Lucene search
K

6 matches found

OSV
OSV
added 2026/06/29 11:50 a.m.4 views

PYSEC-2026-482 PraisonAI Platform has a cross-workspace IDOR + member-role privilege escalation

Summary The Platform server exposes resources under /api/v1/workspaces/workspaceid/... and protects them with a requireworkspacememberworkspaceid FastAPI dependency. The dependency only checks that the caller is a member of the workspaceid in the URL prefix. The route handlers then look up the...

9.4CVSS5.8AI score0.00043EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/24 3:37 p.m.6 views

CVE-2026-13164

Missing Authentication for Critical Function CWE-306 in the RegisterView apps/accounts/views.py, exposed at POST /api/auth/register/, in MailerUp 1.0.1 allows a remote, unauthenticated attacker to self-register a working account on instances where registration is intended to be restricted, becaus...

8.8CVSS6AI score0.00406EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-51838

Name of the Vulnerable Software and Affected Versions MailerUp versions prior to 1.0.1 Description Missing authentication for a critical function in the RegisterView apps/accounts/views.py allows a remote, unauthenticated attacker to self-register an account on instances where registration should...

8.8CVSS5.8AI score0.00406EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/05/29 10:34 p.m.27 views

PraisonAI Platform has a cross-workspace IDOR + member-role privilege escalation

Summary The Platform server exposes resources under /api/v1/workspaces/workspaceid/... and protects them with a requireworkspacememberworkspaceid FastAPI dependency. The dependency only checks that the caller is a member of the workspaceid in the URL prefix. The route handlers then look up the...

5.8AI score0.00043EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.14 views

PT-2026-45061

Name of the Vulnerable Software and Affected Versions PraisonAI Platform affected versions not specified Description The server contains multiple authorization flaws. First, a cross-tenant Insecure Direct Object Reference IDOR exists because the require workspace member dependency only validates...

9.4CVSS5.8AI score0.00043EPSS
Exploits0References7
NVD
NVD
added 2026/04/03 10:16 p.m.10 views

CVE-2026-34947

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, staged user custom fields and username are exposed on public invite pages without email verification. This issue has been...

6.9CVSS0.00211EPSS
Exploits0References1
Rows per page
Query Builder