Lucene search
K

1030 matches found

NVD
NVD
added yesterday6 views

CVE-2026-61427

PraisonAI before 4.6.78 exposes the MCP HTTP-stream transport without authentication by default: the CLI --api-key option defaults to None, and the server only enforces Authorization/Bearer checks when an API key is configured. When an operator runs 'praisonai mcp serve --transport http-stream'...

7.3CVSS
Exploits0References2
NVD
NVD
added yesterday7 views

CVE-2026-61435

PraisonAI before 4.6.78 contains an authentication bypass in the Call API agent invocation endpoints src/praisonai/praisonai/api/agentinvoke.py when PRAISONAICALLAUTH=disabled is configured. The safeguard intended to restrict the disabled-auth opt-out to localhost binding derives the bind host fr...

8.8CVSS
Exploits0References4
Cvelist
Cvelist
added yesterday6 views

CVE-2026-61435 PraisonAI before 4.6.78 Authentication Bypass via Host Header Spoofing

PraisonAI before 4.6.78 contains an authentication bypass in the Call API agent invocation endpoints src/praisonai/praisonai/api/agentinvoke.py when PRAISONAICALLAUTH=disabled is configured. The safeguard intended to restrict the disabled-auth opt-out to localhost binding derives the bind host fr...

8.8CVSS
Exploits0References4
EUVD
EUVD
added yesterday3 views

EUVD-2026-44638

PraisonAI before 4.6.78 exposes the MCP HTTP-stream transport without authentication by default: the CLI --api-key option defaults to None, and the server only enforces Authorization/Bearer checks when an API key is configured. When an operator runs 'praisonai mcp serve --transport http-stream'...

7.3CVSS6.1AI score
Exploits0References2
PyPA
PyPA
added 3 days ago6 views

PraisonAI: Coarse-Grained Tool Approval Cache Bypasses Per-Invocation Consent for Shell Commands

SummaryThe approval system in PraisonAI Agents caches tool approval decisions by tool name only, not by invocation arguments. Once a user approves executecommand for any command e.g., ls -la, all subsequent executecommand calls in that execution context bypass the approval prompt entirely. Combin...

6.8CVSS6.3AI score0.00116EPSS
Exploits0References7Affected Software1
OSV
OSV
added 3 days ago3 views

PYSEC-2026-2946 PraisonAI: Coarse-Grained Tool Approval Cache Bypasses Per-Invocation Consent for Shell Commands

Summary The approval system in PraisonAI Agents caches tool approval decisions by tool name only, not by invocation arguments. Once a user approves executecommand for any command e.g., ls -la, all subsequent executecommand calls in that execution context bypass the approval prompt entirely...

5.5CVSS6.3AI score0.00116EPSS
Exploits0References7
Cvelist
Cvelist
added last week31 views

CVE-2026-54771 Langroid: handle_message() executes user-supplied tool JSON without sender verification

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.3, a Langroid application exposing a chat interface to untrusted users may allow direct tool invocation via raw JSON payloads, even when tools are registered with use=False, handle=True. Version...

8.1CVSS0.00392EPSS
Exploits0References1
CVE
CVE
added last week9 views

CVE-2026-54771

Langroid prior to 0.65.3 is affected. A Langroid application exposing a chat interface to untrusted users may allow direct tool invocation via raw JSON payloads, even when tools are registered with use=False, handle=True. Root cause: the tool dispatch path in agent_response → handle_message → get...

8.1CVSS5.9AI score0.00392EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/07/06 8:42 p.m.5 views

Langroid: handle_message() executes user-supplied tool JSON without sender verification

Summary A Langroid application exposing a chat interface to untrusted users may allow direct tool invocation via raw JSON payloads, even when tools are registered with use=False, handle=True. Details enablemessage..., use=False, handle=True only prevents the LLM from being instructed to generate...

