Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

MervinPraison — Vulnerabilities & Security Advisories 45

Browse all 45 CVE security advisories affecting MervinPraison. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by MervinPraison:PraisonAIpraisonaiagentsFeatured Image
CVE IDTitleCVSSSeverityPublished
CVE-2026-39308 PraisonAI recipe registry publish path traversal allows out-of-root file write — PraisonAICWE-22 7.1 High2026-04-07
CVE-2026-39306 PraisonAI recipe registry pull path traversal writes files outside the chosen output directory — PraisonAICWE-22 7.3 High2026-04-07
CVE-2026-39305 Arbitrary File Write / Path Traversal in Action Orchestrator — PraisonAICWE-22 9.0 Critical2026-04-07
CVE-2026-35615 PraisonAI has a Path Traversal in FileTools — PraisonAICWE-22 8.1AIHighAI2026-04-07
CVE-2026-34955 PraisonAI: Sandbox Escape via shell=True and Bypassable Blocklist in SubprocessSandbox — PraisonAICWE-78 8.8 High2026-04-03
CVE-2026-34954 PraisonAI: SSRF in FileTools.download_file() via Unvalidated URL — PraisonAICWE-918 8.6 High2026-04-03
CVE-2026-34953 PraisonAI: Authentication Bypass in OAuthManager.validate_token() — PraisonAICWE-863 9.1 Critical2026-04-03
CVE-2026-34952 PraisonAI: Missing Authentication in WebSocket Gateway — PraisonAICWE-306 9.1 Critical2026-04-03
CVE-2026-34939 PraisonAI: ReDoS via Unvalidated User-Controlled Regex in MCPToolIndex.search_tools() — PraisonAICWE-1333 6.5 Medium2026-04-03
CVE-2026-34938 PraisonAI: Python Sandbox Escape via str Subclass startswith() Override in execute_code — PraisonAICWE-693 10.0 Critical2026-04-03
CVE-2026-34937 PraisonAI: Shell Injection in run_python() via Unescaped $() Substitution — PraisonAICWE-78 7.8 High2026-04-03
CVE-2026-34936 PraisonAI: SSRF via Unvalidated api_base in passthrough() Fallback — PraisonAICWE-918 7.7 High2026-04-03
CVE-2026-34934 PraisonAI: Second-Order SQL Injection in `get_all_user_threads` — PraisonAICWE-89 9.8 Critical2026-04-03
CVE-2026-34935 PraisonAI: OS Command Injection in MCPHandler.parse_mcp_command() — PraisonAICWE-78 9.8 Critical2026-04-03
CVE-2025-12019 Featured Image <= 2.1 - Authenticated (Admin+) Stored Cross-Site Scripting — Featured ImageCWE-79 4.4 Medium2025-11-11

This page lists every published CVE security advisory associated with MervinPraison. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.