PraisonAI ships and generates a legacy API server with authentication disabled by default, allowing unauthenticated workflow execution

Summary PraisonAI ships a legacy Flask API server with authentication disabled by default. When that server is used, any caller that can reach it can access /agents and trigger the configured agents.yaml workflow through /chat without providing a token. Details The vulnerable server is the shippe...

CVE-2025-65925

An issue was discovered in Zeroheight SaaS prior to 2025-06-13. A legacy user creation API pathway allowed accounts to be created without completing the intended email verification step. While unverified accounts could not access product functionality, the behavior bypassed intended verification...

0day RCE in Firefox

This seems like a pretty interesting vulnerability CVE-2019-17026 in Firefox and Thunderbird in Windows, MacOS and Linux. "Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this...

SUSE SLED12 / SLES12 Security Update : krb5 (SUSE-SU-2018:0846-1)

This update for krb5 provides the following fixes: Security issues fixed : - CVE-2018-5730: DN container check bypass by supplying special crafted data bsc1083927. - CVE-2018-5729: NULL pointer dereference in kadmind or DN container check bypass by supplying special crafted data bsc1083926...