CWE-1188
AllowedInitialization of a Resource with an Insecure Default
Abstraction: Base · Status: Incomplete
The product initializes or sets a resource with a default that is intended to be changed by the product's installer, administrator, or maintainer, but the default is not secure.
402 vulnerabilities reference this CWE, most recent first.
GHSA-6F2R-5P58-WVRF
Vulnerability from github – Published: 2025-11-04 03:30 – Updated: 2025-11-04 15:31By failing to authenticate three times to an unconfigured Abilis CPX device via SSH, an attacker can login to a restricted shell on the fourth attempt, and from there, relay connections.
{
"affected": [],
"aliases": [
"CVE-2025-35021"
],
"database_specific": {
"cwe_ids": [
"CWE-1188"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-11-04T01:15:33Z",
"severity": "MODERATE"
},
"details": "By failing to authenticate three times to an unconfigured Abilis CPX device via SSH, an attacker can login to a restricted shell on the fourth attempt, and from there, relay connections.",
"id": "GHSA-6f2r-5p58-wvrf",
"modified": "2025-11-04T15:31:31Z",
"published": "2025-11-04T03:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-35021"
},
{
"type": "WEB",
"url": "https://support.abilis.net/relnotes/cpx2k/R9.0.html#R9.0.7"
},
{
"type": "WEB",
"url": "https://takeonme.org/cves/cve-2025-35021"
},
{
"type": "WEB",
"url": "https://takeonme.org/gcves/GCVE-1337-2025-00000000000000000000000000000000000000000000000001011111111111011111111110000000000000000000000000000000000000000000000000000000100"
},
{
"type": "WEB",
"url": "https://www.runzero.com/advisories/abilis-cpx-authentication-bypass-cve-2025-35021"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-6G8Q-HP2J-GVWV
Vulnerability from github – Published: 2026-01-05 20:25 – Updated: 2026-01-08 21:18Impact
Projects using the SUSE Virtualization (Harvester) environment are vulnerable to this exploit if they are using the 1.5.x or 1.6.x interactive installer to either create a new cluster or add new hosts to an existing cluster. The environment is not affected if the PXE boot mechanism is utilized along with the Harvester configuration setup.
A critical vulnerability has been identified within the SUSE Virtualization interactive installer. This vulnerability allows an attacker to gain unauthorized network access to the host via a remote shell (SSH).
The SUSE Virtualization operating system includes a default administrative login credential intended solely for out-of-band cluster management tasks (for example, perform troubleshooting, device management and system recovery over serial ports). When the interactive installer is used to create or expand a cluster, the installer enables the host's networking functions before the default password is reset. This presents a window of opportunity for an attacker to exploit the default password to gain unauthorized access to the host via SSH.
Please consult the associated MITRE ATT&CK - Technique - Default Credentials for further information about this category of attack.
Patches
This vulnerability is addressed by updating the interactive installer to allow the user to reset the OS default login password, before proceeding to other system configuration screens like the host networking screen and before network connectivity for remote access to the host is actually enabled.
v1.7.0 and later include the necessary security fixes.
Workarounds
For environments that are dependent on the SUSE Virtualization 1.5 and 1.6 interactive installer, users should upgrade the clusters to SUSE Virtualization 1.7 and use the 1.7 installer to manage hosts. These versions allow users to reset the operating system's default administrative password before proceeding to other system configuration screens and before enabling network connectivity for remote host access.
Projects can also perform one of the following workarounds to mitigate the risk:
- If upgrading to v1.7.x is not an option, use the PXE boot mechanism along with a configuration file to define a secure password.
- Apply network security controls to limit access to the server from any untrusted location during bootstrapping. For example, ensure that port 22 is not exposed to the public internet until at least the default login password is changed to a secure value.
