CVE | THREATINT

New

CVE-2026-56078: PraisonAI - Arbitrary File Read and Write via Path Traversal in MultiAgentMonitor: PraisonAI before 1.5.115 contains a path traversal vulnerability in MultiAgentMonitor that fails to sanitize agent IDs when building file paths. Attackers can include traversal sequences like ../ in agent IDs to read, write, or overwrite arbitrary files, enabling sensitive disclosure, denial of service, or code e...

CVE-2026-56077: PraisonAI - Information Disclosure via Shared MultiAgentLedger State: PraisonAI before 1.5.115 contains an information disclosure vulnerability in the MultiAgentLedger component that allows attackers to access sensitive data by registering agents with duplicate IDs. Attackers can exploit the lack of agent ID uniqueness enforcement to share ledger instances and expose system prompts and conversa...

CVE-2026-56076: PraisonAI - Cross-Origin Agent Execution via Hardcoded Wildcard CORS and Missing Authentication on AGUI Endpoint: PraisonAI before 1.5.128 contains a cross-origin agent execution vulnerability in the AGUI endpoint that allows remote attackers to trigger arbitrary agent execution. The POST /agui endpoint lacks authentication and hardcodes Access-Control-Allow-Origin: * headers, combined with Sta...

CVE-2026-56075: PraisonAI - Arbitrary Shell Command Execution via Hardcoded Approval Mode Override: PraisonAI before 4.5.128 contains an arbitrary shell command execution vulnerability where the UI modules hardcode approval_mode to auto, overriding administrator configuration from PRAISON_APPROVAL_MODE environment variable. Authenticated attackers can instruct the LLM agent to execute arbitrary shell commands ...

CVE-2026-56074: PraisonAI - Tool Approval Cache Bypass via Coarse-Grained Caching: PraisonAI before 1.5.128 caches tool approval decisions by tool name only, not by invocation arguments, allowing subsequent execute_command calls to bypass approval prompts. Attackers can exploit this by obtaining initial approval for a benign command, then silently exfiltrate API keys and credentials via subsequent shell comman...

Updated

CVE-2026-41108: Windows DNS Client Elevation of Privilege Vulnerability: Heap-based buffer overflow in Microsoft Windows DNS allows an authorized attacker to elevate privileges locally.

CVE-2026-47288: Windows Kerberos Key Distribution Center (KDC) Remote Code Execution: Integer overflow or wraparound in Windows Kerberos allows an authorized attacker to execute code over an adjacent network.

CVE-2026-45649: Office for Android Spoofing Vulnerability: Improper access control in Office for Android allows an unauthorized attacker to perform spoofing locally.

CVE-2026-45643: Microsoft Word Remote Code Execution Vulnerability: Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVE-2026-45642: Microsoft Azure Attestation service and Device Health Attestation Service Spoofing Vulnerability: Improper input validation in Microsoft Azure Attestation service and Device Health Attestation Service allows an authorized attacker to perform spoofing with a physical attack.

CISA Known Exploited Vulnerabilities

CVE-2026-20253 Splunk Enterprise: Splunk Enterprise contains a missing authentication for critical function vulnerability which could allow an unauthenticated user to create or truncate arbitrary files through a PostgreSQL sidecar service endpoint.

CVE-2026-48907 Widget Factory Joomla Content Editor : Widget Factory Joomla Content Editor contains an improper access control vulnerability which could allow for upload and execution of PHP code via the creation of new editor profiles for unauthenticated users.

CVE-2026-54420 LiteSpeed cPanel Plugin: LiteSpeed cPanel plugin contains a UNIX symbolic link (Symlink) following vulnerability that could allow a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS.

CVE-2026-20262 Cisco Catalyst SD-WAN Manager: Cisco Catalyst SD-WAN Manager contains a directory or path traversal vulnerability that could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem of an affected system.

CVE-2026-35273 Oracle PeopleSoft Enterprise PeopleTools : Oracle PeopleSoft Enterprise PeopleTools contains a missing authentication for critical function vulnerability which could allow an unauthenticated attacker to obtain takeover of PeopleSoft Enterprise PeopleTools.

Additional information

EUVD (European Union Vulnerability Database) is maintained by ENISA (European Union Agency for Cybersecurity), under the European Union’s regulatory umbrella, serving as a centralized platform for vulnerability reporting specifically aligned with the EU’s legal frameworks such as NIS2 and the Cyber Resilience Act (CRA)

EUVD complements the CVE system by aggregating CVE data, but also assigns its own EUVD IDs to vulnerabilities, offers enriched metadata tailored for EU policies and compliance, and may highlight vulnerabilities particularly relevant to the European market.

Most vulnerabilities catalogued in EUVD will have both a CVE-ID and an EUVD-ID, acting as cross-references.

euvd.enisa.europa.eu

Source: media.ccc.de/v/eh22-138-panic-at-the-cve-o-theque.

A big "thank you" goes to @pennylane.

Welcome

New

Updated

CISA Known Exploited Vulnerabilities

Additional information