Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12565
Total
848
Critical
3603
High
3938
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-34952 | CRITICAL | 9.1 | PraisonAI is a multi-agent teams system. Prior to version 4.5.97, the PraisonAI Gateway server accepts WebSocket connections at /ws and serves agent topology at /info … | Apr 03, 2026 |
| CVE-2026-34939 | MEDIUM | 6.5 | PraisonAI is a multi-agent teams system. Prior to version 4.5.90, MCPToolIndex.search_tools() compiles a caller-supplied string directly as a Python regular expression with no validation, sanitization, … | Apr 03, 2026 |
| CVE-2026-34938 | CRITICAL | 10.0 | PraisonAI is a multi-agent teams system. Prior to version 1.5.90, execute_code() in praisonai-agents runs attacker-controlled Python inside a three-layer sandbox that can be fully bypassed … | Apr 03, 2026 |
| CVE-2026-34937 | HIGH | 7.8 | PraisonAI is a multi-agent teams system. Prior to version 1.5.90, run_python() in praisonai constructs a shell command string by interpolating user-controlled code into python3 -c … | Apr 03, 2026 |
| CVE-2026-34936 | HIGH | 7.7 | PraisonAI is a multi-agent teams system. Prior to version 4.5.90, passthrough() and apassthrough() in praisonai accept a caller-controlled api_base parameter that is concatenated with endpoint … | Apr 03, 2026 |
| CVE-2026-34935 | CRITICAL | 9.8 | PraisonAI is a multi-agent teams system. From version 4.5.15 to before version 4.5.69, the --mcp CLI argument is passed directly to shlex.split() and forwarded through … | Apr 03, 2026 |
| CVE-2026-34934 | CRITICAL | 9.8 | PraisonAI is a multi-agent teams system. Prior to version 4.5.90, the get_all_user_threads function constructs raw SQL queries using f-strings with unescaped thread IDs fetched from … | Apr 03, 2026 |
| CVE-2026-34933 | MEDIUM | 5.5 | Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. Prior to version 0.9-rc4, any unprivileged local user … | Apr 03, 2026 |
| CVE-2026-34824 | HIGH | 7.5 | Mesop is a Python-based UI framework that allows users to build web applications. From version 1.2.3 to before version 1.2.5, an uncontrolled resource consumption vulnerability … | Apr 03, 2026 |
| CVE-2026-34788 | MEDIUM | 6.5 | Emlog is an open source website building system. In versions 2.6.2 and prior, a SQL injection vulnerability exists in include/model/tag_model.php at line 168. The updateTagName() … | Apr 03, 2026 |
| CVE-2026-34787 | MEDIUM | 6.5 | Emlog is an open source website building system. In versions 2.6.2 and prior, a Local File Inclusion (LFI) vulnerability exists in admin/plugin.php at line 80. … | Apr 03, 2026 |
| CVE-2026-34612 | CRITICAL | 9.9 | Kestra is an open-source, event-driven orchestration platform. Prior to version 1.3.7, Kestra (default docker-compose deployment) contains a SQL Injection vulnerability that leads to Remote Code … | Apr 03, 2026 |
| CVE-2026-34607 | HIGH | 7.2 | Emlog is an open source website building system. In versions 2.6.2 and prior, a path traversal vulnerability exists in the emUnZip() function (include/lib/common.php:793). When extracting … | Apr 03, 2026 |
| CVE-2026-34229 | MEDIUM | 6.1 | Emlog is an open source website building system. Prior to version 2.6.8, there is a stored cross-site scripting (XSS) vulnerability in emlog comment module via … | Apr 03, 2026 |
| CVE-2026-34228 | UNKNOWN | — | Emlog is an open source website building system. Prior to version 2.6.8, the backend upgrade interface accepts remote SQL and ZIP URLs via GET parameters. … | Apr 03, 2026 |
| CVE-2026-34061 | MEDIUM | 4.9 | nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, an elected validator proposer can … | Apr 03, 2026 |
| CVE-2026-34052 | MEDIUM | 5.9 | LTI JupyterHub Authenticator is a JupyterHub authenticator for LTI. Prior to version 1.6.3, the LTI 1.1 validator stores OAuth nonces in a class-level dictionary that … | Apr 03, 2026 |
| CVE-2026-33184 | HIGH | 7.5 | nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, the discovery handler accepts a … | Apr 03, 2026 |
| CVE-2021-4477 | CRITICAL | 9.1 | Hirschmann HiLCOS OpenBAT and BAT450 products contain a firewall bypass vulnerability in IPv6 IPsec deployments that allows traffic from VPN connections to bypass configured firewall … | Apr 03, 2026 |
| CVE-2018-25236 | CRITICAL | 9.8 | Hirschmann HiOS and HiSecOS products RSP, RSPE, RSPS, RSPL, MSP, EES, EESX, GRS, OS, RED, EAGLE contain an authentication bypass vulnerability in the HTTP(S) management … | Apr 03, 2026 |
| CVE-2017-20238 | HIGH | 7.1 | Hirschmann Industrial HiVision versions 06.0.00 and 07.0.00 prior to 06.0.06 and 07.0.01 contains an improper authorization vulnerability that allows read-only users to gain write access … | Apr 03, 2026 |
| CVE-2017-20236 | CRITICAL | 9.8 | ProSoft Technology ICX35-HWC versions 1.3 and prior cellular gateways contain an input validation vulnerability in the web user interface that allows remote attackers to inject … | Apr 03, 2026 |
| CVE-2017-20235 | CRITICAL | 9.1 | ProSoft Technology ICX35-HWC version 1.3 and prior cellular gateways contain an authentication bypass vulnerability in the web user interface that allows unauthenticated attackers to gain … | Apr 03, 2026 |
| CVE-2017-20234 | CRITICAL | 9.8 | GarrettCom Magnum 6K and 10K managed switches contain an authentication bypass vulnerability that allows unauthenticated attackers to gain unauthorized access by exploiting a hardcoded string … | Apr 03, 2026 |
| CVE-2017-20233 | MEDIUM | 5.4 | Hirschmann HiLCOS products OpenBAT, BAT450, WLC, BAT867 contains a firewall filtering vulnerability that fails to correctly filter IPv4 multicast and broadcast traffic when management IP … | Apr 03, 2026 |