2 matches found
CVE-2026-40114
creationtimestamp| type| source ---|---|--- 2026-04-09 23:30:43+00:00| seen| Telegram/1cCualjPQDoYUsDnolnQpk7NGC4b1xwJPWps9hRWMxLLCE 2026-04-10 19:28:54+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-8frj-8q3m-xhgm...
CVE-2026-40114
PraisonAI is a multi-agent teams system. Prior to 4.5.128, the /api/v1/runs endpoint accepts an arbitrary webhookurl in the request body with no URL validation. When a submitted job completes success or failure, the server makes an HTTP POST request to this URL using httpx.AsyncClient. An...