npm PraisonAI utility shell safe-command wrapper allowlist bypass via shell chaining

Summary The published npm package praisonai ships dist/tools/utility-tools.js, which exports a shellcommand helper described in source as: text Execute shell command safe version - read-only commands The helper attempts to enforce a safe read-only command allowlist by checking only the first...

GHSA-J4F3-55X4-R6Q2 npm PraisonAI MCPServer exposes unauthenticated HTTP tools/call

Summary The published npm package praisonai exports a TypeScript MCPServer that can expose tools, resources, and prompts over an HTTP JSON-RPC transport with: ts await server.start port: 3000 ; The HTTP transport has no authentication or authorization path. MCPServerConfig does not expose an...

npm PraisonAI MCPServer exposes unauthenticated HTTP tools/call

Summary The published npm package praisonai exports a TypeScript MCPServer that can expose tools, resources, and prompts over an HTTP JSON-RPC transport with: ts await server.start port: 3000 ; The HTTP transport has no authentication or authorization path. MCPServerConfig does not expose an...

npm PraisonAI AgentOS exposes unauthenticated agent listing and invocation

Summary The published npm package praisonai ships a TypeScript AgentOS HTTP server that defaults to host: "0.0.0.0" and registers sensitive agent routes without any authentication or authorization middleware. When a developer starts AgentOS, a network attacker who can reach the service can: - rea...

GHSA-9752-MHQH-H34F npm PraisonAI AgentOS exposes unauthenticated agent listing and invocation

Summary The published npm package praisonai ships a TypeScript AgentOS HTTP server that defaults to host: "0.0.0.0" and registers sensitive agent routes without any authentication or authorization middleware. When a developer starts AgentOS, a network attacker who can reach the service can: - rea...

PraisonAI: Remote Code Execution via Sandbox Escape in `codeMode` Tool

Summary The codeMode tool in src/praisonai-ts/src/tools/builtins/code-mode.ts uses new Function with a withsandbox pattern to execute LLM-generated code. The blocklist-based "sandbox" can be trivially bypassed via Function'return this' to recover the global object, followed by global.require with...

GHSA-P69M-4F92-2V84 PraisonAI: Remote Code Execution via Sandbox Escape in `codeMode` Tool

Summary The codeMode tool in src/praisonai-ts/src/tools/builtins/code-mode.ts uses new Function with a withsandbox pattern to execute LLM-generated code. The blocklist-based "sandbox" can be trivially bypassed via Function'return this' to recover the global object, followed by global.require with...

GHSA-VJV9-7M7J-H833 npm PraisonAI SandboxExecutor allowedCommands bypass via shell chaining

Summary The published npm package praisonai exports SandboxExecutor, CommandValidator, and sandboxExec as "safe command execution with restrictions." When allowedCommands is configured, CommandValidator checks only the first whitespace-delimited token of the command string. SandboxExecutor then...

npm PraisonAI SandboxExecutor allowedCommands bypass via shell chaining

Summary The published npm package praisonai exports SandboxExecutor, CommandValidator, and sandboxExec as "safe command execution with restrictions." When allowedCommands is configured, CommandValidator checks only the first whitespace-delimited token of the command string. SandboxExecutor then...

GHSA-VMMJ-PFW7-FJWP npm PraisonAI codeMode sandbox escape via Function constructor

Summary The published npm package praisonai exports a TypeScript built-in tool named codeMode. The package describes this tool as executing code in a sandboxed environment, marks its capability as sandbox: true, and registers it through the public tools facade. The implementation does not create ...

npm PraisonAI codeMode sandbox escape via Function constructor

Summary The published npm package praisonai exports a TypeScript built-in tool named codeMode. The package describes this tool as executing code in a sandboxed environment, marks its capability as sandbox: true, and registers it through the public tools facade. The implementation does not create ...

npm PraisonAI MCPSecurity Basic/OAuth authentication policies accept invalid credentials without validation

Summary The published npm package praisonai exports an MCPSecurity helper described in source as: text MCP Security - Authentication, authorization, and rate limiting Provides security policies for MCP servers. Its AuthMethod type advertises five authentication methods: ts export type AuthMethod ...

GHSA-4QQ2-2J2X-X62C npm PraisonAI MCPSecurity Basic/OAuth authentication policies accept invalid credentials without validation

Summary The published npm package praisonai exports an MCPSecurity helper described in source as: text MCP Security - Authentication, authorization, and rate limiting Provides security policies for MCP servers. Its AuthMethod type advertises five authentication methods: ts export type AuthMethod ...

PraisonAI: IMAP Command Injection via Unsanitized Email Search Parameters

Summary The email search tool in src/praisonai-agents/praisonaiagents/tools/emailtools.py constructs IMAP SEARCH commands by interpolating LLM-controlled parameters fromaddr, subject, query directly into IMAP protocol strings using f-string formatting with double-quote delimiters. An attacker who...

GHSA-C969-5X3P-VQ3V PraisonAI: IMAP Command Injection via Unsanitized Email Search Parameters

Summary The email search tool in src/praisonai-agents/praisonaiagents/tools/emailtools.py constructs IMAP SEARCH commands by interpolating LLM-controlled parameters fromaddr, subject, query directly into IMAP protocol strings using f-string formatting with double-quote delimiters. An attacker who...

Heimdall: Forwarded Header Injection via Unsanitized Host Header in Proxy Mode

Summary When Heimdall operates in proxy mode, it constructs the Forwarded HTTP header after executing the matched rule pipeline by inserting the incoming request's Host header value directly into the header string without sanitizing commas or semicolons. This allows an attacker to inject addition...

GHSA-4JGR-PG2M-M988 Heimdall: Forwarded Header Injection via Unsanitized Host Header in Proxy Mode

Summary When Heimdall operates in proxy mode, it constructs the Forwarded HTTP header after executing the matched rule pipeline by inserting the incoming request's Host header value directly into the header string without sanitizing commas or semicolons. This allows an attacker to inject addition...

Heimdall: IP Spoofing via Unvalidated Forwarding Headers

Summary When the trustedproxies option is configured, heimdall extracts client IP addresses from the Forwarded for= parameter and X-Forwarded-For headers and exposes them as Request.ClientIPAddresses to the rule pipeline. However, extracted values are not validated to be syntactically valid IP...

GHSA-38X9-25WX-7FG2 Heimdall: IP Spoofing via Unvalidated Forwarding Headers

Summary When the trustedproxies option is configured, heimdall extracts client IP addresses from the Forwarded for= parameter and X-Forwarded-For headers and exposes them as Request.ClientIPAddresses to the rule pipeline. However, extracted values are not validated to be syntactically valid IP...

CVE-2026-54419

claudiopizzillo PIAF-HMS PBX-In-A-Flash Hotel Management System; no released versions, latest commit 389d2633441b65ced1c104212cd62be2bfca21e5 contains multiple unauthenticated SQL injection vulnerabilities. The application has no authentication mechanism and passes user-supplied HTTP parameters...