8.1CVSS6AI score0.00392EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/07/06 8:42 p.m.3 views

GHSA-GJGQ-W2M6-WR5Q Langroid: handle_message() executes user-supplied tool JSON without sender verification

Summary A Langroid application exposing a chat interface to untrusted users may allow direct tool invocation via raw JSON payloads, even when tools are registered with use=False, handle=True. Details enablemessage..., use=False, handle=True only prevents the LLM from being instructed to generate...

8.1CVSS6AI score0.00392EPSS
Exploits0References2
CVE
CVE
added 2026/07/06 7:46 a.m.18 views

CVE-2026-40047

CVE-2026-40047 concerns Apache Camel’s camel-docling: Insufficient validation of custom CLI arguments allows argument injection and path traversal in DoclingProducer. The issue arises when unvalidated values in CamelDoclingCustomArguments (or path-bearing headers) reach the external docling tool ...

9.1CVSS5.9AI score0.01569EPSS
Exploits2References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.16 views

PT-2026-56064

Name of the Vulnerable Software and Affected Versions Langroid versions prior to 0.65.3 Description An application using this framework that exposes a chat interface to untrusted users may allow direct tool invocation via raw JSON payloads. This occurs even when tools are registered with use=Fals...

8.1CVSS6AI score0.00392EPSS
Exploits0References14
NVD
NVD
added 2026/07/05 3:16 p.m.8 views

CVE-2026-12250

Invocation of process using visible sensitive information vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Domain Joiner allows Excavation. This issue affects Pardus Domain Joiner: from 0.5.2 before 0.5.4...

7.9CVSS0.00106EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/05 2:27 p.m.9 views

EUVD-2026-41762

Invocation of process using visible sensitive information vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Domain Joiner allows Excavation. This issue affects Pardus Domain Joiner: from 0.5.2 before 0.5.4...

7.9CVSS5.9AI score0.00106EPSS
Exploits0References1
CVE
CVE
added 2026/07/05 2:27 p.m.19 views

CVE-2026-12250

The CVE-2026-12250 entry concerns Pardus Domain Joiner (TUBITAK BILGEM Software Technologies Research Institute). A vulnerability described as an Invocation of process using visible sensitive information could allow Excavation (data exposure). Affected version range: Pardus Domain Joiner 0.5.2 pr...

7.9CVSS5.9AI score0.00106EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/05 12:0 a.m.13 views

PT-2026-55801

Name of the Vulnerable Software and Affected Versions Pardus Domain Joiner versions 0.5.2 through 0.5.3 Description A flaw in the software allows the invocation of a process using visible sensitive information, which can lead to excavation of data. Recommendations Update Pardus Domain Joiner to...

7.9CVSS5.9AI score0.00106EPSS
Exploits0References6
OSV
OSV
added 2026/07/04 12:58 a.m.1 views

CVE-2026-12252 Untrusted JAR Code Execution in Multiple Stanford Interface Classes in nltk/nltk

In nltk/nltk versions 3.9.3 and earlier, five Stanford interface classes StanfordPOSTagger, StanfordNERTagger, StanfordParser, StanfordDependencyParser, and StanfordNeuralDependencyParser are vulnerable to untrusted JAR code execution. These classes accept user-controllable JAR paths and execute...

7.8CVSS7.4AI score0.00158EPSS
Exploits1References3
NVD
NVD
added 2026/07/01 10:16 p.m.6 views

CVE-2026-54712

OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. In versions prior to 2.27.0, the RMI context propagation payload reader limits the number of context entries but does not limit the aggregate size of the strings read from the...

7.5CVSS0.00263EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/01 9:17 p.m.7 views

CVE-2026-54712

OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. In versions prior to 2.27.0, the RMI context propagation payload reader limits the number of context entries but does not limit the aggregate size of the strings read from the...

5.3CVSS5.8AI score0.00263EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/07/01 9:17 p.m.38 views

CVE-2026-54712 OpenTelemetry Javaagent RMI context propagation allows resource exhaustion

OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. In versions prior to 2.27.0, the RMI context propagation payload reader limits the number of context entries but does not limit the aggregate size of the strings read from the...

5.3CVSS0.00263EPSS
Exploits0References1
Rows per page
Query Builder