2026-04-14
2026-04-14 04:17Z
CRIT

CVE-2026-40313 — PraisonAI: In versions 4.5.139 and below, the GitHub Actions workflows are vulnerable to ArtiPACKED attack

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-40313

PraisonAI is a multi-agent teams system. In versions 4.5.139 and below, the GitHub Actions workflows are vulnerable to ArtiPACKED attack, a known credential leakage vector caused by using actions/checkout without setting persist-credentials: false. By default, actions/checkout writes the GITHUB_TOKEN (and sometimes ACTIONS_RUNTIME_TOKEN) into the .git/config file for persistence, and if any subsequent workflow step uploads artifacts (build outputs, logs, test results, etc.), CVSSv3.1 9.1 (CRITICAL)

CWECWE 829VNDPraisonaiTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2026-04-14
2026-04-14 04:17Z
CRIT

CVE-2026-40289 — PraisonAI: In versions below 4.5.139 of PraisonAI and 1.5.140 of praisonaiagents, the browser bridge (praisonai

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-40289

PraisonAI is a multi-agent teams system. In versions below 4.5.139 of PraisonAI and 1.5.140 of praisonaiagents, the browser bridge (praisonai browser start) is vulnerable to unauthenticated remote session hijacking due to missing authentication and a bypassable origin check on its /ws WebSocket endpoint. The server binds to 0.0.0.0 by default and only validates the Origin header when one is present, meaning any non-browser client that omits the header is accepted without rest CVSSv3.1 9.1 (CRITICAL)

CWECWE 306VNDPraisonaiTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2026-04-14
2026-04-14 04:17Z
CRIT

CVE-2026-40288 — PraisonAI: In versions below 4.5.139 of PraisonAI and 1.5.140 of praisonaiagents, the workflow engine is

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-40288

PraisonAI is a multi-agent teams system. In versions below 4.5.139 of PraisonAI and 1.5.140 of praisonaiagents, the workflow engine is vulnerable to arbitrary command and code execution through untrusted YAML files. When praisonai workflow run <file.yaml> loads a YAML file with type: job, the JobWorkflowExecutor in job_workflow.py processes steps that support run: (shell commands via subprocess.run()), script: (inline Python via exec()), and python: (arbitrary Python script e CVSSv3.1 9.8 (CRITICAL)

CWECWE 94CWECWE 78VNDPraisonaiTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-04-14
2026-04-14 04:17Z
HIGH

CVE-2026-40287 — PraisonAI: Versions 4.5.138 and below are vulnerable to arbitrary code execution through automatic, unsanitized import

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-40287

PraisonAI is a multi-agent teams system. Versions 4.5.138 and below are vulnerable to arbitrary code execution through automatic, unsanitized import of a tools.py file from the current working directory. Components including call.py (import_tools_from_file()), tool_resolver.py (_load_local_tools()), and CLI tool-loading paths blindly import ./tools.py at startup without any validation, sandboxing, or user confirmation. An attacker who can place a malicious tools.py in the dir CVSSv3.1 8.4 (HIGH)

CWECWE 94CWECWE 426VNDPraisonaiTYPVulnerability
8.4
CVSS v3.1
92
Edit Score
2026-04-14
2026-04-14 03:16Z
CRIT

CVE-2026-6264 — Talend: A critical vulnerability in the Talend JobServer and Talend Runtime allows unauthenticated remote code

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-6264

A critical vulnerability in the Talend JobServer and Talend Runtime allows unauthenticated remote code execution via the JMX monitoring port. The attack vector is the JMX monitoring port of the Talend JobServer. The vulnerability can be mitigated for the Talend JobServer by requiring TLS client authentication for the monitoring port; however, the patch must be applied for full mitigation. For Talend ESB Runtime, the vulnerability can be mitigated by disabling the JobServer JM CVSSv3.1 9.8 (CRITICAL)

VNDTalendTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-04-14
2026-04-14 02:16Z
CRIT

