Monthly
Remote code execution in praisonaiagents (all versions through 1.5.113) allows authenticated users to escape the Python subprocess sandbox and execute arbitrary shell commands on the host. The vulnerability exists in the execute_code() tool's sandbox mode, where an incomplete AST attribute blocklist permits frame traversal through exception objects (__traceback__, tb_frame, f_back, f_builtins). Attackers chain these four unblocked attributes to retrieve the real exec builtin from the subprocess wrapper's frame, bypassing all security layers. Exploitation requires low-privilege agent API access and no victim interaction. Confirmed actively exploited (CISA KEV). Publicly available exploit code exists.
Security vulnerability in RustDesk remote desktop client/server. One of 6+ critical CVEs affecting the open-source remote access platform.
Acrobat Reader versions 24.001.30254, 20.005.30774, 25.001.20672 and earlier are affected by a Violation of Secure Design Principles vulnerability that could result in a security feature bypass. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Vulnerability of improper log information control in the UI framework module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Remote code execution in praisonaiagents (all versions through 1.5.113) allows authenticated users to escape the Python subprocess sandbox and execute arbitrary shell commands on the host. The vulnerability exists in the execute_code() tool's sandbox mode, where an incomplete AST attribute blocklist permits frame traversal through exception objects (__traceback__, tb_frame, f_back, f_builtins). Attackers chain these four unblocked attributes to retrieve the real exec builtin from the subprocess wrapper's frame, bypassing all security layers. Exploitation requires low-privilege agent API access and no victim interaction. Confirmed actively exploited (CISA KEV). Publicly available exploit code exists.
Security vulnerability in RustDesk remote desktop client/server. One of 6+ critical CVEs affecting the open-source remote access platform.
Acrobat Reader versions 24.001.30254, 20.005.30774, 25.001.20672 and earlier are affected by a Violation of Secure Design Principles vulnerability that could result in a security feature bypass. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Vulnerability of improper log information control in the UI framework module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.