3 matches found
CVE-2026-61435 PraisonAI before 4.6.78 Authentication Bypass via Host Header Spoofing
PraisonAI before 4.6.78 contains an authentication bypass in the Call API agent invocation endpoints src/praisonai/praisonai/api/agentinvoke.py when PRAISONAICALLAUTH=disabled is configured. The safeguard intended to restrict the disabled-auth opt-out to localhost binding derives the bind host fr...
CVE-2025-59474
Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not perform a permission check in the sidepanel of a page intentionally accessible to users lacking Overall/Read permission, allowing attackers without Overall/Read permission to list agent names through its sidepanel executors widget...
CVE-2025-59474
The connected data confirms CVE-2025-59474 affects Jenkins 2.527 and earlier, and LTS 2.516.2 and earlier, where a missing permission check in the sidepanel allows users lacking Overall/Read to list agent names via the sidepanel executors widget. Root cause: lack of permission enforcement for an ...