATFORM_ENV is unset
- CRITICAL9.8CVE-2026-47391PraisonAI's unauthenticated A2A official example can reach real LLM-driven `eval()` tool execution
- CRITICAL9.9CVE-2026-47392PraisonAI vulnerable to sandbox escape via `print.__self__` builtins module leak in `execute_code` (subprocess mode)
- CRITICAL9.8CVE-2026-47393PraisonAI `deploy --type api` emits a Flask server with authentication disabled by default
- CRITICAL9.8CVE-2026-47396PraisonAI call server exposes unauthenticated agent listing, invocation, and deletion when CALL_SERVER_TOKEN is unset
- CRITICAL9.8CVE-2026-45700EPSS 0.02%FreeRDP is a free implementation of the Remote Desktop Protocol.
- CRITICAL9.9CVE-2026-45372EPSS 0.06%cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library.
- CRITICAL9.8CVE-2026-8838EPSS 0.08%amazon-redshift-python-driver vulnerable to Remote Code Execution via eval() Injection
- CRITICAL9.6CVE-2026-2611EPSS 0.04%MLflow: Improper Origin Validation in MLflow Assistant /ajax-api Endpoints Enables Browser-Mediated Local Command Execution
- CRITICAL9.6CVE-2026-9967EPSS 0.11%Out of bounds write in GPU in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a…
- CRITICAL9.6CVE-2026-9918EPSS 0.08%Inappropriate implementation in Tint in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox es…
- CRITICAL9.0CVE-2026-9891EPSS 0.16%Use after free in Extensions in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to…
- CRITICAL9.6CVE-2026-9886EPSS 0.12%Use after free in Base in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape vi…
- CRITICAL9.0CVE-2026-9881EPSS 0.04%Use after free in Bluetooth in Google Chrome on Mac prior to 148.0.7778.216 allowed an attacker who convinced a user to install a malicious…
- CRITICAL9.6CVE-2026-9876EPSS 0.11%Use after free in WebGL in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox esca…
- CRITICAL9.6CVE-2026-9875EPSS 0.08%Out of bounds read in WebGL in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox…
- CRITICAL9.6CVE-2026-9874EPSS 0.07%Use after free in Dawn in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a cra…
- CRITICAL9.6CVE-2026-9872EPSS 0.11%Out of bounds write in GPU in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox e…
- CRITICAL9.8CVE-2026-46195EPSS 0.06%In the Linux kernel, the following vulnerability has been resolved: smb: client: validate dacloffset before building DACL pointers parse_se…
- CRITICAL9.1CVE-2026-46185EPSS 0.07%In the Linux kernel, the following vulnerability has been resolved: smb/client: fix out-of-bounds read in symlink_data() Since smb2_check_m…
- CRITICAL9.1CVE-2026-46155EPSS 0.06%In the Linux kernel, the following vulnerability has been resolved: smb/client: fix out-of-bounds read in smb2_compound_op() If a server se…
- CRITICAL9.8CVE-2026-46137EPSS 0.06%In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: ADD_ADDR rtx: fix potential data-race This mptcp_pm_add_time…
- CRITICAL9.8CVE-2026-46135EPSS 0.07%In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: fix race between ICReq handling and queue teardown nvmet_tcp…
第 1 / 173 頁下一頁 →