safe metadata only
Stage336 collects public AI/security intelligence metadata without collecting exploit code, attack prompts, payloads, or reproduction instructions.
Generated at: 2026-05-30T05:03:51.353543+00:00
JSON: index.json
| Category | Title | Published | URL |
|---|---|---|---|
| software-advisory | [praisonai-platform] praisonai-platform: Any workspace member can promote themselves or others to owner via PATCH /workspaces/{id}/members/{user_id} | 2026-05-29T23:01:59.000Z | source |
| software-advisory | [praisonai-platform] praisonai-platform: Missing authorization on member removal enables full workspace takeover by any user regardless of role | 2026-05-29T22:57:05.000Z | source |
| software-advisory | [praisonai-platform] praisonai-platform: Label endpoints' unchecked label_id/issue_id enable cross-workspace label IDOR (edit, delete, link) | 2026-05-29T22:51:07.000Z | source |
| software-advisory | [praisonai-platform] praisonai-platform: IDOR in dependency endpoints allows cross-workspace issue linking, reading, and deletion due to missing ownership checks | 2026-05-29T22:45:48.000Z | source |
| software-advisory | [praisonai-platform] praisonai-platform: JWT signing key defaults to hardcoded "dev-secret-change-me", allowing token forgery for any user when PLATFORM_ENV is unset | 2026-05-29T22:42:46.000Z | source |
| software-advisory | [praisonai-platform] PraisonAI Platform: Missing role checks let any workspace member become owner and control workspace membership | 2026-05-29T22:42:07.000Z | source |
| software-advisory | [praisonai-platform] PraisonAI Platform workspace-scoped routes allow cross-workspace object access by global object ID | 2026-05-29T22:35:13.000Z | source |
| software-advisory | [praisonai-platform] PraisonAI Platform has a cross-workspace IDOR + member-role privilege escalation | 2026-05-29T22:34:29.000Z | source |
| software-advisory | [praisonai-platform] praisonai-platform: list_issue_activity returns activity log for any issue regardless of workspace ownership | 2026-05-29T22:34:08.000Z | source |
| software-advisory | [praisonai-platform] PraisonAI has Cross-Workspace IDOR and Privilege Escalation via Platform API | 2026-05-29T22:32:45.000Z | source |
| software-advisory | [PraisonAI] PraisonAI has an Arbitrary File Write in Python API | 2026-05-29T22:31:49.000Z | source |
| software-advisory | [PraisonAI] PraisonAI's unauthenticated A2A official example can reach real LLM-driven `eval()` tool execution | 2026-05-29T22:31:26.000Z | source |
| software-advisory | [PraisonAI] PraisonAI vulnerable to unauthenticated arbitrary file read via MCP workflow.show, workflow.validate, deploy.validate | 2026-05-29T22:30:58.000Z | source |
| software-advisory | [PraisonAI] PraisonAI vulnerable to sandbox escape via `print.__self__` builtins module leak in `execute_code` (subprocess mode) | 2026-05-29T22:30:13.000Z | source |
| software-advisory | [praisonaiagents] PraisonAI vulnerable to sandbox escape via `print.__self__` builtins module leak in `execute_code` (subprocess mode) | 2026-05-29T22:30:13.000Z | source |
| software-advisory | [PraisonAI] PraisonAI CLI automatically resolves @url mentions in prompt text and can read loopback URLs into model context | 2026-05-29T22:29:47.000Z | source |
| software-advisory | [praisonaiagents] PraisonAI CLI automatically resolves @url mentions in prompt text and can read loopback URLs into model context | 2026-05-29T22:29:47.000Z | source |
| software-advisory | [PraisonAI] PraisonAI `deploy --type api` emits a Flask server with authentication disabled by default | 2026-05-29T22:29:20.000Z | source |
| software-advisory | [PraisonAI] PraisonAI call server exposes unauthenticated agent listing, invocation, and deletion when CALL_SERVER_TOKEN is unset | 2026-05-29T22:27:34.000Z | source |
| software-advisory | [PraisonAI] PraisonAI spider_tools SSRF protection bypass via alternate loopback host encodings | 2026-05-29T22:27:09.000Z | source |
