Skip to main content
CVE-2026-34935 CRITICAL POC PATCH GHSA Act Now

Arbitrary OS command execution in PraisonAI (Python package) versions prior to 4.5.69 allows remote unauthenticated attackers to execute commands as the process user via the unsanitized `--mcp` CLI argument. The vulnerability stems from passing user-controlled input directly to `shlex.split()` and `anyio.open_process()` without validation. CVSS 9.8 (Critical). Vendor-released patch available in version 4.5.69 (commit 47bff65). No public exploit code independently confirmed beyond the GitHub advisory PoC, and not listed in CISA KEV at time of analysis.

Command Injection Python
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-29014 CRITICAL POC Act Now

MetInfo CMS 7.9, 8.0, and 8.1 allows unauthenticated remote code execution through PHP code injection in insufficient input validation mechanisms. Attackers can send crafted requests containing malicious PHP code to execute arbitrary commands and achieve full server compromise without authentication. Publicly available exploit code exists for this vulnerability.

PHP RCE Code Injection
NVD
CVSS 4.0
9.3
EPSS
0.2%
CVE-2026-34938 CRITICAL PATCH GHSA Act Now

Critical sandbox escape in praisonaiagents Python library allows remote unauthenticated attackers to execute arbitrary OS commands by exploiting a type-checking flaw in the _safe_getattr wrapper. The vulnerability affects pkg:pip/praisonaiagents and carries a maximum CVSS 10.0 score with network attack vector, no authentication required, and changed scope impact. Deployments using default autonomous modes (PRAISONAI_AUTO_APPROVE=true) execute attacker code silently without human confirmation, enabling indirect prompt injection attacks against AI agent pipelines. Publicly available exploit code exists with working proof-of-concept demonstrating full OS command execution via subprocess.Popen access.

Python Command Injection
NVD GitHub
CVSS 3.1
10.0
EPSS
0.1%
CVE-2026-4370 CRITICAL PATCH GHSA Act Now

Unauthenticated remote database cluster compromise in Canonical Juju (versions 3.2.0-3.6.19 and 4.0-4.0.4) allows complete data exfiltration and manipulation through missing TLS certificate validation on Dqlite database endpoints. The controller's database cluster accepts unauthorized node joins from any network-accessible attacker, granting full read/write access to all stored credentials, configurations, and orchestration data. With CVSS 10.0 (AV:N/AC:L/PR:N/UI:N) and EPSS data unavailable, this represents a critical authentication bypass in infrastructure-as-code environments. No public exploit identified at time of analysis, though exploitation requires only network access to the Dqlite port without authentication complexity.

Information Disclosure Juju
NVD GitHub
CVSS 3.1
10.0
EPSS
0.0%
CVE-2026-34571 CRITICAL PATCH GHSA Act Now

Stored cross-site scripting in CI4MS backend user management allows authenticated attackers with low-level privileges to inject malicious JavaScript that executes automatically when administrators access affected pages, enabling session hijacking and full administrative account takeover. The vulnerability affects all versions prior to 0.31.0.0 with a critical CVSS score of 9.9 due to scope change and high impact across confidentiality, integrity, and availability. EPSS data not available; no public exploit code or active exploitation confirmed at time of analysis, though the technical barrier is low (AC:L, PR:L).

XSS Privilege Escalation Ci4ms
NVD GitHub
CVSS 3.1
9.9
EPSS
0.1%
CVE-2026-34569 CRITICAL PATCH GHSA Act Now

Stored cross-site scripting in CI4MS blog category management allows authenticated users to inject malicious JavaScript that executes across multiple application contexts including public blog pages and administrative interfaces. Affecting all versions prior to 0.31.0.0, attackers with low-privilege authenticated access can achieve scope change with high impact to confidentiality, integrity, and availability (CVSS 9.9). Vendor-released patch available in version 0.31.0.0. No public exploit identified at time of analysis, though EPSS data unavailable and exploitation is straightforward given low attack complexity.

