Advanced Threat Data Export
Filter and download the raw CVE repository (CSV/JSON) for SIEM integration and internal reporting.
Data export is locked. Upgrade your package to enable filtering and downloading.
π Premium Features
π Filter Threats
| Title | Severity | EPSS (30-Day) | PoC | Actively Exploited | Source | Date |
|---|---|---|---|---|---|---|
| CVE-2026-47405 ### Summary
PraisonAI Platform has a broken workspace authorization check that allows any authenticated low-privilege workspace member to escalate th... | HIGH | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-47399 ### Summary
PraisonAI Platform's workspace-scoped REST routes contain a systemic object-level authorization flaw that allows an authenticated us... | HIGH | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-47407 ## Summary
The Platform server exposes resources under `/api/v1/workspaces/{workspace_id}/...` and protects them with a `require_workspace_member(wor... | CRITICAL | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-47408 ## Summary
**Type:** Insecure Direct Object Reference. The `GET /workspaces/{workspace_id}/issues/{issue_id}/activity` endpoint is gated by `require_... | MEDIUM | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-48169 ### Summary
The PraisonAI Platform API has two authorization failures that together break workspace isolation. The service layer for issues and proje... | HIGH | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-47397 # Bug Report: Arbitrary File Write in Python API
## Summary
Hidden metadata in a webpage causes PraisonAI agents to write attacker-controlled conten... | HIGH | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-47391 ## Summary
The first-party PraisonAI A2A server example combines three behaviors into a remotely exploitable Critical chain:
1. The example exposes ... | CRITICAL | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-47394 ## Summary
The fix for GHSA-9mqq-jqxf-grvw / CVE-2026-44336 is incomplete. The original advisory description named four vulnerable handlers in `mcp_s... | HIGH | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-47392 ## Summary
`execute_code()` in `praisonaiagents/tools/python_tools.py` (v1.6.37, subprocess sandbox mode) can be fully bypassed using `print.__self__... | CRITICAL | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-47395 ### Summary
PraisonAI's direct-prompt CLI automatically expands `@url:` mentions in raw prompt text before agent execution begins.
If a prompt ... | MEDIUM | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-47393 ### Summary
CVE-2026-44338 (GHSA-6rmh-7xcm-cpxj) documents that PraisonAI ships a code-generator (`praisonai.deploy.api.generate_api_server_code`) th... | CRITICAL | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-47396 ### Summary
PraisonAI's call server exposes a network-facing agent control API without authentication when `CALL_SERVER_TOKEN` is not configured... | CRITICAL | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-47390 ### Summary
PraisonAI's `spider_tools` URL validation can be bypassed using alternate loopback host encodings.
The affected component is:
```t... | MEDIUM | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-47398 <html><head></head><body><h2>Arbitrary code execution via ungated <code>spec.loader.exec_module</code> in &l... | HIGH | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-9831 A race condition in the shared Extreme Platform
ONE IAM Gateway API-key authentication path could, under specific
high-concurrency traffic conditions,... | MEDIUM | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-47268 #### Summary
An authenticated Nezha dashboard user can create or update a DDNS profile with provider `webhook` and configure an arbitrary `webhook_ur... | MEDIUM | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-47233 ## Summary
Commit `d37ca6b27b9674238e58491cf7ba292e66898f15` ("Delete item not check admin rights #2024", 2026-04-12) added a missing `isAd... | MEDIUM | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-47234 ## Summary
When debug logging is enabled, `Session::setCookie()` logs full cookie values and `Session::start()` logs the current session ID. In a rea... | MEDIUM | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-47232 ## Summary
The sensitive `mode=export` action in `modules/sso/keys.php` exports a PKCS#12 bundle containing the configured private key and certificat... | MEDIUM | π LOCKED | ????? | ????? | NVD | 5 days ago |
| CVE-2026-47231 ## Summary
`modules/documents-files.php` gates state-changing modes by checking that the actor has `hasUploadRight()` on the URL parameter `folder_uu... | HIGH | π LOCKED | ????? | ????? | NVD | 5 days ago |