CVE-2026-4365 — LearnPress: The LearnPress plugin for WordPress is vulnerable to unauthorized data deletion due to a

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-4365

The LearnPress plugin for WordPress is vulnerable to unauthorized data deletion due to a missing capability check on the `delete_question_answer()` function in all versions up to, and including, 4.3.2.8. The plugin exposes a `wp_rest` nonce in public frontend HTML (`lpData`) to unauthenticated visitors, and uses that nonce as the only security gate for the `lp-load-ajax` AJAX dispatcher. The `delete_question_answer` action has no capability or ownership check. This makes it p CVSSv3.1 9.1 (CRITICAL)

CWECWE 862VNDLearnpressTYPVulnerability
9.1
CVSS v3.1
96
Edit Score
2026-04-14
2026-04-14 00:16Z
CRIT

CVE-2026-27681 — Due to insufficient authorization checks in SAP Business Planning and Consolidation and SAP Business

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-27681

Due to insufficient authorization checks in SAP Business Planning and Consolidation and SAP Business Warehouse, an authenticated user can execute crafted SQL statements to read, modify, and delete database data. This leads to a high impact on the confidentiality, integrity, and availability of the system. CVSSv3.1 9.9 (CRITICAL)

CWECWE 89TYPVulnerability
9.9
CVSS v3.1
100
Edit Score
728 × 90 / responsive · programmatic ad slot
2026-04-14
2026-04-14 00:00Z
CRIT

Phantom in the vault: Obsidian abused to deliver PhantomPulse RAT

Elastic Security Labs·elastic.coin the wild

Elastic Security Labs disclosed a novel supply-chain attack leveraging Obsidian's legitimate community plugin ecosystem to deliver PhantomPulse, a previously undocumented AI-generated RAT. Threat actors conduct social engineering via LinkedIn and Telegram, posing as venture capital firms, to trick targets in financial/crypto sectors into enabling community plugin sync on a malicious Obsidian vault, triggering silent code execution via the Shell Commands plugin. The Windows attack chain employs multi-stage reflective loading with AES-256-CBC encryption, timer-queue callbacks, and blockchain-based C2 resolution via Ethereum transaction data; a critical weakness in the C2 mechanism allows third parties to hijack implants by submitting competing transactions to the monitored wallet.

SRFApplicationSRFOsTACTA0005TACTA0001TACTA0002TACTA0007TACTA0003TACTA0011
88
Edit Score
2026-04-13
2026-04-13 22:16Z
CRIT

CVE-2026-22564 — Access: An Improper Access Control vulnerability could allow a malicious actor with access to the

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-22564

An Improper Access Control vulnerability could allow a malicious actor with access to the UniFi Play network to enable SSH to make unauthorized changes to the system.
 Affected Products: UniFi Play PowerAmp (Version 1.0.35 and earlier)
 UniFi Play Audio Port  (Version 1.0.24 and earlier)
 Mitigation: Update UniFi Play PowerAmp to Version 1.0.38 or later
 Update UniFi Play Audio Port  to Version 1.1.9 or later CVSSv3.1 9.8 (CRITICAL)

CWECWE 284VNDAccessTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-04-13
2026-04-13 22:16Z
CRIT

CVE-2026-22563 — Input: A series of Improper Input Validation vulnerabilities could allow a Command Injection by a

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-22563

A series of Improper Input Validation vulnerabilities could allow a Command Injection by a malicious actor with access to the UniFi Play network. Affected Products: UniFi Play PowerAmp (Version 1.0.35 and earlier)
 UniFi Play Audio Port  (Version 1.0.24 and earlier)
 Mitigation: Update UniFi Play PowerAmp to Version 1.0.38 or later
 Update UniFi Play Audio Port  to Version 1.1.9 or later CVSSv3.1 9.8 (CRITICAL)

CWECWE 20VNDInputTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-04-13
2026-04-13 22:16Z
CRIT

CVE-2026-22562 — A malicious actor with access to the UniFi Play network could exploit a Path