XSS Ci4ms
NVD GitHub
CVSS 3.1
9.9
EPSS
0.0%
CVE-2024-40489 CRITICAL Act Now

There is an injection vulnerability in jeecg boot versions 3.0.0 to 3.5.3 due to lax character filtering, which allows attackers to execute arbitrary code on components through specially crafted HTTP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-43028 CRITICAL Act Now

A command injection vulnerability in the component /jmreport/show of jeecg boot v3.0.0 to v3.5.3 allows attackers to execute arbitrary code via a crafted HTTP request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-20160 CRITICAL NEWS Act Now

Remote code execution in Cisco Smart Software Manager On-Prem allows unauthenticated attackers to execute arbitrary commands with root privileges via an exposed internal service API. The vulnerability stems from unintentional exposure of an internal service that accepts crafted API requests, enabling full system compromise. With a CVSS score of 9.8 and complete attack vector accessibility over the network requiring no authentication or user interaction, this represents a critical security exposure for organizations using SSM On-Prem for Cisco software license management, though no public exploit identified at time of analysis.

Cisco Information Disclosure Cisco Smart Software Manager On Prem
NVD VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-31027 CRITICAL Act Now

Buffer overflow in TOTOlink A3600R v5.9c.4959 setAppEasyWizardConfig interface allows remote code execution or denial of service via unvalidated rootSsid parameter in /lib/cste_modules/app.so. The vulnerability affects a Wi-Fi router's configuration endpoint and enables unauthenticated attackers to trigger memory corruption with potential for arbitrary code execution. No CVSS vector or patch status was available at time of analysis.

Buffer Overflow RCE Denial Of Service
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-34159 CRITICAL Act Now

Remote code execution in llama.cpp RPC backend allows unauthenticated attackers with TCP access to achieve arbitrary memory read/write and full ASLR bypass. The vulnerability stems from missing bounds validation in deserialize_tensor() when processing GRAPH_COMPUTE messages with zero-valued buffer fields. Attackers can leverage pointer leaks from ALLOC_BUFFER/BUFFER_GET_BASE operations to reliably exploit this flaw. Fixed in version b8492 (commit 39bf0d3c). CVSS 9.8 (Critical) with network attack vector, low complexity, and no authentication required. No public exploit identified at time of analysis, though the detailed advisory provides sufficient technical context for weaponization.

RCE Buffer Overflow Llama Cpp
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-30643 CRITICAL Act Now

Remote code execution in DedeCMS 5.7.118 allows unauthenticated attackers to execute arbitrary code through crafted setup tag values during module upload operations. The vulnerability exploits insufficient input validation in the module upload functionality, enabling direct code injection. No CVSS score, EPSS data, or KEV confirmation is available; however, the presence of a public proof-of-concept demonstrates practical exploitability.

RCE Code Injection
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-34934 CRITICAL PATCH GHSA Act Now

SQL injection in PraisonAI's thread listing function allows unauthenticated remote attackers to execute arbitrary SQL queries and achieve complete database compromise. The vulnerability exists in sql_alchemy.py where thread IDs stored via update_thread are concatenated into raw SQL queries using f-strings without sanitization. Attackers inject malicious SQL through thread_id parameters, which execute when get_all_user_threads loads the thread list. CVSS 9.8 (Critical) reflects network-accessible exploitation requiring no authentication or user interaction. No public exploit confirmed beyond the GitHub security advisory POC, though EPSS data unavailable. Immediate patching required for all PraisonAI Python package installations.

Python SQLi Information Disclosure
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-34875 CRITICAL PATCH Act Now

Buffer overflow in Mbed TLS public key export functionality for Finite Field Diffie-Hellman (FFDH) keys affects versions through 3.6.5 and TF-PSA-Crypto 1.0.0. An attacker can trigger a memory corruption condition during FFDH public key export operations, potentially enabling code execution or denial of service depending on memory layout and application context. No public exploit code or active exploitation has been confirmed at time of analysis.