Resources
If users have any questions or comments about this advisory: * Reach out to the SUSE Rancher Security team for security related inquiries. * Open an issue in the Harvester repository. * Verify with the support matrix and product support lifecycle.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/harvester/harvester-installer"
},
"ranges": [
{
"events": [
{
"introduced": "1.6.0"
},
{
"last_affected": "1.6.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/harvester/harvester-installer"
},
"ranges": [
{
"events": [
{
"introduced": "1.5.0"
},
{
"last_affected": "1.5.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-62877"
],
"database_specific": {
"cwe_ids": [
"CWE-1188"
],
"github_reviewed": true,
"github_reviewed_at": "2026-01-05T20:25:53Z",
"nvd_published_at": "2026-01-08T13:15:41Z",
"severity": "CRITICAL"
},
"details": "### Impact\n\nProjects using the SUSE Virtualization (Harvester) environment are vulnerable to this exploit if they are using the 1.5.x or 1.6.x interactive installer to either create a new cluster or add new hosts to an existing cluster. The environment is not affected if the [PXE boot mechanism](https://docs.harvesterhci.io/v1.7/install/pxe-boot-install/) is utilized along with the [Harvester configuration](https://docs.harvesterhci. io/v1.7/install/harvester-configuration) setup.\n\nA critical vulnerability has been identified within the SUSE Virtualization interactive installer. This vulnerability allows an attacker to gain unauthorized network access to the host via a remote shell (SSH).\n\nThe SUSE Virtualization operating system includes a default administrative login credential intended solely for out-of-band cluster management tasks (for example, perform troubleshooting, device management and system recovery over serial ports). When the interactive installer is used to create or expand a cluster, the installer enables the host\u0027s networking functions before the default password is reset. This presents a window of opportunity for an attacker to exploit the default password to gain unauthorized access to the host via SSH. \n\nPlease consult the associated [MITRE ATT\u0026CK - Technique - Default Credentials](https://attack.mitre.org/techniques/T0812/) for further information about this category of attack.\n\n### Patches\n\nThis vulnerability is addressed by updating the interactive installer to allow the user to reset the OS default login password, before proceeding to other system configuration screens like the host networking screen and before network connectivity for remote access to the host is actually enabled. \n\nv1.7.0 and later include the necessary security fixes. \n\n### Workarounds\n\nFor environments that are dependent on the SUSE Virtualization 1.5 and 1.6 interactive installer, users should upgrade the clusters to SUSE Virtualization 1.7 and use the 1.7 installer to manage hosts. These versions allow users to reset the operating system\u0027s default administrative password before proceeding to other system configuration screens and before enabling network connectivity for remote host access.\n\nProjects can also perform one of the following workarounds to mitigate the risk:\n\n* If upgrading to v1.7.x is not an option, use the [PXE boot mechanism](https://docs.harvesterhci.io/v1.7/install/pxe-boot-install/) along with a configuration file to define a secure password. \n* Apply network security controls to limit access to the server from any untrusted location during bootstrapping. For example, ensure that port 22 is not exposed to the public internet until at least the default login password is changed to a secure value.\n\n### Resources\n\nIf users have any questions or comments about this advisory: \n* Reach out to the [SUSE Rancher Security team](https://github.com/harvester/harvester/security/policy) for security related inquiries.\n* Open an issue in the [Harvester](https://github.com/harvester/harvester/issues/new/choose) repository.\n* Verify with the [support matrix](https://www.suse.com/suse-harvester/support-matrix/all-supported-versions/harvester-v1-6-x/) and [product support lifecycle](https://www.suse.com/lifecycle/#suse-virtualization).",
"id": "GHSA-6g8q-hp2j-gvwv",
"modified": "2026-01-08T21:18:48Z",
"published": "2026-01-05T20:25:53Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/harvester/harvester/security/advisories/GHSA-6g8q-hp2j-gvwv"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62877"
},
{
"type": "WEB",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-62877"
},
{
"type": "PACKAGE",
"url": "https://github.com/harvester/harvester"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Harvest May Expose OS Default SSH Login Password Via SUSE Virtualization Interactive Installer"
}
GHSA-6HP8-P722-7744
Vulnerability from github – Published: 2022-12-13 18:30 – Updated: 2022-12-15 06:30In applyKeyguardFlags of NotificationShadeWindowControllerImpl.java, there is a possible way to observe the user's password on a secondary display due to an insecure default value. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-179725730
{
"affected": [],
"aliases": [
"CVE-2022-20466"
],
"database_specific": {
"cwe_ids": [
"CWE-1188"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-12-13T16:15:00Z",
"severity": "MODERATE"
},
"details": "In applyKeyguardFlags of NotificationShadeWindowControllerImpl.java, there is a possible way to observe the user\u0027s password on a secondary display due to an insecure default value. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-179725730",
"id": "GHSA-6hp8-p722-7744",
"modified": "2022-12-15T06:30:30Z",
"published": "2022-12-13T18:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-20466"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2022-12-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-6Q6W-QW52-9Q3J
Vulnerability from github – Published: 2026-06-17 18:35 – Updated: 2026-06-17 18:35In Splunk AI Toolkit versions below 5.7.4, a low-privileged user that does not hold the "admin" or "power" Splunk roles could cause the Splunk AI Toolkit to make outbound requests over HTTP to a server that an attacker controls, which could allow for data exfiltration.