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-22562

A malicious actor with access to the UniFi Play network could exploit a Path Traversal vulnerability found in the device firmware to write files on the system that could be used for a remote code execution (RCE). Affected Products: UniFi Play PowerAmp (Version 1.0.35 and earlier)
UniFi Play Audio Port  (Version 1.0.24 and earlier)
 Mitigation: Update UniFi Play PowerAmp to Version 1.0.38 or later
Update UniFi Play Audio Port  to Version 1.1.9 or later CVSSv3.1 9.8 (CRITICAL)

CWECWE 22TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-04-13
2026-04-13 22:00Z
INFO

BSIM explained once and for all!

Quarkslab·blog.quarkslab.com

Quarkslab publishes a comprehensive technical deep-dive into Ghidra's BSIM (Behavioral Similarity) algorithm, reverse-engineering its previously undocumented internals. The post covers P-code lifting, normalization, Weisfeiler-Lehman graph hashing, TF-IDF weighting, and cosine similarity comparison used to identify semantically equivalent binary functions across compilers and architectures.

SRFApplicationVNDGhidraTYPResearchTYPWriteupSTGDiscoveryTECT1518
72
Edit Score
2026-04-13
2026-04-13 20:16Z
CRIT

CVE-2026-31048 — An issue in the <code>pickle</code> protocol of Pyro v3.x allows attackers to execute arbitrary

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-31048

An issue in the <code>pickle</code> protocol of Pyro v3.x allows attackers to execute arbitrary code via supplying a crafted pickled string message. CVSSv3.1 9.8 (CRITICAL) · EPSS 25th percentile

CWECWE 94TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-04-13
2026-04-13 19:16Z
HIGH

CVE-2026-6200 — Tenda: This manipulation of the argument menufacturer/Go causes stack-based buffer overflow.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-6200

A vulnerability was determined in Tenda F456 1.0.0.5. The affected element is the function formwebtypelibrary of the file /goform/webtypelibrary. This manipulation of the argument menufacturer/Go causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. CVSSv3.1 8.8 (HIGH)

CWECWE 121CWECWE 119VNDTendaTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-13
2026-04-13 19:16Z
HIGH

CVE-2026-6199 — Tenda: The manipulation of the argument page results in stack-based buffer overflow.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-6199

A vulnerability was found in Tenda F456 1.0.0.5. Impacted is the function fromqossetting of the file /goform/qossetting. The manipulation of the argument page results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been made public and could be used. CVSSv3.1 8.8 (HIGH)

CWECWE 121CWECWE 119VNDTendaTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-13
2026-04-13 19:16Z
HIGH

CVE-2026-6198 — The manipulation of the argument page leads to stack-based buffer overflow.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-6198

A vulnerability has been found in Tenda F456 1.0.0.5. This issue affects the function fromNatStaticSetting of the file /goform/NatStaticSetting. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. CVSSv3.1 8.8 (HIGH)

CWECWE 121CWECWE 119TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-13
2026-04-13 19:16Z
HIGH

CVE-2026-6197 — Executing a manipulation of the argument mit_ssid can lead to stack-based buffer overflow.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-6197

A flaw has been found in Tenda F456 1.0.0.5. This vulnerability affects the function formWrlsafeset of the file /goform/AdvSetWrlsafeset. Executing a manipulation of the argument mit_ssid can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been published and may be used. CVSSv3.1 8.8 (HIGH)

CWECWE 121CWECWE 119TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-13
2026-04-13 19:16Z
CRIT

CVE-2026-40044 — Pachno: 1.0.6 contains a deserialization vulnerability that allows unauthenticated attackers to execute arbitrary code

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-40044

Pachno 1.0.6 contains a deserialization vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting malicious serialized objects into cache files. Attackers can write PHP object payloads to world-writable cache files with predictable names in the cache directory, which are unserialized during framework bootstrap before authentication checks occur. CVSSv3.1 9.8 (CRITICAL)