| software-advisory | [@steipete/summarize] Summarize's hover summary feature allows malicious pages to dispatch synthetic mouseover events over attacker-controlled links | 2026-05-18T21:31:51.000Z | source |
| software-advisory | [@steipete/summarize] Summarize contains a missing authorization vulnerability | 2026-05-18T21:31:51.000Z | source |
| software-advisory | [@steipete/summarize] Summarize contains a missing authorization vulnerability | 2026-05-18T21:31:50.000Z | source |
| software-advisory | [@steipete/summarize] Summarize contains a path traversal vulnerability | 2026-05-18T21:31:50.000Z | source |
| software-advisory | [@agenticmail/core] AgenticMail API/storage and outbound relay hardening fixes | 2026-05-29T19:23:29.000Z | source |
| software-advisory | [@agenticmail/api] AgenticMail API/storage and outbound relay hardening fixes | 2026-05-29T19:23:29.000Z | source |
| software-advisory | [parse-server] Parse Server's GraphQL "Did you mean ...?" validation suggestions disclose schema to unauthenticated callers | 2026-05-29T19:18:01.000Z | source |
| software-advisory | [ngrok] ngrok is Vulnerable to Command Injection | 2026-05-18T18:31:29.000Z | source |
| software-advisory | [vm2] NodeVM observability builtins leak host process and HTTP request data | 2026-05-29T18:20:45.000Z | source |
| software-advisory | [vm2] NodeVM network builtin exclusions bypass via internal _http_client and _http_server | 2026-05-29T18:08:06.000Z | source |
| software-advisory | [vm2] NodeVM builtin denylist bypass via process and inspector/promises allows host code execution | 2026-05-29T17:59:23.000Z | source |
| software-advisory | [exifreader] ExifReader is vulnerable to denial of service via crafted ICC `mluc` tag | 2026-05-29T17:58:37.000Z | source |
| software-advisory | [exifreader] ExifReader is vulnerable to denial of service via unbounded decompression of image metadata | 2026-05-29T17:52:26.000Z | source |
| software-advisory | [vm2] vm2 sandbox escape via JSPI-backed Promise `.finally()` species bypass | 2026-05-29T17:51:05.000Z | source |
| software-advisory | [vm2] vm2 has a CVE-2023-37903 patch bypass: nesting:true without explicit require still allows full RCE | 2026-05-29T17:50:22.000Z | source |
| software-advisory | [vm2] vm2's Bridge Proxy set trap ignores receiver parameter, enabling host object property injection via prototype chain | 2026-05-29T17:49:18.000Z | source |
| software-advisory | [vm2] vm2 has a sandbox escape via unblocked cross-realm Symbol.for keys + missing bridge write-trap symbol checks | 2026-05-29T17:44:32.000Z | source |
| software-advisory | [vm2] vm2 is Vulnerable to Sandbox Breakout Through Promise Species | 2026-05-29T17:40:15.000Z | source |
| research | Physics Is All You Need? A Case Study in Physicist-Supervised AI Development of Scientific Software | 2026-05-28T17:59:59Z | source |
| research | LLMSurgeon: Diagnosing Data Mixture of Large Language Models | 2026-05-28T17:59:53Z | source |
| research | SchGen: PCB Schematic Generation with Semantic-Grounded Code Representations | 2026-05-28T17:59:50Z | source |
| research | Efficient Test-Time Finetuning of LLMs via Convex Reconstruction and Gradient Caching | 2026-05-28T17:59:01Z | source |
| research | Locally Coherent, Globally Incoherent: Bounding Compositional Incoherence in Multi-Component LLM Agents | 2026-05-28T17:58:55Z | source |
| research | Demystifying Data Organization for Enhanced LLM Training | 2026-05-28T17:58:53Z | source |
| research | COMPOSE: Composing Future Theorems from Citations and Formal Structure | 2026-05-28T17:58:42Z | source |
| research | Colored Noise Diffusion Sampling | 2026-05-28T17:58:13Z | source |
| research | SoundnessBench: Can Your AI Scientist Really Tell Good Research Ideas from Bad Ones? | 2026-05-28T17:57:37Z | source |
| research | In-Context Reward Adaptation for Robust Preference Modeling | 2026-05-28T17:56:54Z | source |