The vulnerability exists because of an insecure default domain allowlist in the Splunk AI Toolkit, which does not restrict outbound AI agent requests to approved external domains.
{
"affected": [],
"aliases": [
"CVE-2026-20265"
],
"database_specific": {
"cwe_ids": [
"CWE-1188"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-17T18:17:40Z",
"severity": "MODERATE"
},
"details": "In Splunk AI Toolkit versions below 5.7.4, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could cause the Splunk AI Toolkit to make outbound requests over HTTP to a server that an attacker controls, which could allow for data exfiltration. \n\nThe vulnerability exists because of an insecure default domain allowlist in the Splunk AI Toolkit, which does not restrict outbound AI agent requests to approved external domains.",
"id": "GHSA-6q6w-qw52-9q3j",
"modified": "2026-06-17T18:35:57Z",
"published": "2026-06-17T18:35:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20265"
},
{
"type": "WEB",
"url": "https://advisory.splunk.com/advisories/SVD-2026-0613"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-6RMH-7XCM-CPXJ
Vulnerability from github – Published: 2026-05-11 13:56 – Updated: 2026-05-11 13:56Summary
PraisonAI ships a legacy Flask API server with authentication disabled by default. When that server is used, any caller that can reach it can access /agents and trigger the configured agents.yaml workflow through /chat without providing a token.
Details
The vulnerable server is the shipped src/praisonai/api_server.py entrypoint.
AUTH_ENABLED = FalseandAUTH_TOKEN = Noneare hard-coded at [src/praisonai/api_server.py](https://github.com/Users/shmulc/Stuff/tmp/first-cve/scans/variant-hunt/PraisonAI/src/praisonai/api_server.py:15).check_auth()returnsTruewhenever authentication is disabled, so both protected routes fail open by design at [src/praisonai/api_server.py](https://github.com/Users/shmulc/Stuff/tmp/first-cve/scans/variant-hunt/PraisonAI/src/praisonai/api_server.py:18).POST /chatonly checks that the request JSON contains amessagekey and then runsPraisonAI(agent_file="agents.yaml").run()at [src/praisonai/api_server.py](https://github.com/Users/shmulc/Stuff/tmp/first-cve/scans/variant-hunt/PraisonAI/src/praisonai/api_server.py:31).GET /agentsis guarded by the same no-op authentication check and returns agent metadata at [src/praisonai/api_server.py](https://github.com/Users/shmulc/Stuff/tmp/first-cve/scans/variant-hunt/PraisonAI/src/praisonai/api_server.py:55).- When launched directly, the same script binds to
0.0.0.0:8080at src/praisonai/api_server.py.
The deploy subsystem keeps the same insecure authentication default:
APIConfigdefaultsauth_enabledtoFalsein [src/praisonai/praisonai/deploy/models.py](https://github.com/Users/shmulc/Stuff/tmp/first-cve/scans/variant-hunt/PraisonAI/src/praisonai/praisonai/deploy/models.py:23).- The generated sample API deployment YAML recommends
host: 0.0.0.0together withauth_enabled: falsein [src/praisonai/praisonai/deploy/schema.py](https://github.com/Users/shmulc/Stuff/tmp/first-cve/scans/variant-hunt/PraisonAI/src/praisonai/praisonai/deploy/schema.py:108).
For scope clarity: the newer serve agents command is safer by default, because it binds to 127.0.0.1 and supports --api-key in [src/praisonai/praisonai/cli/commands/serve.py](https://github.com/Users/shmulc/Stuff/tmp/first-cve/scans/variant-hunt/PraisonAI/src/praisonai/praisonai/cli/commands/serve.py:155). This report is about the shipped legacy API server and the generated/sample API deployment path above.
