Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
9.3 CRITICAL
CVE-2026-15143 — Guardrails-detectors: guardrails-detectors: ssrf and local file read via user-supplied xm…

A flaw was found in the file_type content detector of guardrails-detectors. This vulnerability allows a remote attacker to supply an arbitrary XML Schema Definition (XSD) string, which is processed w…

openshift_ai | Remote | XML External Entity
Jul 10, 2026 Jul 10, 2026
Jul 10, 2026
Jul 10, 2026
6.1 MEDIUM
CVE-2026-61492 — JetBrains YouTrack Stored Cross-Site Scripting

In JetBrains YouTrack before 2026.2.17394 stored XSS via article titles in digest emails was possible

youtrack | Remote | Cross-Site Scripting
Jul 10, 2026 Jul 10, 2026
Jul 10, 2026
Jul 10, 2026
5.1 MEDIUM
CVE-2026-61456 — Grav before 1.0.3 Stored XSS via SVG Upload API

The Grav API plugin (getgrav/grav-plugin-api) before 1.0.3 fails to sanitize SVG files uploaded through the POST /api/v1/media endpoint. The HandlesMediaUploads::processUploadedFile() method validate…

grav | Remote | Cross-Site Scripting
Jul 10, 2026 Jul 10, 2026
Jul 10, 2026
Jul 10, 2026
7.1 HIGH
CVE-2026-61455 — Grav before 2.0.1 Decompression Bomb via ZipArchiver

Grav before 2.0.1 contains a decompression bomb vulnerability in ZipArchiver::extract() that lacks limits on uncompressed size, file count, and nesting depth. Attackers can supply a crafted ZIP archi…

grav | Remote | Denial of Service
Jul 10, 2026 Jul 10, 2026
Jul 10, 2026
Jul 10, 2026
7.1 HIGH
CVE-2026-61450 — Grav before 2.0.2 Config Exfiltration via offsetGet Filter

Grav before 2.0.2 contains a Twig sandbox bypass that allows a page author (any admin.pages user, or anyone able to write to user/pages) to exfiltrate configuration secrets. Although the sandbox repl…

grav | Remote | Information Disclosure
Jul 10, 2026 Jul 10, 2026
Jul 10, 2026
Jul 10, 2026
9.4 CRITICAL
CVE-2026-61444 — PraisonAI before 4.6.78 Code Injection via f-string

PraisonAI versions before 4.6.78 contain a code injection vulnerability in deploy/api.py where the agents_file parameter is directly interpolated into an f-string without sanitization. Attackers can …

Remote | Injection
Jul 10, 2026 Jul 10, 2026
Jul 10, 2026
Jul 10, 2026
7.1 HIGH
CVE-2026-61441 — PraisonAI Platform before 0.1.9 Authorization Bypass via Dependencies

PraisonAI Platform (praisonai-platform) before 0.1.9 improperly authorizes deletion of issue dependencies. The DELETE dependency route accepts either endpoint of a dependency edge and checks delete p…

Remote | Authorization
Jul 10, 2026 Jul 10, 2026
Jul 10, 2026
Jul 10, 2026
8.5 HIGH
CVE-2026-61437 — PraisonAI before 1.6.78 Remote Code Execution via tools.py

PraisonAI (pip package praisonaiagents) before 1.6.78 contains an unsafe dynamic module loading vulnerability in AgentFlow._resolve_pydantic_class (src/praisonai-agents/praisonaiagents/workflows/work…

| Misconfiguration
Jul 10, 2026 Jul 10, 2026
Jul 10, 2026
Jul 10, 2026
8.8 HIGH
CVE-2026-61434 — PraisonAI before 4.6.78 Allowlist Bypass via find -exec

PraisonAI versions before 4.6.78 contain an allowlist bypass vulnerability in shell command execution that allows attackers to execute restricted commands via find's built-in -exec, -execdir, and -de…

Remote | Injection
Jul 10, 2026 Jul 10, 2026
Jul 10, 2026
Jul 10, 2026
6.9 MEDIUM
CVE-2026-61432 — PraisonAI FastContext before 1.6.78 Path Traversal

PraisonAI (praisonaiagents) before 1.6.78 contains a path traversal vulnerability in the FastContext feature (praisonaiagents.context.fast). FastContextAgent.execute_tool() prepends the configured wo…

