3 matches found
GHSA-XCMW-GRXF-WJHJ PraisonAI has unauthenticated RCE via `tool_override.py` (CVE-2026-40287 patch bypass)
TL;DR CVE-2026-40287's fix gated tools.py auto-import behind PRAISONAIALLOWLOCALTOOLS=true in two files toolresolver.py, api/call.py. A third import sink in praisonai/templates/tooloverride.py was missed and remains unguarded. It is reached by the recipe runner on every recipe execution and is...
PraisonAI has unauthenticated RCE via `tool_override.py` (CVE-2026-40287 patch bypass)
TL;DR CVE-2026-40287's fix gated tools.py auto-import behind PRAISONAIALLOWLOCALTOOLS=true in two files toolresolver.py, api/call.py. A third import sink in praisonai/templates/tooloverride.py was missed and remains unguarded. It is reached by the recipe runner on every recipe execution and is...
openSUSE Security Update : typo3-cms-4_5 (openSUSE-SU-2014:0813-1)
typo3-cms-45 was updated to version 4.5.34 to fix eight security vulnerabilities and several other bugs. These security problems where fixed : - Add trusted HTTPHOST configuration CVE-2014-3941 - XSS in old extension manager information function CVE-2014-3943 - XSS in new content element wizard...