Version scope:
v2.5.6already ships the samesrc/praisonai/api_server.pyimplementation.- The current PyPI release on May 1, 2026 is
4.6.33, and it still ships the same unauthenticated server logic.
PoC
The following route-level reproduction was verified locally and proves that the shipped api_server.py exposes /agents and /chat without authentication.
- From the repository root, create a throwaway environment with the server's direct Flask dependencies:
python3 -m venv /tmp/praisonai-ghsa-venv
/tmp/praisonai-ghsa-venv/bin/pip install flask flask-cors
- Execute the shipped
src/praisonai/api_server.pyunder a minimal stub forpraisonai.PraisonAIso only the server auth logic is exercised:
/tmp/praisonai-ghsa-venv/bin/python - <<'PY'
import importlib.util
import pathlib
import sys
import types
stub = types.ModuleType("praisonai")
class DummyPraisonAI:
def __init__(self, agent_file="agents.yaml"):
self.agent_file = agent_file
def run(self):
return {"ran": True, "agent_file": self.agent_file}
stub.PraisonAI = DummyPraisonAI
sys.modules["praisonai"] = stub
path = pathlib.Path("src/praisonai/api_server.py").resolve()
spec = importlib.util.spec_from_file_location("api_server_local", path)
mod = importlib.util.module_from_spec(spec)
spec.loader.exec_module(mod)
client = mod.app.test_client()
print(client.get("/agents").status_code, client.get("/agents").get_data(as_text=True))
print(client.post("/chat", json={"message": "hello"}).status_code, client.post("/chat", json={"message": "hello"}).get_data(as_text=True))
PY
- Observed result:
200 {"agent_file":"agents.yaml","agents":["default"]}
200 {"response":{"agent_file":"agents.yaml","ran":true},"status":"success"}
Both endpoints succeed without any Authorization header.
Impact
Any reachable caller can invoke the legacy API server's protected functionality without a token.
At minimum, this allows:
- unauthenticated enumeration of the configured agent file through
/agents - unauthenticated triggering of the locally configured
agents.yamlworkflow through/chat - repeated consumption of model/API quota and any other side effects performed by that workflow
- exposure of whatever result
PraisonAI.run()returns to the unauthenticated caller
This is not the same as arbitrary prompt injection by itself, because the current /chat handler ignores the submitted message value and simply runs the configured workflow. The impact therefore depends on what the operator's agents.yaml is allowed to do, but the authentication bypass is unconditional in the shipped legacy server.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 4.6.33"
},
"package": {
"ecosystem": "PyPI",
"name": "PraisonAI"
},
"ranges": [
{
"events": [
{
"introduced": "2.5.6"
},
{
"fixed": "4.6.34"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-44338"
],
"database_specific": {
"cwe_ids": [
"CWE-1188",
"CWE-306",
"CWE-668"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-11T13:56:16Z",
"nvd_published_at": "2026-05-08T14:16:46Z",
"severity": "HIGH"
},
"details": "### Summary\nPraisonAI ships a legacy Flask API server with authentication disabled by default. When that server is used, any caller that can reach it can access `/agents` and trigger the configured `agents.yaml` workflow through `/chat` without providing a token.\n\n### Details\nThe vulnerable server is the shipped `src/praisonai/api_server.py` entrypoint.\n\n- `AUTH_ENABLED = False` and `AUTH_TOKEN = None` are hard-coded at [[src/praisonai/api_server.py](https://github.com/Users/shmulc/Stuff/tmp/first-cve/scans/variant-hunt/PraisonAI/src/praisonai/api_server.py:15)](/Users/shmulc/Stuff/tmp/first-cve/scans/variant-hunt/PraisonAI/src/praisonai/api_server.py:15).\n- `check_auth()` returns `True` whenever authentication is disabled, so both protected routes fail open by design at [[src/praisonai/api_server.py](https://github.com/Users/shmulc/Stuff/tmp/first-cve/scans/variant-hunt/PraisonAI/src/praisonai/api_server.py:18)](/Users/shmulc/Stuff/tmp/first-cve/scans/variant-hunt/PraisonAI/src/praisonai/api_server.py:18).\n- `POST /chat` only checks that the request JSON contains a `message` key and then runs `PraisonAI(agent_file=\"agents.yaml\").run()` at [[src/praisonai/api_server.py](https://github.com/Users/shmulc/Stuff/tmp/first-cve/scans/variant-hunt/PraisonAI/src/praisonai/api_server.py:31)](/Users/shmulc/Stuff/tmp/first-cve/scans/variant-hunt/PraisonAI/src/praisonai/api_server.py:31).