CVE-2026-34936 PraisonAI: SSRF via Unvalidated api_base in passthrough() Fallback

PraisonAI is a multi-agent teams system. Prior to version 4.5.90, passthrough and apassthrough in praisonai accept a caller-controlled apibase parameter that is concatenated with endpoint and passed directly to httpx.Client.request when the litellm primary path raises AttributeError. No URL schem...

GHSA-X6M9-GXVR-7JPV PraisonAI: SSRF via Unvalidated api_base in passthrough() Fallback

Summary passthrough and apassthrough in praisonai accept a caller-controlled apibase parameter that is concatenated with endpoint and passed directly to httpx.Client.request when the litellm primary path raises AttributeError. No URL scheme validation, private IP filtering, or domain allowlist is...

Server-side Request Forgery (SSRF)

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

Apache Answer 安全漏洞

Apache Answer is a community platform of the Apache Foundation in the United States. Versions of Apache Answer prior to 1.7.1 contained security vulnerabilities. These vulnerabilities stemmed from unvalidated API endpoints that exposed the complete revision history of deleted content, potentially...

EUVD-2010-0745

Malware in sbrugna...

EUVD-2021-2884

Malicious code in bioql PyPI...

Ultimaker 3D printer 跨站请求伪造漏洞

The Ultimaker 3D printer is a series of powerful, professional 3D printers from the Dutch company Ultimaker. A security vulnerability exists in the Ultimaker 3D printer that originates from local web servers hosting APIs that are vulnerable to CSRF attacks. They do not validate incoming requests...