Lucene search
K

4 matches found

OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-465 PraisonAI `deploy --type api` emits a Flask server with authentication disabled by default

Summary CVE-2026-44338 GHSA-6rmh-7xcm-cpxj documents that PraisonAI ships a code-generator praisonai.deploy.api.generateapiservercode that emits a Flask API server with authentication disabled by default. Users who follow the documented quickstart praisonai deploy --type api get a server that: -...

9.8CVSS6AI score0.0008EPSS
Exploits0References6
OSV
OSV
added 2026/05/29 10:13 p.m.11 views

GHSA-FP6W-8WPG-74G5 stigmem-node: Auth-disabled deployments may grant broad anonymous access outside loopback

Impact Stigmem nodes configured with authentication disabled could grant the anonymous identity broad read/write/federation capabilities if exposed outside a loopback-only local development environment. Impacted users are operators who intentionally disabled authentication while binding the node ...

9.2CVSS5.8AI score
Exploits0References5
The Hacker News
The Hacker News
added 2026/05/14 11:40 a.m.15 views

PraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours of Disclosure

Threat actors have been observed attempting to exploit a recently disclosed security vulnerability in PraisonAI , an open-source multi-agent orchestration framework, within four hours of its public disclosure. The vulnerability in question is CVE-2026-44338 CVSS score: 7.3, a case of missing...

7.3CVSS5.8AI score0.26799EPSS
Exploits3
Cvelist
Cvelist
added 2026/01/14 11:55 a.m.25 views

CVE-2025-14338 Polkit authentication dis isabled by default in inputplumber

Polkit authentication dis isabled by default and a race condition in the Polkit authorization check in versions before v0.69.0 can lead to the same issues as in CVE-2025-66005...

8.5CVSS0.00222EPSS
Exploits0References2
Rows per page
Query Builder