搜尋

662 筆結果

嚴重程度:CRITICAL HIGH MEDIUM LOW|生態系:npm PyPI Maven Debian Alpine|⚠ 只看 KEV

CRITICAL9.6CVE-2026-47413praisonai-platform: Any workspace member can add arbitrary user as owner via POST /workspaces/{id}/members2026/6/1
CRITICAL9.6CVE-2026-47416praisonai-platform: Any workspace member can promote themselves or others to owner via PATCH /workspaces/{id}/members/{user_id}2026/5/29
CRITICAL9.8CVE-2026-47410praisonai-platform: JWT signing key defaults to hardcoded "dev-secret-change-me", allowing token forgery for any user when PLATFORM_ENV is unset2026/5/29
CRITICAL9.8CVE-2026-47391PraisonAI's unauthenticated A2A official example can reach real LLM-driven `eval()` tool execution2026/5/29
CRITICAL9.9CVE-2026-47392PraisonAI vulnerable to sandbox escape via `print.__self__` builtins module leak in `execute_code` (subprocess mode)2026/5/29
CRITICAL9.8CVE-2026-47393PraisonAI `deploy --type api` emits a Flask server with authentication disabled by default2026/5/29
CRITICAL9.8CVE-2026-47396PraisonAI call server exposes unauthenticated agent listing, invocation, and deletion when CALL_SERVER_TOKEN is unset2026/5/29
CRITICAL9.8CVE-2026-8838EPSS 0.08%amazon-redshift-python-driver vulnerable to Remote Code Execution via eval() Injection2026/5/29
CRITICAL9.6CVE-2026-2611EPSS 0.04%MLflow: Improper Origin Validation in MLflow Assistant /ajax-api Endpoints Enables Browser-Mediated Local Command Execution2026/5/29
CRITICAL9.8CVE-2026-25879EPSS 0.08%Langroid has Prompt to SQL Injection, Leading to RCE2026/5/27
CRITICAL9.6CVE-2026-46703OCI layer symlink escape → arbitrary host write2026/5/21
CRITICAL10.0CVE-2026-46695Read-only volume remount bypass via guest CAP_SYS_ADMIN2026/5/21
CRITICAL9.8CVE-2026-31072EPSS 0.18%APScheduler's JSONSerializer and CBORSerializer are vulnerable to Remote Code Execution (RCE) via Insecure Deserialization2026/5/19
CRITICAL9.6CVE-2026-45758Malicious code in guardrails-ai 0.10.1 (supply chain compromise)2026/5/19
CRITICAL9.8CVE-2026-7304EPSS 0.43%SGLang: Unauthenticated RCE via --enable-custom-logit-processor2026/5/18
CRITICAL9.1CVE-2026-7302EPSS 0.10%SGLang's multimodal generation runtime has an unauthenticated path traversal vulnerability2026/5/18
CRITICAL9.8CVE-2026-7301EPSS 0.06%SGLanG: Multimodal scheduler deserializes untrusted pickle data on 0.0.0.0 ROUTER socket2026/5/18
CRITICAL10.0CVE-2026-45369EPSS 0.01%utcp-cli Vulnerable to Command Injection via Unsanitized Argument Substitution in CLI Communication Protocol2026/5/14
CRITICAL9.8CVE-2026-31239EPSS 0.05%mamba language model framework vulnerable to insecure deserialization when loading pre-trained models from HuggingFace Hub2026/5/12
CRITICAL9.8CVE-2026-31238EPSS 0.09%Ludwig framework is vulnerable to insecure deserialization in its model serving component2026/5/12
CRITICAL9.8CVE-2026-31237EPSS 0.51%Ludwig framework is vulnerable to insecure deserialization through its predict() method.2026/5/12
CRITICAL9.8CVE-2026-31236EPSS 0.10%llm CLI tool contains a code injection vulnerability via `--functions` command-line argument2026/5/12
CRITICAL9.8CVE-2026-31235EPSS 0.09%imgaug contains an insecure deserialization vulnerability in BackgroundAugmenter class within multicore.py module2026/5/12
CRITICAL9.8CVE-2026-31234EPSS 0.73%Horovod contains an insecure deserialization vulnerability in its KVStore HTTP server component2026/5/12
CRITICAL9.8CVE-2026-31233EPSS 0.38%Guardrails AI contains a code injection vulnerability in its Hub package installation mechanism2026/5/12

第 1 / 27 頁下一頁 →