Buffer Overflow
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-20093 CRITICAL POC NEWS Act Now

Authentication bypass in Cisco Integrated Management Controller (IMC) allows unauthenticated remote attackers to gain administrative access by exploiting improper password change request handling. Affected products include Cisco Enterprise NFV Infrastructure Software, Unified Computing System (Standalone), and UCS E-Series Software. The attacker can alter any user's password, including Admin accounts, and take full control of the management interface. CVSS 9.8 (Critical) with network-accessible attack vector requiring no privileges or user interaction. No public exploit identified at time of analysis, though EPSS data not available for comprehensive risk assessment.

Cisco Authentication Bypass
NVD VulDB GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-5290 CRITICAL PATCH Act Now

Use-after-free in Chrome's compositing engine allows remote attackers who have compromised the renderer process to escape the sandbox via crafted HTML pages in Google Chrome prior to version 146.0.7680.178. This high-severity vulnerability requires prior renderer compromise but enables privilege escalation from the sandboxed renderer to system-level access, making it a critical sandbox bypass vector. Vendor-released patch addresses the issue in Chrome 146.0.7680.178 and later.

Google Use After Free Denial Of Service Memory Corruption Debian +2
NVD VulDB
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-5289 CRITICAL PATCH Act Now

Use-after-free in Google Chrome's Navigation component prior to version 146.0.7680.178 enables sandbox escape for attackers who have already compromised the renderer process, allowing them to potentially execute arbitrary code with elevated privileges via a malicious HTML page. Chromium rates this as high severity; patch availability confirmed from vendor.

Google Use After Free Denial Of Service Memory Corruption Debian +2
NVD VulDB
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-5288 CRITICAL PATCH Act Now

Use-after-free in Chrome's WebView on Android prior to version 146.0.7680.178 allows a remote attacker with a compromised renderer process to escape the sandbox via crafted HTML, potentially leading to arbitrary code execution outside the browser's security boundary. This vulnerability requires prior renderer compromise but eliminates a critical containment layer, classified as High severity by Chromium.

Google Use After Free Denial Of Service Memory Corruption Debian +2
NVD VulDB
CVSS 3.1
9.6
EPSS
0.0%
CVE-2025-71279 CRITICAL PATCH Act Now

Authentication bypass in XenForo versions prior to 2.3.7 compromises passkey-based authentication, allowing remote unauthenticated attackers to bypass security controls protecting passkey-enabled user accounts. No public exploit identified at time of analysis, though EPSS data not available. The vulnerability affects a critical authentication mechanism (WebAuthn/passkeys), representing a high-severity threat to forum platforms relying on this modern authentication method.

Authentication Bypass Xenforo
NVD
CVSS 4.0
9.3
EPSS
0.1%
CVE-2026-34456 CRITICAL PATCH Act Now

Account takeover via OAuth email auto-linking affects Reviactyl game server management panel versions 26.2.0-beta.1 through 26.2.0-beta.4, allowing unauthenticated remote attackers to gain full access to victim accounts by registering social OAuth accounts (Google, GitHub, Discord) with matching email addresses. The CVSS 9.1 (Critical) score reflects network-based exploitation requiring no authentication, low complexity, and high confidentiality/integrity impact. No public exploit identified at time of analysis, though the vulnerability mechanism is straightforward and publicly documented in GitHub advisory GHSA-8mcf-rp68-xhfg. Vendor-released patch: version 26.2.0-beta.5.

Authentication Bypass Google
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2026-34568 CRITICAL PATCH GHSA Act Now

Stored cross-site scripting in CI4MS blog module allows authenticated attackers to inject malicious JavaScript that executes in victims' browsers across multiple application views. The vulnerability affects all versions prior to 0.31.0.0 and stems from insufficient input sanitization when creating or editing blog posts combined with unsafe output rendering. Attack requires low-privilege authentication (PR:L) but has scope change (S:C), enabling session hijacking and credential theft across user contexts. Vendor-released patch available in version 0.31.0.0. EPSS and KEV data not provided; no public exploit identified at time of analysis.

