CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

13 matches found

GHSA-86QC-R5V2-V6X6 PraisonAI call server exposes unauthenticated agent listing, invocation, and deletion when CALL_SERVER_TOKEN is unset

Summary PraisonAI's call server exposes a network-facing agent control API without authentication when CALLSERVERTOKEN is not configured. The affected component is the praisonai.api.agentinvoke router as mounted by praisonai.api.call. The authentication helper verifytoken fails open when...

9.8CVSS5.8AI score

Exploits0References2

Github Security Blog•added 6 days ago•18 views

PraisonAI call server exposes unauthenticated agent listing, invocation, and deletion when CALL_SERVER_TOKEN is unset

5.8AI score

Exploits0References2Affected Software1

Snyk•added 2026/04/10 7:24 p.m.•1 views

Missing Authentication for Critical Function

Overview praisonaiagents is a Praison AI agents for completing complex tasks with Self Reflection Agents Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the listagents function. An attacker can access sensitive agent names, roles, and partial...

6.9CVSS5.8AI score0.0006EPSS

Exploits1References2

Veracode•added 2026/02/09 7:31 a.m.•2 views

Authentication Bypass

Keylime is vulnerable to an Authentication Bypass. The vulnerability is due to missing enforcement of client-side TLS authentication in the Keylime registrar, allowing unauthenticated clients with network access to perform administrative operations such as listing agents, retrieving public TPM...

9.8CVSS5.5AI score0.00026EPSS

Exploits0References9Affected Software1

RedHat Linux•added 2026/02/09 2:49 a.m.•0 views

keylime: Keylime: Authentication bypass allows unauthorized administrative operations due to missing client-side TLS authentication

A flaw was found in Keylime. The Keylime registrar, since version 7.12.0, does not enforce client-side Transport Layer Security TLS authentication. This authentication bypass vulnerability allows unauthenticated clients with network access to perform administrative operations, including listing...

9.8CVSS5.7AI score0.00026EPSS

Exploits0References4

RedHat Linux•added 2026/02/09 1:32 a.m.•2 views

keylime: Keylime: Authentication bypass allows unauthorized administrative operations due to missing client-side TLS authentication

9.8CVSS5.7AI score0.00026EPSS

Exploits0References4

OSV•added 2026/02/06 8:16 p.m.•4 views

PYSEC-2026-74

9.8CVSS5.8AI score0.00026EPSS

Exploits0References5

PyPA•added 2026/02/06 8:16 p.m.•4 views

PYSEC-2026-74

9.8CVSS5.7AI score0.00026EPSS

Exploits0References5Affected Software1

UbuntuCve•added 2026/02/06 8:16 p.m.•3 views

CVE-2026-1709

9.8CVSS5.8AI score0.00026EPSS

Exploits0References3

ATTACKERKB•added 2026/02/06 7:13 p.m.•2 views

CVE-2026-1709

9.4CVSS5.4AI score0.00026EPSS

Exploits0References6

Vulnrichment•added 2026/02/06 7:13 p.m.•2 views

CVE-2026-1709 Keylime: keylime: authentication bypass allows unauthorized administrative operations due to missing client-side tls authentication

9.4CVSS5.4AI score0.00026EPSS

Exploits0References5

EUVD•added 2026/02/06 7:13 p.m.•2 views

EUVD-2026-5599

9.4CVSS5.3AI score0.00026EPSS

Exploits0References2

VulnCheck KEV•added 2025/10/17 12:0 a.m.•2 views

VulnCheck KEV: CVE-2025-59474

Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not perform a permission check in the sidepanel of a page intentionally accessible to users lacking Overall/Read permission, allowing attackers without Overall/Read permission to list agent names through its sidepanel executors widget...

5.3CVSS5.8AI score0.00111EPSS

In wildExploits0References22

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by