Summary
PraisonAI: Jobs API exposes agent-execution endpoints with no authentication
References
Related vulnerabilities
All Supply chain →- CRITICALGHSA-J4F3-55X4-R6Q2
npm PraisonAI MCPServer exposes unauthenticated HTTP tools/call
- CRITICALGHSA-892R-P3JQ-JP24
PraisonAI: AgentOS remains unauthenticated after incomplete fix version and allows remote agent invocation
- CRITICALGHSA-X8CV-XMQ7-P8XP
PraisonAI AgentTeam.launch exposes unauthenticated remote agent listing and invocation endpoints
- CRITICALGHSA-365W-HQF6-VXFG
Crawl4AI: Multiple Docker API Vulnerabilities - File Write, SSRF, Auth Bypass, XSS, JS Execution
- MEDIUMGHSA-MPC8-JXJH-QPGH
OpenClaw: Focus command could miss controlScope enforcement
- MEDIUMGHSA-72FW-CQH5-F324
OpenClaw: memory-wiki shared search could miss session visibility checks