Remote | Path Traversal
Jul 10, 2026 Jul 10, 2026
Jul 10, 2026
Jul 10, 2026
6.8 MEDIUM
CVE-2026-61431 — PraisonAI before 4.6.78 Path Traversal via ContextGatherer

PraisonAI before 4.6.78 contains a path traversal vulnerability in ContextGatherer that fails to validate include paths in .praisoncontext and .praisoninclude files. Attackers can supply absolute pat…

| Path Traversal
Jul 10, 2026 Jul 10, 2026
Jul 10, 2026
Jul 10, 2026
7.2 HIGH
CVE-2026-60091 — PraisonAI before 4.6.78 Unauthenticated SSRF via webhook_url

PraisonAI before 4.6.78 contains an unauthenticated server-side request forgery vulnerability in the Jobs API /api/v1/runs endpoint. The webhook_url parameter is validated at request time but re-reso…

Remote | Server-Side Request Forgery
Jul 10, 2026 Jul 10, 2026
Jul 10, 2026
Jul 10, 2026
6.9 MEDIUM
CVE-2026-60089 — PraisonAI before 1.6.78 Path Traversal via config.toml

PraisonAI (pip package praisonaiagents) before 1.6.78 automatically loads defaults from a project-local .praisonai/config.toml when constructing an Agent, and does not validate the defaults.output.ou…

| Path Traversal
Jul 10, 2026 Jul 10, 2026
Jul 10, 2026
Jul 10, 2026
6.9 MEDIUM
CVE-2026-60086 — PraisonAI before 4.6.78 Prompt Injection Defense Bypass

PraisonAI before 4.6.78 contains a prompt injection defense bypass vulnerability where the injection defense only blocks threats classified as CRITICAL, requiring three or more detector families to m…

Remote | Injection
Jul 10, 2026 Jul 10, 2026
Jul 10, 2026
Jul 10, 2026
8.1 HIGH
CVE-2026-59796 — JetBrains TeamCity Unauthorized Pipeline Modification Vulnerability

In JetBrains TeamCity before 2026.1.2 pipeline modification was possible due to improper permission checks

teamcity | Remote | Authorization
Jul 10, 2026 Jul 10, 2026
Jul 10, 2026
Jul 10, 2026
8.1 HIGH
CVE-2026-59795 — JetBrains TeamCity Stored Cross-Site Scripting

In JetBrains TeamCity before 2026.1.2 stored XSS via unauthenticated agent registration was possible

teamcity | Remote | Cross-Site Scripting
Jul 10, 2026 Jul 10, 2026
Jul 10, 2026
Jul 10, 2026
7.3 HIGH
CVE-2026-59794 — JetBrains TeamCity Stored Cross-Site Scripting Vulnerability

In JetBrains TeamCity before 2026.1.2 stored XSS on the cloud profile page was possible via agent-reported data

teamcity | Remote | Cross-Site Scripting
Jul 10, 2026 Jul 10, 2026
Jul 10, 2026
Jul 10, 2026
8.8 HIGH
CVE-2026-59793 — JetBrains TeamCity Perforce VCS Integration Arbitrary File Access Vulnerability

In JetBrains TeamCity before 2026.1.2 arbitrary file access was possible via the Perforce VCS integration

teamcity | Remote | Path Traversal
Jul 10, 2026 Jul 10, 2026
Jul 10, 2026
Jul 10, 2026
9.8 CRITICAL
CVE-2026-59792 — JetBrains IntelliJ IDEA Path Traversal Remote Code Execution

In JetBrains IntelliJ IDEA before 2026.1.4, 2026.2 code execution via path traversal in project workspace ID handling was possible

intellij_idea | Remote | Path Traversal
Jul 10, 2026 Jul 10, 2026
Jul 10, 2026
Jul 10, 2026
3.5 LOW
CVE-2026-59791 — JetBrains YouTrack CSS Injection

In JetBrains YouTrack before 2026.2.17012 cSS injection via Mermaid diagram rendering was possible

youtrack | Remote | Cross-Site Scripting
Jul 10, 2026 Jul 10, 2026
Jul 10, 2026
Jul 10, 2026
Showing 20 of 7382 Results