XSS Ci4ms
NVD GitHub
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-34567 CRITICAL PATCH GHSA Act Now

Stored cross-site scripting in CI4MS (CodeIgniter 4 CMS) allows authenticated users with blog post management privileges to inject malicious JavaScript through unsanitized category fields, affecting all users who view blog posts containing the poisoned categories. The vulnerability is confirmed patched in version 0.31.0.0. With CVSS 9.1 (Critical) due to scope change and high confidentiality impact, and low attack complexity requiring only low-privilege authentication, this represents significant risk in multi-user CMS environments despite no confirmed active exploitation (no CISA KEV listing) or public exploit code identified at time of analysis.

XSS Ci4ms
NVD GitHub
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-34566 CRITICAL PATCH GHSA Act Now

Stored cross-site scripting (XSS) in CI4MS page management functionality allows authenticated attackers to inject malicious JavaScript that executes in both administrative contexts and public-facing pages. Affecting CI4MS versions prior to 0.31.0.0, this vulnerability requires low-privilege authentication (PR:L) but enables scope change (S:C) with network-based remote exploitation (AV:N) and low attack complexity (AC:L). Vendor-released patch version 0.31.0.0 addresses the input sanitization failures. No public exploit identified at time of analysis; CVSS 9.1 reflects the scope change and cross-context impact enabling privilege escalation and potential administrator session compromise.

XSS Ci4ms
NVD GitHub
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-34565 CRITICAL PATCH GHSA Act Now

Stored cross-site scripting (XSS) in CI4MS menu management allows authenticated users with low privileges to inject malicious scripts that execute in administrator and public user contexts. Affecting CI4MS versions prior to 0.31.0.0, attackers can exploit insufficient input sanitization when adding Posts to navigation menus, achieving cross-scope code execution (CVSS scope changed) with potential for session hijacking and administrative account compromise. Vendor-released patch available in version 0.31.0.0. No public exploit identified at time of analysis, though EPSS data not available for risk quantification.

XSS Ci4ms
NVD GitHub
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-34564 CRITICAL PATCH GHSA Act Now

Stored cross-site scripting in CI4MS menu management allows authenticated attackers to inject malicious scripts that execute in administrative and public contexts with changed scope impact. Affecting all CI4MS versions prior to 0.31.0.0, attackers with low-level privileges can exploit inadequate input sanitization in the Pages-to-navigation-menu workflow to persistently embed DOM-based XSS payloads. CVSS 9.1 (Critical) with scope change (S:C) indicates privilege escalation potential across trust boundaries. Vendor-released patch available in version 0.31.0.0. No public exploit identified at time of analysis, though exploitation probability exists given low attack complexity (AC:L) and no user interaction requirement (UI:N).

XSS Ci4ms
NVD GitHub
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-34563 CRITICAL PATCH GHSA Act Now

Stored blind cross-site scripting in CI4MS backup management allows authenticated attackers to inject malicious JavaScript payloads via SQL-backed backup filenames, achieving scope change with high confidentiality impact and low integrity/availability impact. The vulnerability exploits insufficient input sanitization during backup upload processing and unsafe output rendering in administrative views. Vendor-released patch available in version 0.31.0.0. CVSS 9.1 (Critical) with network attack vector, low complexity, and low privilege requirement. No public exploit identified at time of analysis, though EPSS data unavailable for this recently disclosed GitHub-sourced CVE.

XSS Ci4ms
NVD GitHub
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-34751 CRITICAL PATCH GHSA Act Now

Account takeover via password reset flow in Payload CMS versions prior to 3.79.1 allows unauthenticated remote attackers to perform actions on behalf of users who initiate password recovery. The vulnerability stems from insufficient input validation and URL construction (CWE-472: External Control of Assumed-Immutable Web Parameter), enabling attackers to intercept or manipulate the password reset process without authentication. Affects all auth-enabled collections using built-in forgot-password functionality. CVSS 9.1 (Critical) with network-accessible, low-complexity exploitation requiring no privileges. EPSS data not available; no public exploit identified at time of analysis, but the GitHub security advisory provides detailed technical context increasing weaponization risk.

