Advanced Threat Data Export
Filter and download the raw CVE repository (CSV/JSON) for SIEM integration and internal reporting.
Data export is locked. Upgrade your package to enable filtering and downloading.
π Premium Features
π Filter Threats
| Title | Severity | EPSS (30-Day) | PoC | Actively Exploited | Source | Date |
|---|---|---|---|---|---|---|
| CVE-2026-48840 Exim 4.88 before 4.99.4, in some proxy configurations, mishandles certain short payloads, leading to disclosure of uninitialized stack memory values t... | MEDIUM | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-47416 ## Summary
**Type:** Vertical privilege escalation. The `PATCH /workspaces/{workspace_id}/members/{user_id}` endpoint is gated by `require_workspace_... | CRITICAL | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-47409 ## Summary
**Type:** Authorization bypass enabling owner lockout. The `DELETE /workspaces/{workspace_id}/members/{user_id}` endpoint is gated only by... | HIGH | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-47414 ## Summary
**Type:** Insecure Direct Object Reference. Five label endpoints β `PATCH /workspaces/{workspace_id}/labels/{label_id}`, `DELETE .../lab... | HIGH | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-47406 ## Summary
**Type:** Insecure Direct Object Reference. The dependency endpoints (`POST/GET /workspaces/{workspace_id}/issues/{issue_id}/dependencies`... | HIGH | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-47410 ## Summary
**Type:** Insecure default cryptographic key. The JWT signing secret defaults to the hardcoded literal `"dev-secret-change-me"` ... | CRITICAL | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-47405 ### Summary
PraisonAI Platform has a broken workspace authorization check that allows any authenticated low-privilege workspace member to escalate th... | HIGH | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-47399 ### Summary
PraisonAI Platform's workspace-scoped REST routes contain a systemic object-level authorization flaw that allows an authenticated us... | HIGH | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-47407 ## Summary
The Platform server exposes resources under `/api/v1/workspaces/{workspace_id}/...` and protects them with a `require_workspace_member(wor... | CRITICAL | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-47408 ## Summary
**Type:** Insecure Direct Object Reference. The `GET /workspaces/{workspace_id}/issues/{issue_id}/activity` endpoint is gated by `require_... | MEDIUM | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-48169 ### Summary
The PraisonAI Platform API has two authorization failures that together break workspace isolation. The service layer for issues and proje... | HIGH | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-47397 # Bug Report: Arbitrary File Write in Python API
## Summary
Hidden metadata in a webpage causes PraisonAI agents to write attacker-controlled conten... | HIGH | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-47391 ## Summary
The first-party PraisonAI A2A server example combines three behaviors into a remotely exploitable Critical chain:
1. The example exposes ... | CRITICAL | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-47394 ## Summary
The fix for GHSA-9mqq-jqxf-grvw / CVE-2026-44336 is incomplete. The original advisory description named four vulnerable handlers in `mcp_s... | HIGH | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-47392 ## Summary
`execute_code()` in `praisonaiagents/tools/python_tools.py` (v1.6.37, subprocess sandbox mode) can be fully bypassed using `print.__self__... | CRITICAL | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-47395 ### Summary
PraisonAI's direct-prompt CLI automatically expands `@url:` mentions in raw prompt text before agent execution begins.
If a prompt ... | MEDIUM | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-47393 ### Summary
CVE-2026-44338 (GHSA-6rmh-7xcm-cpxj) documents that PraisonAI ships a code-generator (`praisonai.deploy.api.generate_api_server_code`) th... | CRITICAL | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-47396 ### Summary
PraisonAI's call server exposes a network-facing agent control API without authentication when `CALL_SERVER_TOKEN` is not configured... | CRITICAL | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-47390 ### Summary
PraisonAI's `spider_tools` URL validation can be bypassed using alternate loopback host encodings.
The affected component is:
```t... | MEDIUM | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-47398 <html><head></head><body><h2>Arbitrary code execution via ungated <code>spec.loader.exec_module</code> in &l... | HIGH | π LOCKED | ????? | ????? | NVD | 5 days ago |