Total CVEs

145,923

Critical Severity

4,293

High Severity

15,785

Last 7 Days

2,179
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 23,881 - 23,900 of 42,328 CVEs
CVE-2026-40154 CRITICAL - 9.3

PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI treats remotely fetched template files as trusted executable code without integrity verification, origin validation, or user confirmation, enabling supply chain attacks through malicious templates. This vulnerability is fixed in 4....

Vendor: MervinPraison
Product: PraisonAI
Published: Apr 09, 2026
Source: NVD
CVE-2026-40153 HIGH - 7.4

PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, the execute_command function in shell_tools.py calls os.path.expandvars() on every command argument at line 64, manually re-implementing shell-level environment variable expansion despite using shell=False (line 88) for security. This ...

Vendor: MervinPraison
Product: PraisonAIAgents
Published: Apr 09, 2026
Source: NVD
CVE-2026-40152 MEDIUM - 5.3

PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, he list_files() tool in FileTools validates the directory parameter against workspace boundaries via _validate_path(), but passes the pattern parameter directly to Path.glob() without any validation. Since Python's Path.glob() sup...

Vendor: MervinPraison
Product: PraisonAIAgents
Published: Apr 09, 2026
Source: NVD
CVE-2026-40151 MEDIUM - 5.3

PraisonAI is a multi-agent teams system. Prior to 4.5.128, the AgentOS deployment platform exposes a GET /api/agents endpoint that returns agent names, roles, and the first 100 characters of agent system instructions to any unauthenticated caller. The AgentOS FastAPI application has no authenticatio...

Vendor: MervinPraison
Product: PraisonAI
Published: Apr 09, 2026
Source: NVD
CVE-2026-40150 HIGH - 7.7

PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, the web_crawl() function in praisonaiagents/tools/web_crawl_tools.py accepts arbitrary URLs from AI agents with zero validation. No scheme allowlisting, hostname/IP blocklisting, or private network checks are applied before fetching. T...

Vendor: MervinPraison
Product: PraisonAIAgents
Published: Apr 09, 2026
Source: NVD
CVE-2026-40149 HIGH - 7.9

PraisonAI is a multi-agent teams system. Prior to 4.5.128, the gateway's /api/approval/allow-list endpoint permits unauthenticated modification of the tool approval allowlist when no auth_token is configured (the default). By adding dangerous tool names (e.g., shell_exec, file_write) to the all...

Vendor: MervinPraison
Product: PraisonAI
Published: Apr 09, 2026
Source: NVD
CVE-2026-40148 MEDIUM - 6.5

PraisonAI is a multi-agent teams system. Prior to 4.5.128, the _safe_extractall() function in PraisonAI's recipe registry validates archive members against path traversal attacks but performs no checks on individual member sizes, cumulative extracted size, or member count before calling tar.ext...

Vendor: MervinPraison
Product: PraisonAI
Published: Apr 09, 2026
Source: NVD
CVE-2026-40117 MEDIUM - 6.2

PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, read_skill_file() in skill_tools.py allows reading arbitrary files from the filesystem by accepting an unrestricted skill_path parameter. Unlike file_tools.read_file which enforces workspace boundary confinement, and unlike run_skill_s...

Vendor: MervinPraison
Product: PraisonAIAgents
Published: Apr 09, 2026
Source: NVD
CVE-2026-40116 HIGH - 7.5

PraisonAI is a multi-agent teams system. Prior to 4.5.128, the /media-stream WebSocket endpoint in PraisonAI's call module accepts connections from any client without authentication or Twilio signature validation. Each connection opens an authenticated session to OpenAI's Realtime API usin...

Vendor: MervinPraison
Product: PraisonAI
Published: Apr 09, 2026
Source: NVD
CVE-2026-40115 MEDIUM - 6.2

PraisonAI is a multi-agent teams system. Prior to 4.5.128, the WSGI-based recipe registry server (server.py) reads the entire HTTP request body into memory based on the client-supplied Content-Length header with no upper bound. Combined with authentication being disabled by default (no token configu...

