3 matches found
CVE-2026-39889 PraisonAI has Unauthenticated SSE Event Stream Exposes All Agent Activity in A2U Server
PraisonAI is a multi-agent teams system. Prior to 4.5.115, the A2U Agent-to-User event stream server in PraisonAI exposes all agent activity without authentication. The createa2uroutes function registers the following endpoints with NO authentication checks: /a2u/info, /a2u/subscribe,...
CVE-2025-31499
Jellyfin is an open source self hosted media server. Versions before 10.10.7 are vulnerable to argument injection in FFmpeg. This can be leveraged to possibly achieve remote code execution by anyone with credentials to a low-privileged user. This vulnerability was previously reported in...
PT-2023-31054 · Jellyfin · Jellyfin
Name of the Vulnerable Software and Affected Versions: Jellyfin versions prior to 10.8.13 Description: The issue concerns an argument injection in the VideosController, specifically the "/Videos//stream" and "/Videos//stream." endpoints, which are reachable by an unauthenticated user. Additional...