3 matches found
CVE-2026-55641
9Router is an AI router & token saver. Prior to 0.5.2, 9router determines whether a /v1 LLM proxy request is local by reading the client-controlled Host header, allowing a remote unauthenticated attacker to send Host: localhost and bypass API-key authentication. In the default configuration, this...
CVE-2026-34954 PraisonAI: SSRF in FileTools.download_file() via Unvalidated URL
PraisonAI is a multi-agent teams system. Prior to version 1.5.95, FileTools.downloadfile in praisonaiagents validates the destination path but performs no validation on the url parameter, passing it directly to httpx.stream with followredirects=True. An attacker who controls the URL can reach any...
One or More Networks Mapped to the same cloud network
Challenge A Replication job targeting Cloud Hosts completes with the following warning: One or more source networks were possibly mapped onto the same cloud network. Simultaneous partial failovers of VMs residing on those networks may result in issues. Cause This warning is displayed when the...