Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

漏洞数据库 - AI 增强中文 CVE 平台 与情报

浏览 45+ 条来自 NVD 与 CNNVD 的 CVE 漏洞,配 AI 中文翻译、AI POC 生成、每日情报;可按厂商、产品、严重等级、CWE 检索。

Clear Filters
Found 45 results
CVE IDTitleVendorProductSeverityCVSS ScorePublished AtAI Analysis
CVE-2026-40313 PraisonAI: ArtiPACKED Vulnerability via GitHub Actions Credential Persistence MervinPraisonPraisonAI Critical 9.1 2026-04-14 03:10:24 Deep Dive
CVE-2026-40289 PraisonAI Browser Server allows unauthenticated WebSocket clients to hijack connected extension sessions MervinPraisonPraisonAI Critical 9.1 2026-04-14 03:05:06 Deep Dive
CVE-2026-40288 PraisonAI: Critical RCE via `type: job` workflow YAML MervinPraisonPraisonAI Critical 9.8 2026-04-14 03:00:22 Deep Dive
CVE-2026-40287 PraisonAI has RCE via Automatic tools.py Import MervinPraisonPraisonAI High 8.4 2026-04-14 02:55:38 Deep Dive
CVE-2026-40315 PraisonAI: SQLiteConversationStore didn't validate table_prefix when constructing SQL queries MervinPraisonPraisonAI 中危 -2026-04-14 02:45:34 Deep Dive
CVE-2026-40160 PraisonAIAgents has SSRF via unvalidated URL in `web_crawl` httpx fallback MervinPraisonPraisonAIAgents--2026-04-10 16:59:10 Deep Dive
CVE-2026-40159 PraisonAI Exposes Sensitive Environment Variable via Untrusted MCP Subprocess Execution MervinPraisonPraisonAI Medium 5.5 2026-04-10 16:57:12 Deep Dive
CVE-2026-40158 PraisonAI has Improper Control of Generation of Code ('Code Injection') and Protection Mechanism Failure in praisonai MervinPraisonPraisonAI High 8.6 2026-04-10 16:49:25 Deep Dive
CVE-2026-40157 PraisonAI affected by arbitrary file write via path traversal in `praisonai recipe unpack` MervinPraisonPraisonAI 中危 -2026-04-10 16:47:16 Deep Dive
CVE-2026-40156 PraisonAI Affected by Implicit Execution of Arbitrary Code via Automatic `tools.py` Loading MervinPraisonPraisonAI High 7.8 2026-04-10 16:46:16 Deep Dive
CVE-2026-40154 PraisonAI Affected by Untrusted Remote Template Code Execution MervinPraisonPraisonAI Critical 9.3 2026-04-09 21:42:35 Deep Dive
CVE-2026-40151 PraisonAI Affected by Unauthenticated Information Disclosure of Agent Instructions via /api/agents in AgentOS MervinPraisonPraisonAI Medium 5.3 2026-04-09 21:29:47 Deep Dive
CVE-2026-40153 PraisonAIAgents Affected by Environment Variable Secret Exfiltration via os.path.expandvars() Bypassing shell=False in Shell Tool MervinPraisonPraisonAIAgents High 7.4 2026-04-09 21:27:46 Deep Dive
CVE-2026-40152 PraisonAIAgents has a Path Traversal via Unvalidated Glob Pattern in list_files Bypasses Workspace Boundary MervinPraisonPraisonAIAgents Medium 5.3 2026-04-09 21:26:50 Deep Dive
CVE-2026-40150 PraisonAIAgents has SSRF and Local File Read via Unvalidated URLs in web_crawl Tool MervinPraisonPraisonAIAgents High 7.7 2026-04-09 21:26:10 Deep Dive
CVE-2026-40149 PraisonAI has an Unauthenticated Allow-List Manipulation Bypasses Agent Tool Approval Safety Controls MervinPraisonPraisonAI High 7.9 2026-04-09 21:23:04 Deep Dive
CVE-2026-40148 PraisonAI Affected by Decompression Bomb DoS via Recipe Bundle Extraction Without Size Limits MervinPraisonPraisonAI Medium 6.5 2026-04-09 21:22:20 Deep Dive
CVE-2026-40117 PraisonAIAgents Affected by Arbitrary File Read via read_skill_file Missing Workspace Boundary and Approval Gate MervinPraisonPraisonAIAgents Medium 6.2 2026-04-09 21:21:28 Deep Dive
CVE-2026-40116 PraisonAI's Unauthenticated WebSocket Endpoint Proxies to Paid OpenAI Realtime API Without Rate Limits MervinPraisonPraisonAI High 7.5 2026-04-09 21:20:25 Deep Dive
CVE-2026-40115 PraisonAI has an Unrestricted Upload Size in WSGI Recipe Registry Server Enables Memory Exhaustion DoS MervinPraisonPraisonAI Medium 6.2 2026-04-09 21:19:29 Deep Dive