Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10648
Total
723
Critical
3075
High
3393
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-44338 | HIGH | 7.3 | PraisonAI is a multi-agent teams system. From version 2.5.6 to before version 4.6.34, PraisonAI ships a legacy Flask API server with authentication disabled by default. … | May 08, 2026 |
| CVE-2026-44337 | MEDIUM | 6.3 | PraisonAI is a multi-agent teams system. From version 2.4.1 to before version 4.6.34, PraisonAI exposes optional SQL/CQL-backed knowledge-store implementations that build table and index identifiers … | May 08, 2026 |
| CVE-2026-44336 | UNKNOWN | — | PraisonAI is a multi-agent teams system. Prior to version 4.6.34, PraisonAI's MCP (Model Context Protocol) server (praisonai mcp serve) registers four file-handling tools by default … | May 08, 2026 |
| CVE-2026-44335 | UNKNOWN | — | PraisonAI is a multi-agent teams system. Prior to version 1.6.32, the URL checking logic in PraisonAI has a logical flaw that could be bypassed by … | May 08, 2026 |
| CVE-2026-44334 | HIGH | 8.4 | PraisonAI is a multi-agent teams system. From version 4.5.139 to before version 4.6.32, CVE-2026-40287's fix gated tools.py auto-import behind PRAISONAI_ALLOW_LOCAL_TOOLS=true in two files (tool_resolver.py, api/call.py). … | May 08, 2026 |
| CVE-2026-44129 | UNKNOWN | — | SEPPmail Secure Email Gateway before version 15.0.4 contains a server-side template injection vulnerability in the new GINA UI because an endpoint accepts attacker-controlled template, allowing … | May 08, 2026 |
| CVE-2026-44128 | UNKNOWN | — | SEPPmail Secure Email Gateway before version 15.0.2.1 allows unauthenticated remote code execution in the new GINA UI because an endpoint passes attacker-controlled input from a … | May 08, 2026 |
| CVE-2026-44127 | UNKNOWN | — | SEPPmail Secure Email Gateway before version 15.0.4 contains an unauthenticated path traversal vulnerability in the identifier parameter of /api.app/attachment/preview that allows remote attackers to read … | May 08, 2026 |
| CVE-2026-44126 | UNKNOWN | — | SEPPmail Secure Email Gateway before version 15.0.4 insecurely deserializes untrusted data, which can be reached from the new GINA UI and may allow unauthenticated remote … | May 08, 2026 |
| CVE-2026-44125 | UNKNOWN | — | SEPPmail Secure Email Gateway before version 15.0.4 fails to enforce authorization checks for multiple endpoints in the new GINA UI, allowing unauthenticated remote attackers to … | May 08, 2026 |
| CVE-2026-43350 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: smb: client: require a full NFS mode SID before reading mode bits parse_dacl() treats an … | May 08, 2026 |
| CVE-2026-43349 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid uninit-value access in f2fs_sanity_check_node_footer syzbot reported a f2fs bug as below: … | May 08, 2026 |
| CVE-2026-43348 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: mshv_vtl: Fix vmemmap_shift exceeding MAX_FOLIO_ORDER When registering VTL0 memory via MSHV_ADD_VTL0_MEMORY, the kernel computes pgmap->vmemmap_shift … | May 08, 2026 |
| CVE-2026-43347 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: arm64: dts: qcom: monaco: Reserve full Gunyah metadata region We observe spurious "Synchronous External Abort" … | May 08, 2026 |
| CVE-2026-43346 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: ice: ptp: don't WARN when controlling PF is unavailable In VFIO passthrough setups, it is … | May 08, 2026 |
| CVE-2026-43345 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: net: ipa: fix event ring index not programmed for IPA v5.0+ For IPA v5.0+, the … | May 08, 2026 |
| CVE-2026-43344 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel/uncore: Fix die ID init and look up bugs In snbep_pci2phy_map_init(), in the nr_node_ids > … | May 08, 2026 |
| CVE-2026-43343 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_subset: Fix unbalanced refcnt in geth_free geth_alloc() increments the reference count, but geth_free() … | May 08, 2026 |
| CVE-2026-43342 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_rndis: Protect RNDIS options with mutex The class/subclass/protocol options are suspectible to race … | May 08, 2026 |
| CVE-2026-43341 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: net/ipv6: ioam6: prevent schema length wraparound in trace fill ioam6_fill_trace_data() stores the schema contribution to … | May 08, 2026 |
| CVE-2026-43340 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: comedi: Reinit dev->spinlock between attachments to low-level drivers `struct comedi_device` is the main controlling structure … | May 08, 2026 |
| CVE-2026-43339 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent possible UaF in addrconf_permanent_addr() The mentioned helper try to warn the user about … | May 08, 2026 |
| CVE-2026-43338 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: btrfs: reserve enough transaction items for qgroup ioctls Currently our qgroup ioctls don't reserve any … | May 08, 2026 |
| CVE-2026-43337 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix NULL pointer dereference in dcn401_init_hw() dcn401_init_hw() assumes that update_bw_bounding_box() is valid when entering … | May 08, 2026 |
| CVE-2026-43336 | UNKNOWN | — | In the Linux kernel, the following vulnerability has been resolved: lib/crypto: chacha: Zeroize permuted_state before it leaves scope Since the ChaCha permutation is invertible, the … | May 08, 2026 |