\n- `GET /agents` is guarded by the same no-op authentication check and returns agent metadata at [[src/praisonai/api_server.py](https://github.com/Users/shmulc/Stuff/tmp/first-cve/scans/variant-hunt/PraisonAI/src/praisonai/api_server.py:55)](/Users/shmulc/Stuff/tmp/first-cve/scans/variant-hunt/PraisonAI/[src/praisonai/api_server.py](https://github.com/Users/shmulc/Stuff/tmp/first-cve/scans/variant-hunt/PraisonAI/src/praisonai/api_server.py:66):55).\n- When launched directly, the same script binds to `0.0.0.0:8080` at [src/praisonai/api_server.py](/Users/shmulc/Stuff/tmp/first-cve/scans/variant-hunt/PraisonAI/src/praisonai/api_server.py:66).\n\nThe deploy subsystem keeps the same insecure authentication default:\n\n- `APIConfig` defaults `auth_enabled` to `False` in [[src/praisonai/praisonai/deploy/models.py](https://github.com/Users/shmulc/Stuff/tmp/first-cve/scans/variant-hunt/PraisonAI/src/praisonai/praisonai/deploy/models.py:23)](/Users/shmulc/Stuff/tmp/first-cve/scans/variant-hunt/PraisonAI/src/praisonai/praisonai/deploy/models.py:23).\n- The generated sample API deployment YAML recommends `host: 0.0.0.0` together with `auth_enabled: false` in [[src/praisonai/praisonai/deploy/schema.py](https://github.com/Users/shmulc/Stuff/tmp/first-cve/scans/variant-hunt/PraisonAI/src/praisonai/praisonai/deploy/schema.py:108)](/Users/shmulc/Stuff/tmp/first-cve/scans/variant-hunt/PraisonAI/src/praisonai/praisonai/deploy/schema.py:108).\n\nFor scope clarity: the newer `serve agents` command is safer by default, because it binds to `127.0.0.1` and supports `--api-key` in [[src/praisonai/praisonai/cli/commands/serve.py](https://github.com/Users/shmulc/Stuff/tmp/first-cve/scans/variant-hunt/PraisonAI/src/praisonai/praisonai/cli/commands/serve.py:155)](/Users/shmulc/Stuff/tmp/first-cve/scans/variant-hunt/PraisonAI/src/praisonai/praisonai/cli/commands/serve.py:155). This report is about the shipped legacy API server and the generated/sample API deployment path above.\n\nVersion scope:\n\n- `v2.5.6` already ships the same `src/praisonai/api_server.py` implementation.\n- The current PyPI release on May 1, 2026 is `4.6.33`, and it still ships the same unauthenticated server logic.\n\n### PoC\nThe following route-level reproduction was verified locally and proves that the shipped `api_server.py` exposes `/agents` and `/chat` without authentication.\n\n1. From the repository root, create a throwaway environment with the server\u0027s direct Flask dependencies:\n\n```bash\npython3 -m venv /tmp/praisonai-ghsa-venv\n/tmp/praisonai-ghsa-venv/bin/pip install flask flask-cors\n```\n\n2. Execute the shipped `src/praisonai/api_server.py` under a minimal stub for `praisonai.PraisonAI` so only the server auth logic is exercised:\n\n```bash\n/tmp/praisonai-ghsa-venv/bin/python - \u003c\u003c\u0027PY\u0027\nimport importlib.util\nimport pathlib\nimport sys\nimport types\n\nstub = types.ModuleType(\"praisonai\")\n\nclass DummyPraisonAI:\n def __init__(self, agent_file=\"agents.yaml\"):\n self.agent_file = agent_file\n def run(self):\n return {\"ran\": True, \"agent_file\": self.agent_file}\n\nstub.PraisonAI = DummyPraisonAI\nsys.modules[\"praisonai\"] = stub\n\npath = pathlib.Path(\"src/praisonai/api_server.py\").resolve()\nspec = importlib.util.spec_from_file_location(\"api_server_local\", path)\nmod = importlib.util.module_from_spec(spec)\nspec.loader.exec_module(mod)\n\nclient = mod.app.test_client()\nprint(client.get(\"/agents\").status_code, client.get(\"/agents\").get_data(as_text=True))\nprint(client.post(\"/chat\", json={\"message\": \"hello\"}).status_code, client.post(\"/chat\", json={\"message\": \"hello\"}).get_data(as_text=True))\nPY\n```\n\n3. Observed result:\n\n```text\n200 {\"agent_file\":\"agents.yaml\",\"agents\":[\"default\"]}\n200 {\"response\":{\"agent_file\":\"agents.yaml\",\"ran\":true},\"status\":\"success\"}\n```\n\nBoth endpoints succeed without any `Authorization` header.\n\n### Impact\nAny reachable caller can invoke the legacy API server\u0027s protected functionality without a token.\n\nAt minimum, this allows:\n\n- unauthenticated enumeration of the configured agent file through `/agents`\n- unauthenticated triggering of the locally configured `agents.yaml` workflow through `/chat`\n- repeated consumption of model/API quota and any other side effects performed by that workflow\n- exposure of whatever result `PraisonAI.run()` returns to the unauthenticated caller\n\nThis is not the same as arbitrary prompt injection by itself, because the current `/chat` handler ignores the submitted `message` value and simply runs the configured workflow. The impact therefore depends on what the operator\u0027s `agents.yaml` is allowed to do, but the authentication bypass is unconditional in the shipped legacy server.",
"id": "GHSA-6rmh-7xcm-cpxj",
"modified": "2026-05-11T13:56:16Z",
"published": "2026-05-11T13:56:16Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-6rmh-7xcm-cpxj"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44338"
},
{
"type": "PACKAGE",
"url": "https://github.com/MervinPraison/PraisonAI"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
],
"summary": "PraisonAI ships and generates a legacy API server with authentication disabled by default, allowing unauthenticated workflow execution"
}
GHSA-6WX9-JH9R-C86M
Vulnerability from github – Published: 2022-05-13 01:21 – Updated: 2022-05-13 01:21In refresh of DevelopmentTiles.java, there is the possibility of leaving development settings accessible due to an insecure default value. This could lead to unwanted access to development settings, with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-117770924.
{
"affected": [],
"aliases": [
"CVE-2019-1994"
],
"database_specific": {
"cwe_ids": [
"CWE-1188"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-02-28T17:29:00Z",
"severity": "HIGH"
},
"details": "In refresh of DevelopmentTiles.java, there is the possibility of leaving development settings accessible due to an insecure default value. This could lead to unwanted access to development settings, with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-117770924.",
"id": "GHSA-6wx9-jh9r-c86m",
"modified": "2022-05-13T01:21:59Z",
"published": "2022-05-13T01:21:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1994"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2019-02-01"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/106946"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-738Q-MC72-2Q22
Vulnerability from github – Published: 2023-10-10 21:31 – Updated: 2023-10-18 16:20In the mtproto_proxy (aka MTProto proxy) component through 0.7.2 for Erlang, a low-privileged remote attacker can access an improperly secured default installation without authenticating and achieve remote command execution ability.
{
"affected": [
{
"package": {
"ecosystem": "Hex",
"name": "mtproto_proxy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.7.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-45312"
],
"database_specific": {
"cwe_ids": [
"CWE-1188",
"CWE-94"
],
"github_reviewed": true,
"github_reviewed_at": "2023-10-10T22:28:03Z",
"nvd_published_at": "2023-10-10T21:15:09Z",
"severity": "HIGH"
},
"details": "In the mtproto_proxy (aka MTProto proxy) component through 0.7.2 for Erlang, a low-privileged remote attacker can access an improperly secured default installation without authenticating and achieve remote command execution ability.",
"id": "GHSA-738q-mc72-2q22",
"modified": "2023-10-18T16:20:10Z",
"published": "2023-10-10T21:31:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45312"
},
{
"type": "PACKAGE",
"url": "https://github.com/seriyps/mtproto_proxy"
},
{
"type": "WEB",
"url": "https://medium.com/@_sadshade/almost-2000-telegram-proxy-servers-are-potentially-vulnerable-to-rce-since-2018-742a455be16b"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "MTProto proxy remote code execution vulnerability"
}
GHSA-73P7-57GM-896G
Vulnerability from github – Published: 2026-02-07 09:32 – Updated: 2026-04-08 18:34The Advanced Country Blocker plugin for WordPress is vulnerable to Authorization Bypass in all versions up to, and including, 2.3.1 due to the use of a predictable default value for the secret bypass key created during installation without requiring users to change it. This makes it possible for unauthenticated attackers to bypass the geolocation blocking mechanism by appending the key to any URL on sites where the administrator has not changed the default value.
{
"affected": [],
"aliases": [
"CVE-2026-1675"
],
"database_specific": {
"cwe_ids": [
"CWE-1188"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-07T09:16:01Z",
"severity": "MODERATE"
},
"details": "The Advanced Country Blocker plugin for WordPress is vulnerable to Authorization Bypass in all versions up to, and including, 2.3.1 due to the use of a predictable default value for the secret bypass key created during installation without requiring users to change it. This makes it possible for unauthenticated attackers to bypass the geolocation blocking mechanism by appending the key to any URL on sites where the administrator has not changed the default value.",
"id": "GHSA-73p7-57gm-896g",
"modified": "2026-04-08T18:34:02Z",
"published": "2026-02-07T09:32:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1675"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/advanced-country-blocker/tags/2.3.1/advanced-country-blocking.php#L278"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/advanced-country-blocker/tags/2.3.1/advanced-country-blocking.php#L336"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/advanced-country-blocker/tags/2.3.1/advanced-country-blocking.php#L420"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/changeset/3455225"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/30747988-83f9-41f9-9bc5-1f533bc4cb94?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-74RW-HCH5-4P5V
Vulnerability from github – Published: 2025-12-08 18:30 – Updated: 2025-12-08 21:30In DefaultTransitionHandler.java, there is a possible way to enable a tapjacking attack due to a insecure default. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
{
"affected": [],
"aliases": [
"CVE-2025-48621"
],
"database_specific": {
"cwe_ids": [
"CWE-1188"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-08T17:16:18Z",
"severity": "HIGH"
},
"details": "In DefaultTransitionHandler.java, there is a possible way to enable a tapjacking attack due to a insecure default. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.",
"id": "GHSA-74rw-hch5-4p5v",
"modified": "2025-12-08T21:30:21Z",
"published": "2025-12-08T18:30:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48621"
},
{
"type": "WEB",
"url": "https://android.googlesource.com/platform/frameworks/base/+/6d1697c96c5cae5062f6aea58cf2665b7d646cb8"
},
{
"type": "WEB",
"url": "https://android.googlesource.com/platform/frameworks/native/+/cc34c7b416b964c05a42ae3e9c2929b59b92c64f"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2025-12-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7683-VM2J-M4CC
Vulnerability from github – Published: 2024-12-26 09:30 – Updated: 2024-12-26 09:30shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.
{
"affected": [],
"aliases": [
"CVE-2024-56433"
],
"database_specific": {
"cwe_ids": [
"CWE-1188"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-26T09:15:07Z",
"severity": "LOW"
},
"details": "shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.",
"id": "GHSA-7683-vm2j-m4cc",
"modified": "2024-12-26T09:30:46Z",
"published": "2024-12-26T09:30:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56433"
},
{
"type": "WEB",
"url": "https://github.com/shadow-maint/shadow/issues/1157"
},
{
"type": "WEB",
"url": "https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241"
},
{
"type": "WEB",
"url": "https://github.com/shadow-maint/shadow/releases/tag/4.4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
CAPEC-665: Exploitation of Thunderbolt Protection Flaws
An adversary leverages a firmware weakness within the Thunderbolt protocol, on a computing device to manipulate Thunderbolt controller firmware in order to exploit vulnerabilities in the implementation of authorization and verification schemes within Thunderbolt protection mechanisms. Upon gaining physical access to a target device, the adversary conducts high-level firmware manipulation of the victim Thunderbolt controller SPI (Serial Peripheral Interface) flash, through the use of a SPI Programing device and an external Thunderbolt device, typically as the target device is booting up. If successful, this allows the adversary to modify memory, subvert authentication mechanisms, spoof identities and content, and extract data and memory from the target device. Currently 7 major vulnerabilities exist within Thunderbolt protocol with 9 attack vectors as noted in the Execution Flow.