CVE-2026-44338 PraisonAI ships and generates a legacy API server with authentication disabled by default, allowing unauthenticated workflow execution

PraisonAI is a multi-agent teams system. From version 2.5.6 to before version 4.6.34, PraisonAI ships a legacy Flask API server with authentication disabled by default. When that server is used, any caller that can reach it can access /agents and trigger the configured agents.yaml workflow throug...

PraisonAI 访问控制错误漏洞

PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI from 2.5.6 to 4.6.34 contained an access control vulnerability. This vulnerability stemmed from the Flask API server, which disabled authentication by default, allowing callers without a...

OpenStack Keystone 安全漏洞

OpenStack Keystone is a core authentication component library of the OpenStack open-source project. Versions of OpenStack Keystone prior to 28.0.1 had security vulnerabilities. These vulnerabilities stemmed from the fact that the LDAP identity backend did not convert user enablement properties in...

CVE-1999-0692

The default configuration of the Array Services daemon arrayd disables authentication, allowing remote users to gain root privileges...