2 matches found
CVE-2026-40116 PraisonAI's Unauthenticated WebSocket Endpoint Proxies to Paid OpenAI Realtime API Without Rate Limits
PraisonAI is a multi-agent teams system. Prior to 4.5.128, the /media-stream WebSocket endpoint in PraisonAI's call module accepts connections from any client without authentication or Twilio signature validation. Each connection opens an authenticated session to OpenAI's Realtime API using the...
Information Disclosure
nova is vulnerable to information disclosure. The vulnerability exists as the novncproxy tokens are logged in plaintext when it is sent through the web socket proxy...