Information Disclosure
NVD GitHub
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-34952 CRITICAL PATCH GHSA Act Now

Missing authentication in PraisonAI Gateway 4.5.87 allows remote unauthenticated attackers to hijack AI agent infrastructure via exposed WebSocket endpoints and topology enumeration. The `/ws` WebSocket endpoint and `/info` REST endpoint accept connections without token validation, enabling arbitrary message injection to registered agents and their tool sets. While the GatewayConfig includes an auth_token field, the implementation never enforces it. Publicly available exploit code exists with concrete proof-of-concept demonstrating unauthenticated connection and agent enumeration. EPSS data not available for this recent CVE, but the network-accessible attack vector (AV:N), low complexity (AC:L), and zero authentication requirement (PR:N) combined with working POC code create immediate risk for exposed instances.

Authentication Bypass Python
NVD GitHub
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-34953 CRITICAL PATCH GHSA Act Now

Authentication bypass in PraisonAI MCP server (Python package praisonai) allows remote, unauthenticated attackers to execute arbitrary agents, workflows, and file operations with zero authentication. The OAuthManager.validate_token() method incorrectly returns True for any token when its internal token store is empty (default state), treating all HTTP requests with arbitrary Bearer tokens as authenticated. This grants full access to 50+ registered tools including praisonai.agent.run, praisonai.w

Authentication Bypass Python
NVD GitHub
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-34560 CRITICAL PATCH GHSA Act Now

Blind stored XSS in CI4MS CMS log viewer allows authenticated attackers to execute JavaScript in administrator sessions when reviewing application logs. Affects CI4MS versions prior to 0.31.0.0. The vulnerability enables low-privilege authenticated users to inject malicious payloads that persist in logs and execute when administrators access the logs interface (CVSS 9.1, Critical). EPSS data not available; no public exploit identified at time of analysis, though the attack technique is well-documented in XSS literature.

XSS Ci4ms
NVD GitHub
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-34872 CRITICAL PATCH Act Now

Finite-field Diffie-Hellman (FFDH) in Mbed TLS 3.5.x, 3.6.0 through 3.6.5, and TF-PSA-Crypto 1.0 lacks contributory behavior due to improper validation of peer-supplied parameters, allowing an attacker to restrict the shared secret to a small set of predictable values. While the vulnerability does not directly impact TLS (which does not depend on contributory behavior), it poses a significant risk to protocols that do rely on this property, including those where an active network attacker or malicious peer can exploit the weakness. No CVSS score or public exploit code has been assigned at the time of analysis.

Information Disclosure Jwt Attack Red Hat Suse
NVD VulDB
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-34873 CRITICAL PATCH Act Now

Mbed TLS versions 3.5.0 through 4.0.0 allow client impersonation during TLS 1.3 session resumption, enabling an attacker to assume the identity of a legitimate client when reestablishing a previously negotiated session. The vulnerability affects the session resumption mechanism in TLS 1.3 and permits information disclosure; no CVSS score or exploit status data is currently available from public sources.

Authentication Bypass
NVD VulDB
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-34559 CRITICAL PATCH GHSA Act Now

Stored cross-site scripting in CI4MS blog tag management (versions prior to 0.31.0.0) allows authenticated attackers to inject malicious JavaScript through unsanitized tag name fields, achieving code execution in victim browsers with scope change (CVSS 9.1, S:C). The payload persists server-side and executes on public tag pages and administrative interfaces, enabling session hijacking, credential theft, and administrative account compromise. No public exploit identified at time of analysis, though the attack path is straightforward for authenticated users with tag creation privileges.

XSS Ci4ms
NVD GitHub
CVSS 3.1
9.1
EPSS
0.0%
CVE-2025-15484 CRITICAL PATCH Act Now

Order Notification for WooCommerce WordPress plugin versions before 3.6.3 disable WooCommerce's authentication and permission checks, allowing unauthenticated remote attackers to read and modify all store data including products, coupons, orders, and customer information. This critical authorization bypass affects all WordPress installations using the vulnerable plugin without version restriction, and no public exploit code availability or active exploitation status has been confirmed at time of analysis.

WordPress Authentication Bypass
NVD WPScan
CVSS 3.1
9.1
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy