Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

mervinpraison — Vulnerabilities & Security Advisories 45

Browse all 45 CVE security advisories affecting mervinpraison. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by mervinpraison:PraisonAIpraisonaiagentsFeatured Image
CVE IDTitleCVSSSeverityPublished
CVE-2026-40313 PraisonAI: ArtiPACKED Vulnerability via GitHub Actions Credential Persistence — PraisonAICWE-829 9.1 Critical2026-04-14
CVE-2026-40289 PraisonAI Browser Server allows unauthenticated WebSocket clients to hijack connected extension sessions — PraisonAICWE-306 9.1 Critical2026-04-14
CVE-2026-40288 PraisonAI: Critical RCE via `type: job` workflow YAML — PraisonAICWE-78 9.8 Critical2026-04-14
CVE-2026-40287 PraisonAI has RCE via Automatic tools.py Import — PraisonAICWE-94 8.4 High2026-04-14
CVE-2026-40315 PraisonAI: SQLiteConversationStore didn't validate table_prefix when constructing SQL queries — PraisonAICWE-89 8.1 -2026-04-14
CVE-2026-40160 PraisonAIAgents has SSRF via unvalidated URL in `web_crawl` httpx fallback — PraisonAIAgentsCWE-918 7.4AIHighAI2026-04-10
CVE-2026-40159 PraisonAI Exposes Sensitive Environment Variable via Untrusted MCP Subprocess Execution — PraisonAICWE-200 5.5 Medium2026-04-10
CVE-2026-40158 PraisonAI has Improper Control of Generation of Code ('Code Injection') and Protection Mechanism Failure in praisonai — PraisonAICWE-94 8.6 High2026-04-10
CVE-2026-40157 PraisonAI affected by arbitrary file write via path traversal in `praisonai recipe unpack` — PraisonAICWE-22 8.1 -2026-04-10
CVE-2026-40156 PraisonAI Affected by Implicit Execution of Arbitrary Code via Automatic `tools.py` Loading — PraisonAICWE-94 7.8 High2026-04-10
CVE-2026-40154 PraisonAI Affected by Untrusted Remote Template Code Execution — PraisonAICWE-829 9.3 Critical2026-04-09
CVE-2026-40151 PraisonAI Affected by Unauthenticated Information Disclosure of Agent Instructions via /api/agents in AgentOS — PraisonAICWE-200 5.3 Medium2026-04-09
CVE-2026-40153 PraisonAIAgents Affected by Environment Variable Secret Exfiltration via os.path.expandvars() Bypassing shell=False in Shell Tool — PraisonAIAgentsCWE-526 7.4 High2026-04-09
CVE-2026-40152 PraisonAIAgents has a Path Traversal via Unvalidated Glob Pattern in list_files Bypasses Workspace Boundary — PraisonAIAgentsCWE-22 5.3 Medium2026-04-09
CVE-2026-40150 PraisonAIAgents has SSRF and Local File Read via Unvalidated URLs in web_crawl Tool — PraisonAIAgentsCWE-918 7.7 High2026-04-09
CVE-2026-40149 PraisonAI has an Unauthenticated Allow-List Manipulation Bypasses Agent Tool Approval Safety Controls — PraisonAICWE-396 7.9 High2026-04-09
CVE-2026-40148 PraisonAI Affected by Decompression Bomb DoS via Recipe Bundle Extraction Without Size Limits — PraisonAICWE-409 6.5 Medium2026-04-09
CVE-2026-40117 PraisonAIAgents Affected by Arbitrary File Read via read_skill_file Missing Workspace Boundary and Approval Gate — PraisonAIAgentsCWE-862 6.2 Medium2026-04-09
CVE-2026-40116 PraisonAI's Unauthenticated WebSocket Endpoint Proxies to Paid OpenAI Realtime API Without Rate Limits — PraisonAICWE-770 7.5 High2026-04-09
CVE-2026-40115 PraisonAI has an Unrestricted Upload Size in WSGI Recipe Registry Server Enables Memory Exhaustion DoS — PraisonAICWE-770 6.2 Medium2026-04-09
CVE-2026-40114 PraisonAI has Server-Side Request Forgery via Unvalidated webhook_url in Jobs API — PraisonAICWE-918 7.2 High2026-04-09
CVE-2026-40113 PraisonAI has an Argument Injection into Cloud Run Environment Variables via Unsanitized Comma in gcloud --set-env-vars — PraisonAICWE-88 8.4 High2026-04-09
CVE-2026-40112 PraisonAI has Stored XSS via Unsanitized Agent Output in HTML Rendering (nh3 Not a Required Dependency) — PraisonAICWE-79 5.4 Medium2026-04-09
CVE-2026-40111 PraisonAIAgents has an OS Command Injection via shell=True in Memory Hooks Executor (memory/hooks.py) — PraisonAIAgentsCWE-78 7.8AIHighAI2026-04-09
CVE-2026-40088 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in praisonai — PraisonAICWE-78 9.7 Critical2026-04-09
CVE-2026-39891 PraisonAI has a Template Injection in Agent Tool Definitions — PraisonAICWE-94 8.8 High2026-04-08
CVE-2026-39890 PraisonAI Affected by Remote Code Execution via YAML Deserialization in Agent Definition Loading — PraisonAICWE-502 9.8 Critical2026-04-08
CVE-2026-39889 PraisonAI has Unauthenticated SSE Event Stream Exposes All Agent Activity in A2U Server — PraisonAICWE-200 7.5 High2026-04-08
CVE-2026-39888 PraisonAIAgents has a sandbox escape via exception frame traversal in `execute_code` (subprocess mode) — praisonaiagentsCWE-657 10.0 Critical2026-04-08
CVE-2026-39307 PraisonAI has an Arbitrary File Write (Zip Slip) in Templates Extraction — PraisonAICWE-22 8.1 High2026-04-07

This page lists every published CVE security advisory associated with mervinpraison. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.