0.0
CVE-2026-5862 -
Inappropriate implementation in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
8.8
CVE-2026-5858 - Google Chrome: WebML: Chromium: Google Chrome: Arbitrary code execution via heap buffer overflow inโฆ
Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)
5.1
CVE-2026-5806 - code-projects Easy Blog Site update.php cross site scripting
A security vulnerability has been detected in code-projects Easy Blog Site 1.0. This affects an unknown function of the file /posts/update.php. The manipulation of the argument postTitle leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed publicly andโฆ
5.7
CVE-2026-39901 - monetr: Protected Transactions Deletable via PUT
monetr is a budgeting application focused on planning for recurring expenses. Prior to 1.12.3, a transaction integrity flaw allows an authenticated tenant user to soft-delete synced non-manual transactions through the transaction update endpoint, despite the application explicitly blocking deletionโฆ
9
CVE-2026-39860 - Nix sandbox escape: file write via symlink at FOD `.tmp` copy destination
Nix is a package manager for Linux and other Unix systems. A bug in the fix for CVE-2024-27297 allowed for arbitrary overwrites of files writable by the Nix process orchestrating the builds (typically the Nix daemon running as root in multi-user installations) by following symlinks during fixed-outโฆ
6.9
CVE-2026-39892 - cryptography has a buffer overflow if non-contiguous buffers were passed to APIs
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. From 45.0.0 to before 46.0.7, if a non-contiguous buffer was passed to APIs which accepted Python buffers (e.g. Hash.update()), this could lead to buffer overflows. This vulnerability is fixed inโฆ
8.8
CVE-2026-39891 - PraisonAI has a Template Injection in Agent Tool Definitions
PraisonAI is a multi-agent teams system. Prior to 4.5.115, the create_agent_centric_tools() function returns tools (like acp_create_file) that process file content using template rendering. When user input from agent.start() is passed directly into these tools without escaping, template expressionsโฆ
9.8
CVE-2026-39890 - PraisonAI Affected by Remote Code Execution via YAML Deserialization in Agent Definition Loading
PraisonAI is a multi-agent teams system. Prior to 4.5.115, the AgentService.loadAgentFromFile method uses the js-yaml library to parse YAML files without disabling dangerous tags (such as !!js/function and !!js/undefined). This allows an attacker to craft a malicious YAML file that, when parsed, exโฆ
7.5
CVE-2026-39889 - PraisonAI has Unauthenticated SSE Event Stream Exposes All Agent Activity in A2U Server
PraisonAI is a multi-agent teams system. Prior to 4.5.115, the A2U (Agent-to-User) event stream server in PraisonAI exposes all agent activity without authentication. The create_a2u_routes() function registers the following endpoints with NO authentication checks: /a2u/info, /a2u/subscribe, /a2u/evโฆ
10
CVE-2026-39888 - PraisonAIAgents has a sandbox escape via exception frame traversal in `execute_code` (subprocess moโฆ
PraisonAI is a multi-agent teams system. Prior to 1.5.115, execute_code() in praisonaiagents.tools.python_tools defaults to sandbox_mode="sandbox", which runs user code in a subprocess wrapped with a restricted __builtins__ dict and an AST-based blocklist. The AST blocklist embedded inside the subpโฆ