Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
11067
Total
752
Critical
3202
High
3546
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-5984 | HIGH | 8.8 | A vulnerability was identified in D-Link DIR-605L 2.13B01. Impacted is the function formSetLog of the file /goform/formSetLog of the component POST Request Handler. The manipulation … | Apr 09, 2026 |
| CVE-2026-5983 | HIGH | 8.8 | A vulnerability was determined in D-Link DIR-605L 2.13B01. This issue affects the function formSetDDNS of the file /goform/formSetDDNS of the component POST Request Handler. Executing … | Apr 09, 2026 |
| CVE-2026-5982 | HIGH | 8.8 | A vulnerability was found in D-Link DIR-605L 2.13B01. This vulnerability affects the function formAdvNetwork of the file /goform/formAdvNetwork of the component POST Request Handler. Performing … | Apr 09, 2026 |
| CVE-2026-5981 | HIGH | 8.8 | A vulnerability has been found in D-Link DIR-605L 2.13B01. This affects the function formAdvFirewall of the file /goform/formAdvFirewall of the component POST Request Handler. Such … | Apr 09, 2026 |
| CVE-2026-5778 | UNKNOWN | — | Integer underflow in wolfSSL packet sniffer <= 5.9.0 allows an attacker to cause a program crash in the AEAD decryption path by injecting a TLS … | Apr 09, 2026 |
| CVE-2026-5772 | UNKNOWN | — | A 1-byte stack buffer over-read was identified in the MatchDomainName function (src/internal.c) during wildcard hostname validation when the LEFT_MOST_WILDCARD_ONLY flag is active. If a wildcard … | Apr 09, 2026 |
| CVE-2026-5264 | UNKNOWN | — | Heap buffer overflow in DTLS 1.3 ACK message processing. A remote attacker can send a crafted DTLS 1.3 ACK message that triggers a heap buffer … | Apr 09, 2026 |
| CVE-2026-5263 | UNKNOWN | — | URI nameConstraints from constrained intermediate CAs are parsed but not enforced during certificate chain verification in wolfcrypt/src/asn.c. A compromised or malicious sub-CA could issue leaf … | Apr 09, 2026 |
| CVE-2026-40154 | CRITICAL | 9.3 | PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI treats remotely fetched template files as trusted executable code without integrity verification, origin validation, or … | Apr 09, 2026 |
| CVE-2026-40153 | HIGH | 7.4 | PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, the execute_command function in shell_tools.py calls os.path.expandvars() on every command argument at line 64, manually re-implementing … | Apr 09, 2026 |
| CVE-2026-40152 | MEDIUM | 5.3 | PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, he list_files() tool in FileTools validates the directory parameter against workspace boundaries via _validate_path(), but passes … | Apr 09, 2026 |
| CVE-2026-40151 | MEDIUM | 5.3 | PraisonAI is a multi-agent teams system. Prior to 4.5.128, the AgentOS deployment platform exposes a GET /api/agents endpoint that returns agent names, roles, and the … | Apr 09, 2026 |
| CVE-2026-40150 | HIGH | 7.7 | PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, the web_crawl() function in praisonaiagents/tools/web_crawl_tools.py accepts arbitrary URLs from AI agents with zero validation. No scheme … | Apr 09, 2026 |
| CVE-2026-40149 | HIGH | 7.9 | PraisonAI is a multi-agent teams system. Prior to 4.5.128, the gateway's /api/approval/allow-list endpoint permits unauthenticated modification of the tool approval allowlist when no auth_token is … | Apr 09, 2026 |
| CVE-2026-40148 | MEDIUM | 6.5 | PraisonAI is a multi-agent teams system. Prior to 4.5.128, the _safe_extractall() function in PraisonAI's recipe registry validates archive members against path traversal attacks but performs … | Apr 09, 2026 |
| CVE-2026-40117 | MEDIUM | 6.2 | PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, read_skill_file() in skill_tools.py allows reading arbitrary files from the filesystem by accepting an unrestricted skill_path parameter. … | Apr 09, 2026 |
| CVE-2026-40116 | HIGH | 7.5 | PraisonAI is a multi-agent teams system. Prior to 4.5.128, the /media-stream WebSocket endpoint in PraisonAI's call module accepts connections from any client without authentication or … | Apr 09, 2026 |
| CVE-2026-40115 | MEDIUM | 6.2 | PraisonAI is a multi-agent teams system. Prior to 4.5.128, the WSGI-based recipe registry server (server.py) reads the entire HTTP request body into memory based on … | Apr 09, 2026 |
| CVE-2026-40114 | HIGH | 7.2 | PraisonAI is a multi-agent teams system. Prior to 4.5.128, the /api/v1/runs endpoint accepts an arbitrary webhook_url in the request body with no URL validation. When … | Apr 09, 2026 |
| CVE-2026-40113 | HIGH | 8.4 | PraisonAI is a multi-agent teams system. Prior to 4.5.128, deploy.py constructs a single comma-delimited string for the gcloud run deploy --set-env-vars argument by directly interpolating … | Apr 09, 2026 |
| CVE-2026-40112 | MEDIUM | 5.4 | PraisonAI is a multi-agent teams system. Prior to 4.5.128, the Flask API endpoint in src/praisonai/api.py renders agent output as HTML without effective sanitization. The _sanitize_html … | Apr 09, 2026 |
| CVE-2026-40111 | UNKNOWN | — | PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, he memory hooks executor in praisonaiagents passes a user-controlled command string directly to subprocess.run() with shell=True … | Apr 09, 2026 |
| CVE-2026-39848 | MEDIUM | 6.5 | Dockyard is a Docker container management app. Prior to 1.1.0, Docker container start and stop operations are performed through GET requests without CSRF protection. A … | Apr 09, 2026 |
| CVE-2026-35646 | MEDIUM | 4.8 | OpenClaw before 2026.3.25 contains a pre-authentication rate-limit bypass vulnerability in webhook token validation that allows attackers to brute-force weak webhook secrets. The vulnerability exists because … | Apr 09, 2026 |
| CVE-2026-35645 | HIGH | 8.1 | OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in the gateway plugin subagent fallback deleteSession function that uses a synthetic operator.admin runtime scope. Attackers can … | Apr 09, 2026 |