Vendor: MervinPraison
Product: PraisonAI
Published: Apr 09, 2026
Source: NVD
CVE-2026-40114 HIGH - 7.2

PraisonAI is a multi-agent teams system. Prior to 4.5.128, the /api/v1/runs endpoint accepts an arbitrary webhook_url in the request body with no URL validation. When a submitted job completes (success or failure), the server makes an HTTP POST request to this URL using httpx.AsyncClient. An unauthe...

Vendor: MervinPraison
Product: PraisonAI
Published: Apr 09, 2026
Source: NVD
CVE-2026-40113 HIGH - 8.4

PraisonAI is a multi-agent teams system. Prior to 4.5.128, deploy.py constructs a single comma-delimited string for the gcloud run deploy --set-env-vars argument by directly interpolating openai_model, openai_key, and openai_base without validating that these values do not contain commas. gcloud use...

Vendor: MervinPraison
Product: PraisonAI
Published: Apr 09, 2026
Source: NVD
CVE-2026-40112 MEDIUM - 5.4

PraisonAI is a multi-agent teams system. Prior to 4.5.128, the Flask API endpoint in src/praisonai/api.py renders agent output as HTML without effective sanitization. The _sanitize_html function relies on the nh3 library, which is not listed as a required or optional dependency in pyproject.toml. Wh...

Vendor: MervinPraison
Product: PraisonAI
Published: Apr 09, 2026
Source: NVD

PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, he memory hooks executor in praisonaiagents passes a user-controlled command string directly to subprocess.run() with shell=True at src/praisonai-agents/praisonaiagents/memory/hooks.py. No sanitization is performed and shell metacharac...

Vendor: MervinPraison
Product: PraisonAIAgents
Published: Apr 09, 2026
Source: NVD
CVE-2026-39848 MEDIUM - 6.5

Dockyard is a Docker container management app. Prior to 1.1.0, Docker container start and stop operations are performed through GET requests without CSRF protection. A remote attacker can cause a logged-in administrator's browser to request /apps/action.php?action=stop&name=<container>...

Vendor: 10ij
Product: dockyard
Published: Apr 09, 2026
Source: NVD
CVE-2026-35646 MEDIUM - 4.8

OpenClaw before 2026.3.25 contains a pre-authentication rate-limit bypass vulnerability in webhook token validation that allows attackers to brute-force weak webhook secrets. The vulnerability exists because invalid webhook tokens are rejected without throttling repeated authentication attempts, ena...

Vendor: OpenClaw
Product: OpenClaw
Published: Apr 09, 2026
Source: NVD
CVE-2026-35645 HIGH - 8.1

OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in the gateway plugin subagent fallback deleteSession function that uses a synthetic operator.admin runtime scope. Attackers can exploit this by triggering session deletion without a request-scoped client to execute privileged o...

Vendor: OpenClaw
Product: OpenClaw
Published: Apr 09, 2026
Source: NVD
CVE-2026-35644 MEDIUM - 6.5

OpenClaw before 2026.3.22 contains an information disclosure vulnerability that allows attackers with operator.read scope to expose credentials embedded in channel baseUrl and httpUrl fields. Attackers can access gateway snapshots via config.get and channels.status endpoints to retrieve sensitive au...

Vendor: OpenClaw
Product: OpenClaw
Published: Apr 09, 2026
Source: NVD
CVE-2026-35642 MEDIUM - 4.3

OpenClaw before 2026.3.25 contains an authorization bypass vulnerability where group reaction events bypass the requireMention access control mechanism. Attackers can trigger reactions in mention-gated groups to enqueue agent-visible system events that should remain restricted.

Vendor: OpenClaw
Product: OpenClaw
Published: Apr 09, 2026
Source: NVD
CVE-2026-35640 MEDIUM - 5.3

OpenClaw before 2026.3.25 parses JSON request bodies before validating webhook signatures, allowing unauthenticated attackers to force resource-intensive parsing operations. Remote attackers can send malicious webhook requests to trigger denial of service by exhausting server resources through force...

Vendor: OpenClaw
Product: OpenClaw
Published: Apr 09, 2026
Source: NVD