PraisonAI 代码问题漏洞

PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI prior to 1.6.32 contained code vulnerabilities. These vulnerabilities stemmed from logical flaws in the URL checking logic, which could allow attackers to bypass the checks and execute...

PraisonAI SQL注入漏洞

PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI prior to 4.6.9 contained an SQL injection vulnerability. This vulnerability stemmed from multiple backends passing table prefixes directly into f-string SQL statements, which could lead ...

PraisonAI 安全漏洞

PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI prior to 4.5.128 contained security vulnerabilities. These vulnerabilities stemmed from the MCP integration, which inherited complete environment variables when executing commands provid...

PraisonAI 安全漏洞

PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI prior to 4.5.128 contained a security vulnerability. This vulnerability stemmed from the automatic loading and execution of the tools.py file located in the working directory, which coul...

PraisonAI 跨站脚本漏洞

PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI prior to 4.5.128 contained a cross-site scripting vulnerability. This vulnerability stemmed from Flask API endpoints rendering HTML, where cleanup operations were ineffective, allowing...

PraisonAI 代码问题漏洞

PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI prior to 4.5.115 contained code vulnerabilities; these vulnerabilities stemmed from YAML parsing without disabling dangerous tags, which could lead to remote code execution...

PraisonAI 操作系统命令注入漏洞

PraisonAI is a low-code multi-intelligent body collaboration framework. PraisonAI suffers from an operating system command injection vulnerability that stems from the --mcp CLI parameter being passed directly without any validation, whitelist checking, or cleanup, which can be exploited by an...

PandaX 安全漏洞

PandaX is a Go language open source low-code development framework for enterprise IoT platforms from PandaX Open Source. A security vulnerability exists in PandaX that stems from incorrect manipulation of the parameter key in the file config.yml, which could lead to the use of hard-coded keys...

PandaX Code Issues Vulnerabilities

PandaX is a Go language open source low-code development framework for enterprise IoT platforms from PandaX Open Source. A code issue vulnerability exists in PandaX version 20240310 and prior versions, which stems from an incorrect manipulation of the parameter file can lead to unrestricted file...

PandaX SQL Injection Vulnerability

PandaX is PandaX open source a Go language open source low-code development framework for enterprise IoT platforms. An SQL injection vulnerability exists in PandaX version 20240310 and earlier versions, which stems from the fact that incorrect manipulation of the parameter roleKey can lead to sql...