Lucene search
K

6 matches found

EUVD
EUVD
added yesterday6 views

EUVD-2026-42902

PraisonAI versions before 4.6.78 contain a code injection vulnerability in deploy/api.py where the agentsfile parameter is directly interpolated into an f-string without sanitization. Attackers can inject arbitrary Python code that executes when the generated server code runs via subprocess.Popen...

9.4CVSS6.2AI score
Exploits0References2
CVE
CVE
added yesterday6 views

CVE-2026-61444

PRAISONAi before 4.6.78 has a code‑injection vulnerability in deploy/api.py: the agents_file parameter is interpolated into an f-string without sanitization, allowing arbitrary Python code execution when the generated server code runs via subprocess.Popen(). Affected: PraisonAI

9.4CVSS6.2AI score
Exploits0References2
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.9 views

PraisonAI 访问控制错误漏洞

PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI from 2.5.6 to 4.6.34 contained an access control vulnerability. This vulnerability stemmed from the Flask API server, which disabled authentication by default, allowing callers without a...

7.3CVSS6AI score0.26799EPSS
Exploits3References1
ATTACKERKB
ATTACKERKB
added 2026/04/14 3:5 a.m.2 views

CVE-2026-40289

PraisonAI is a multi-agent teams system. In versions below 4.5.139 of PraisonAI and 1.5.140 of praisonaiagents, the browser bridge praisonai browser start is vulnerable to unauthenticated remote session hijacking due to missing authentication and a bypassable origin check on its /ws WebSocket...

9.1CVSS5.8AI score0.00356EPSS
Exploits1References2Affected Software2
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.5 views

PT-2026-32592

Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 4.5.139 Description PraisonAI is a multi-agent teams system that allows arbitrary code execution due to the automatic and unsanitized import of a tools.py file from the current working directory. This occurs when...

8.4CVSS6.3AI score0.00246EPSS
Exploits1References12
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.8 views

PraisonAI 信息泄露漏洞

PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI prior to 4.5.128 contained an information leakage vulnerability. This vulnerability stemmed from the AgentOS deployment platform not implementing authentication, and the default CORS...

5.3CVSS5.8AI score0.00758EPSS
Exploits1References1
Rows per page
Query Builder