目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1000 CNY

100.0%
コーヒーを一杯おごる

PraisonAI 产品漏洞列表 / CVE 中文分析 46

PraisonAI 产品相关 46 条漏洞,AI 中文标题与摘要、CVSS、POC 一站汇总。

ベンダー: MervinPraison

CVE IDタイトルCVSS深刻度公開日
CVE-2026-39889 PraisonAI has Unauthenticated SSE Event Stream Exposes All Agent Activity in A2U Server CWE-200 7.5 High2026-04-08
CVE-2026-39307 PraisonAI has an Arbitrary File Write (Zip Slip) in Templates Extraction CWE-22 8.1 High2026-04-07
CVE-2026-39308 PraisonAI recipe registry publish path traversal allows out-of-root file write CWE-22 7.1 High2026-04-07
CVE-2026-39306 PraisonAI recipe registry pull path traversal writes files outside the chosen output directory CWE-22 7.3 High2026-04-07
CVE-2026-39305 Arbitrary File Write / Path Traversal in Action Orchestrator CWE-22 9.0 Critical2026-04-07
CVE-2026-35615 PraisonAI has a Path Traversal in FileTools CWE-22 8.1AIHighAI2026-04-07
CVE-2026-34955 PraisonAI: Sandbox Escape via shell=True and Bypassable Blocklist in SubprocessSandbox CWE-78 8.8 High2026-04-03
CVE-2026-34954 PraisonAI: SSRF in FileTools.download_file() via Unvalidated URL CWE-918 8.6 High2026-04-03
CVE-2026-34953 PraisonAI: Authentication Bypass in OAuthManager.validate_token() CWE-863 9.1 Critical2026-04-03
CVE-2026-34952 PraisonAI: Missing Authentication in WebSocket Gateway CWE-306 9.1 Critical2026-04-03
CVE-2026-34939 PraisonAI: ReDoS via Unvalidated User-Controlled Regex in MCPToolIndex.search_tools() CWE-1333 6.5 Medium2026-04-03
CVE-2026-34938 PraisonAI: Python Sandbox Escape via str Subclass startswith() Override in execute_code CWE-693 10.0 Critical2026-04-03
CVE-2026-34937 PraisonAI: Shell Injection in run_python() via Unescaped $() Substitution CWE-78 7.8 High2026-04-03
CVE-2026-34936 PraisonAI: SSRF via Unvalidated api_base in passthrough() Fallback CWE-918 7.7 High2026-04-03
CVE-2026-34934 PraisonAI: Second-Order SQL Injection in `get_all_user_threads` CWE-89 9.8 Critical2026-04-03
CVE-2026-34935 PraisonAI: OS Command Injection in MCPHandler.parse_mcp_command() CWE-78 9.8 Critical2026-04-03

PraisonAI 产品累计公开 46 条 CVE 漏洞,本页提供按时间倒序的完整列表,包含 CVSS、CWE、AI 中文摘要与可获取的 POC 链接。