Critical Alert 1 Active Exploit Detected Today

CVE-2026-45247 Mirasvit Full Page Cache Warmer Deserialization of Untrusted Data Vulnerability →
Powered by CVE Watchtower
×

CVE Watchtower

Advanced Threat Data Export

Filter and download the raw CVE repository (CSV/JSON) for SIEM integration and internal reporting.

Data export is locked. Upgrade your package to enable filtering and downloading.

πŸ”” Premium Features
πŸ” Filter Threats
Title
SeverityEPSS (30-Day)
PoCActively ExploitedSourceDate
CVE-2026-47405
### Summary PraisonAI Platform has a broken workspace authorization check that allows any authenticated low-privilege workspace member to escalate th...
HIGHπŸ”’ LOCKED??????????NVD5 days ago
CVE-2026-47399
### Summary PraisonAI Platform's workspace-scoped REST routes contain a systemic object-level authorization flaw that allows an authenticated us...
HIGHπŸ”’ LOCKED??????????NVD5 days ago
CVE-2026-47407
## Summary The Platform server exposes resources under `/api/v1/workspaces/{workspace_id}/...` and protects them with a `require_workspace_member(wor...
CRITICALπŸ”’ LOCKED??????????NVD5 days ago
CVE-2026-47408
## Summary **Type:** Insecure Direct Object Reference. The `GET /workspaces/{workspace_id}/issues/{issue_id}/activity` endpoint is gated by `require_...
MEDIUMπŸ”’ LOCKED??????????NVD5 days ago
CVE-2026-48169
### Summary The PraisonAI Platform API has two authorization failures that together break workspace isolation. The service layer for issues and proje...
HIGHπŸ”’ LOCKED??????????NVD5 days ago
CVE-2026-47397
# Bug Report: Arbitrary File Write in Python API ## Summary Hidden metadata in a webpage causes PraisonAI agents to write attacker-controlled conten...
HIGHπŸ”’ LOCKED??????????NVD5 days ago
CVE-2026-47391
## Summary The first-party PraisonAI A2A server example combines three behaviors into a remotely exploitable Critical chain: 1. The example exposes ...
CRITICALπŸ”’ LOCKED??????????NVD5 days ago
CVE-2026-47394
## Summary The fix for GHSA-9mqq-jqxf-grvw / CVE-2026-44336 is incomplete. The original advisory description named four vulnerable handlers in `mcp_s...
HIGHπŸ”’ LOCKED??????????NVD5 days ago
CVE-2026-47392
## Summary `execute_code()` in `praisonaiagents/tools/python_tools.py` (v1.6.37, subprocess sandbox mode) can be fully bypassed using `print.__self__...
CRITICALπŸ”’ LOCKED??????????NVD5 days ago
CVE-2026-47395
### Summary PraisonAI's direct-prompt CLI automatically expands `@url:` mentions in raw prompt text before agent execution begins. If a prompt ...
MEDIUMπŸ”’ LOCKED??????????NVD5 days ago
CVE-2026-47393
### Summary CVE-2026-44338 (GHSA-6rmh-7xcm-cpxj) documents that PraisonAI ships a code-generator (`praisonai.deploy.api.generate_api_server_code`) th...
CRITICALπŸ”’ LOCKED??????????NVD5 days ago
CVE-2026-47396
### Summary PraisonAI's call server exposes a network-facing agent control API without authentication when `CALL_SERVER_TOKEN` is not configured...
CRITICALπŸ”’ LOCKED??????????NVD5 days ago
CVE-2026-47390
### Summary PraisonAI's `spider_tools` URL validation can be bypassed using alternate loopback host encodings. The affected component is: ```t...
MEDIUMπŸ”’ LOCKED??????????NVD5 days ago
CVE-2026-47398
<html><head></head><body><h2>Arbitrary code execution via ungated <code>spec.loader.exec_module</code> in &l...
HIGHπŸ”’ LOCKED??????????NVD5 days ago
CVE-2026-9831
A race condition in the shared Extreme Platform ONE IAM Gateway API-key authentication path could, under specific high-concurrency traffic conditions,...
MEDIUMπŸ”’ LOCKED??????????NVD5 days ago
CVE-2026-47268
#### Summary An authenticated Nezha dashboard user can create or update a DDNS profile with provider `webhook` and configure an arbitrary `webhook_ur...
MEDIUMπŸ”’ LOCKED??????????NVD5 days ago
CVE-2026-47233
## Summary Commit `d37ca6b27b9674238e58491cf7ba292e66898f15` ("Delete item not check admin rights #2024", 2026-04-12) added a missing `isAd...
MEDIUMπŸ”’ LOCKED??????????NVD5 days ago
CVE-2026-47234
## Summary When debug logging is enabled, `Session::setCookie()` logs full cookie values and `Session::start()` logs the current session ID. In a rea...
MEDIUMπŸ”’ LOCKED??????????NVD5 days ago
CVE-2026-47232
## Summary The sensitive `mode=export` action in `modules/sso/keys.php` exports a PKCS#12 bundle containing the configured private key and certificat...
MEDIUMπŸ”’ LOCKED??????????NVD5 days ago
CVE-2026-47231
## Summary `modules/documents-files.php` gates state-changing modes by checking that the actor has `hasUploadRight()` on the URL parameter `folder_uu...
HIGHπŸ”’ LOCKED??????????NVD5 days ago