Vulnerabilidades em MervinPraison
54 resultadosCVE-2026-34955HIGHPraisonAI: Sandbox Escape via shell=True and Bypassable Blocklist in SubprocessSandboxEPSS 0.4%CVE-2026-40157CRITICALPraisonAI affected by arbitrary file write via path traversal in `praisonai recipe unpack`EPSS 0.4%CVE-2026-44335HIGHSSRF bypass in PraisonAIEPSS 0.4%CVE-2026-34953CRITICALPraisonAI: Authentication Bypass in OAuthManager.validate_token()EPSS 0.4%CVE-2026-40116HIGHPraisonAI's Unauthenticated WebSocket Endpoint Proxies to Paid OpenAI Realtime API Without Rate LimitsEPSS 0.4%CVE-2026-44339HIGHPraisonAI has unsafe tool resolution in `ToolExecutionMixin.execute_tool`: undeclared `__main__` callables executeEPSS 0.4%CVE-2026-40289CRITICALPraisonAI Browser Server allows unauthenticated WebSocket clients to hijack connected extension sessionsEPSS 0.4%CVE-2026-41496HIGHPraisonAI: SQL Injection via unvalidated `table_prefix` in 9 conversation store backends (incomplete fix for CVE-2026-40315)EPSS 0.3%CVE-2026-34936HIGHPraisonAI: SSRF via Unvalidated api_base in passthrough() FallbackEPSS 0.3%CVE-2026-39308HIGHPraisonAI recipe registry publish path traversal allows out-of-root file writeEPSS 0.3%CVE-2026-40115MEDIUMPraisonAI has an Unrestricted Upload Size in WSGI Recipe Registry Server Enables Memory Exhaustion DoSEPSS 0.3%CVE-2026-39307HIGHPraisonAI has an Arbitrary File Write (Zip Slip) in Templates ExtractionEPSS 0.3%CVE-2026-39305CRITICALArbitrary File Write / Path Traversal in Action OrchestratorEPSS 0.3%CVE-2026-40152MEDIUMPraisonAIAgents has a Path Traversal via Unvalidated Glob Pattern in list_files Bypasses Workspace BoundaryEPSS 0.3%CVE-2026-40313CRITICALPraisonAI: ArtiPACKED Vulnerability via GitHub Actions Credential PersistenceEPSS 0.3%CVE-2026-40154CRITICALPraisonAI Affected by Untrusted Remote Template Code ExecutionEPSS 0.3%CVE-2026-40315HIGHPraisonAI: SQLiteConversationStore didn't validate table_prefix when constructing SQL queriesEPSS 0.3%CVE-2026-39306HIGHPraisonAI recipe registry pull path traversal writes files outside the chosen output directoryEPSS 0.3%CVE-2026-40160HIGHPraisonAIAgents has SSRF via unvalidated URL in `web_crawl` httpx fallbackEPSS 0.3%CVE-2026-40114HIGHPraisonAI has Server-Side Request Forgery via Unvalidated webhook_url in Jobs APIEPSS 0.3%