9 matches found
PYSEC-2026-466 PraisonAI call server exposes unauthenticated agent listing, invocation, and deletion when CALL_SERVER_TOKEN is unset
Summary PraisonAI's call server exposes a network-facing agent control API without authentication when CALLSERVERTOKEN is not configured. The affected component is the praisonai.api.agentinvoke router as mounted by praisonai.api.call. The authentication helper verifytoken fails open when...
GHSA-86QC-R5V2-V6X6 PraisonAI call server exposes unauthenticated agent listing, invocation, and deletion when CALL_SERVER_TOKEN is unset
Summary PraisonAI's call server exposes a network-facing agent control API without authentication when CALLSERVERTOKEN is not configured. The affected component is the praisonai.api.agentinvoke router as mounted by praisonai.api.call. The authentication helper verifytoken fails open when...
PT-2026-45055
Name of the Vulnerable Software and Affected Versions PraisonAI affected versions not specified Description The call server exposes a network-facing agent control API without authentication when the CALL SERVER TOKEN environment variable is not configured. This occurs because the verify token...
CVE-2026-31251
CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e 2025-30-21 contains an insecure deserialization vulnerability CWE-502 in its gRPC server component. When the server starts, it loads the speech synthesis model from a user-specified directory using torch.load without enabling the...
CVE-2026-31251
CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e 2025-30-21 contains an insecure deserialization vulnerability CWE-502 in its gRPC server component. When the server starts, it loads the speech synthesis model from a user-specified directory using torch.load without enabling the...
EUVD-2026-19021
A weakness has been identified in FedML-AI FedML up to 0.8.9. Affected is the function sendMessage of the file grpcserver.py of the component gRPC server. Executing a manipulation can lead to deserialization. The attack may be performed from remote. The vendor was contacted early about this...
EUVD-2018-20200
Malware in sbrugna...
Hardcoded credentials
Nortel MG1000S, Signaling Server, and Call Server on the Communications Server 1000 CS1K 4.50.x contain multiple unspecified hard-coded accounts and passwords, which allows remote attackers to gain privileges...
CA BrightStor ARCserve 11.5.2.0 (catirpc.dll) RPC Server DoS Exploit
No description provided by source. !/usr/bin/ruby Computer Associates CA Brightstor Backup Remote Procedure Call Server DoS catirpc.dll Catirpc.exe - Provides the endpoint mapper and enables RPC services for BrightStor Backup products. 7c.350: Access violation - code c0000005 !!! second chance !!...