Lucene search
K

7 matches found

Cvelist
Cvelist
added 2026/06/03 7:18 a.m.48 views

CVE-2026-4035 Environment Variable Resolution Vulnerability in mlflow/mlflow

A vulnerability in mlflow/mlflow versions prior to 3.11.0 allows for the resolution of environment variables in AI Gateway secrets, which can be exploited to exfiltrate sensitive server-side environment credentials to an attacker-controlled endpoint. This issue arises because the apikey field in...

9.1CVSS0.00435EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/04/06 10:57 a.m.6 views

CVE-2026-34936

PraisonAI is a multi-agent teams system. Prior to version 4.5.90, passthrough and apassthrough in praisonai accept a caller-controlled apibase parameter that is concatenated with endpoint and passed directly to httpx.Client.request when the litellm primary path raises AttributeError. No URL schem...

7.7CVSS5.8AI score0.00337EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/03 10:50 p.m.21 views

CVE-2026-34936 PraisonAI: SSRF via Unvalidated api_base in passthrough() Fallback

PraisonAI is a multi-agent teams system. Prior to version 4.5.90, passthrough and apassthrough in praisonai accept a caller-controlled apibase parameter that is concatenated with endpoint and passed directly to httpx.Client.request when the litellm primary path raises AttributeError. No URL schem...

7.7CVSS0.00337EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/03 12:0 a.m.9 views

PraisonAI 安全漏洞

PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI prior to 4.5.90 contained security vulnerabilities. These vulnerabilities stemmed from the passthrough and apassthrough functions accepting an apibase parameter controlled by the caller...

7.7CVSS5.8AI score0.00337EPSS
Exploits1References1
Snyk
Snyk
added 2026/04/01 11:21 p.m.4 views

Server-side Request Forgery (SSRF)

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

8.5CVSS5.9AI score0.00337EPSS
Exploits1References2
OSV
OSV
added 2026/04/01 11:21 p.m.6 views

GHSA-X6M9-GXVR-7JPV PraisonAI: SSRF via Unvalidated api_base in passthrough() Fallback

Summary passthrough and apassthrough in praisonai accept a caller-controlled apibase parameter that is concatenated with endpoint and passed directly to httpx.Client.request when the litellm primary path raises AttributeError. No URL scheme validation, private IP filtering, or domain allowlist is...

7.7CVSS5.9AI score0.00337EPSS
Exploits1References3
OSV
OSV
added 2024/09/13 6:31 p.m.4 views

GHSA-G26J-5385-HHW3 LiteLLM Server-Side Request Forgery (SSRF) vulnerability

A Server-Side Request Forgery SSRF vulnerability exists in berriai/litellm version 1.38.10. This vulnerability allows users to specify the apibase parameter when making requests to POST /chat/completions, causing the application to send the request to the domain specified by apibase. This request...

8.7CVSS7.2AI score0.37197EPSS
Exploits1References4
Rows per page
Query Builder