CWECWE 502VNDPachnoTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-04-13
2026-04-13 19:16Z
CRIT

CVE-2026-40042 — Pachno: 1.0.6 contains an XML external entity injection vulnerability that allows unauthenticated attackers to

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-40042

Pachno 1.0.6 contains an XML external entity injection vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting unsafe XML parsing in the TextParser helper. Attackers can inject malicious XML entities through wiki table syntax and inline tags in issue descriptions, comments, and wiki articles to trigger entity resolution via simplexml_load_string() without LIBXML_NONET restrictions. CVSSv3.1 9.8 (CRITICAL)

CWECWE 403VNDPachnoTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-04-13
2026-04-13 19:16Z
HIGH

CVE-2026-40040 — Pachno: 1.0.6 contains an unrestricted file upload vulnerability that allows authenticated users to upload

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-40040

Pachno 1.0.6 contains an unrestricted file upload vulnerability that allows authenticated users to upload arbitrary file types by bypassing ineffective extension filtering to the /uploadfile endpoint. Attackers can upload executable files .php5 scripts to web-accessible directories and execute them to achieve remote code execution on the server. CVSSv3.1 8.8 (HIGH)

CWECWE 434VNDPachnoTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-13
2026-04-13 19:16Z
HIGH

CVE-2026-29955 — Cloudark Kubeplus: The `/registercrd` endpoint in KubePlus 4.14 in the kubeconfiggenerator component is vulnerable to command

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-29955

The `/registercrd` endpoint in KubePlus 4.14 in the kubeconfiggenerator component is vulnerable to command injection. The component uses `subprocess.Popen()` with `shell=True` parameter to execute shell commands, and the user-supplied `chartName` parameter is directly concatenated into the command string without any sanitization or validation. An attacker can inject arbitrary shell commands by crafting a malicious `chartName` parameter value. CVSSv3.1 8.8 (HIGH) · EPSS 25th percentile

CWECWE 94VNDCloudarkVNDKubeplusTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-13
2026-04-13 19:00Z
INFO

BloodHound 9.0 — Product Updates

SpecterOps·specterops.io

SpecterOps released BloodHound 9.0, expanding attack path analysis beyond Active Directory to SaaS platforms including Okta, Jamf, and GitHub via OpenGraph extensions. The release introduces OpenHound (a standardized data collection framework), Environment Targeted Access Control (ETAC) for multi-tenant deployments, and improved graph visualization and query capabilities.

SRFApplicationTACTA0007SRFIdentitySRFCloudTACTA0008VNDBloodhoundVNDSpecteropsTYPTool
72
Edit Score
2026-04-13
2026-04-13 18:16Z
HIGH

CVE-2026-6196 — Tenda: Performing a manipulation of the argument cmdinput results in stack-based buffer overflow.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-6196

A vulnerability was detected in Tenda F456 1.0.0.5. This affects the function fromexeCommand of the file /goform/exeCommand. Performing a manipulation of the argument cmdinput results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and may be used. CVSSv3.1 8.8 (HIGH)

CWECWE 121CWECWE 119VNDTendaTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-04-13
2026-04-13 18:16Z
CRIT

CVE-2026-6195 — Such manipulation of the argument admpass leads to os command injection.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-6195

A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument admpass leads to os command injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. CVSSv3.1 9.8 (CRITICAL)

CWECWE 77CWECWE 78TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-04-13
2026-04-13 18:16Z
HIGH

CVE-2026-6194 — This manipulation of the argument wan-url causes stack-based buffer overflow.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-6194

A weakness has been identified in Totolink A3002MU B20211125.1046. Affected by this vulnerability is the function sub_410188 of the file /boafrm/formWlanSetup of the component HTTP Request Handler. This manipulation of the argument wan-url causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. CVSSv3.1 8.8 (HIGH)

CWECWE 121CWECWE 119TYPVulnerability
8.8
CVSS v3.1
94
Edit Score