Total CVEs

141,292

Critical Severity

3,799

High Severity

13,738

Last 7 Days

1,823
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 8,301 - 8,320 of 37,697 CVEs
CVE-2026-5071 MEDIUM - 6.1

The SocketCAN implementation validates the length of a user-provided buffer containing a socketcan_frame object using only a NET_ASSERT statement in zcan_sendto_ctx() before dereferencing it in socketcan_to_can_frame(). In production builds where assertions are disabled, a userspace application that...

Published: May 30, 2026
Source: NVD

A vulnerability has been found in sambitraj STUDENT-MANAGEMENT-SYSTEM 1.0. Affected is an unknown function of the component Dashboard Page. The manipulation of the argument Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the publi...

Vendor: sambitraj
Product: STUDENT-MANAGEMENT-SYSTEM
Published: May 30, 2026
Source: NVD
CVE-2026-10111 HIGH - 7.3

A flaw has been found in sambitraj STUDENT-MANAGEMENT-SYSTEM 1.0. This impacts an unknown function of the component Login Page. Executing a manipulation of the argument email can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used. The proje...

Vendor: sambitraj
Product: STUDENT-MANAGEMENT-SYSTEM
Published: May 30, 2026
Source: NVD
CVE-2026-10110 HIGH - 7.3

A vulnerability was detected in code-projects Student Details Management System 1.0. This affects an unknown function of the file /index.php. Performing a manipulation of the argument roll results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and may ...

Vendor: code-projects
Product: Student Details Management System
Published: May 30, 2026
Source: NVD
CVE-2026-48840 MEDIUM - 5.3

Exim 4.88 before 4.99.4, in some proxy configurations, mishandles certain short payloads, leading to disclosure of uninitialized stack memory values to a client.

Vendor: Exim
Product: Exim
Published: May 30, 2026
Source: NVD
CVE-2026-47416 CRITICAL - 9.6

praisonai-platform: Any workspace member can promote themselves or others to owner via PATCH /workspaces/{id}/members/{user_id}

Vendor: pip
Product: praisonai-platform
Published: May 29, 2026
Source: GitHub
CVE-2026-47409 HIGH - 8.1

praisonai-platform: Missing authorization on member removal enables full workspace takeover by any user regardless of role

Vendor: pip
Product: praisonai-platform
Published: May 29, 2026
Source: GitHub
CVE-2026-47414 HIGH - 7.6

praisonai-platform: Label endpoints' unchecked label_id/issue_id enable cross-workspace label IDOR (edit, delete, link)

Vendor: pip
Product: praisonai-platform
Published: May 29, 2026
Source: GitHub
CVE-2026-47406 HIGH - 8.1

praisonai-platform: IDOR in dependency endpoints allows cross-workspace issue linking, reading, and deletion due to missing ownership checks

Vendor: pip
Product: praisonai-platform
Published: May 29, 2026
Source: GitHub
CVE-2026-47410 CRITICAL - 9.8

praisonai-platform: JWT signing key defaults to hardcoded "dev-secret-change-me", allowing token forgery for any user when PLATFORM_ENV is unset

Vendor: pip
Product: praisonai-platform
Published: May 29, 2026
Source: GitHub
CVE-2026-47405 HIGH - 8.8

PraisonAI Platform: Missing role checks let any workspace member become owner and control workspace membership

Vendor: pip
Product: praisonai-platform
Published: May 29, 2026
Source: GitHub
CVE-2026-47399 HIGH - 8.8

PraisonAI Platform workspace-scoped routes allow cross-workspace object access by global object ID

Vendor: pip
Product: praisonai-platform
Published: May 29, 2026
Source: GitHub

PraisonAI Platform has a cross-workspace IDOR + member-role privilege escalation

Vendor: pip
Product: praisonai-platform
Published: May 29, 2026
Source: GitHub
CVE-2026-47408 MEDIUM - 6.5

praisonai-platform: list_issue_activity returns activity log for any issue regardless of workspace ownership

Vendor: pip
Product: praisonai-platform
Published: May 29, 2026
Source: GitHub
CVE-2026-48169 HIGH - 8.8

PraisonAI has Cross-Workspace IDOR and Privilege Escalation via Platform API

Vendor: pip
Product: praisonai-platform
Published: May 29, 2026
Source: GitHub

PraisonAI has an Arbitrary File Write in Python API

Vendor: pip
Product: PraisonAI
Published: May 29, 2026
Source: GitHub
CVE-2026-47391 CRITICAL - 9.8

PraisonAI's unauthenticated A2A official example can reach real LLM-driven `eval()` tool execution

Vendor: pip
Product: PraisonAI
Published: May 29, 2026
Source: GitHub

PraisonAI vulnerable to unauthenticated arbitrary file read via MCP workflow.show, workflow.validate, deploy.validate

Vendor: pip
Product: PraisonAI
Published: May 29, 2026
Source: GitHub
CVE-2026-47392 CRITICAL - 9.9

PraisonAI vulnerable to sandbox escape via `print.__self__` builtins module leak in `execute_code` (subprocess mode)

Vendor: pip
Product: praisonaiagents
Published: May 29, 2026
Source: GitHub
CVE-2026-47395 MEDIUM - 5.5

PraisonAI CLI automatically resolves @url mentions in prompt text and can read loopback URLs into model context

Vendor: pip
Product: praisonaiagents
Published: May 29, 2026
Source: GitHub