3 matches found
GHSA-F292-66H9-FPMF PraisonAI Has Unauthenticated SSE Event Stream that Exposes All Agent Activity in A2U Server
The A2U Agent-to-User event stream server in PraisonAI exposes all agent activity without authentication. This is a separate component from the gateway server fixed in CVE-2026-34952. The createa2uroutes function registers the following endpoints with NO authentication checks: - GET /a2u/info —...
Malicious code in @zipmex/events-stream-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b626ed2ba8317a3c709a45a9d17f5ef193b73c0b157c6dc10c88a6c9a08cc513 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-794 Malicious code in @zipmex/events-stream-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b626ed2ba8317a3c709a45a9d17f5ef193b73c0b157c6dc10c88a6c9a08cc513 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...