PraisonAI: Webhook signature verification skipped (fail-open) when secret unset

MCP Atlassian has SSRF via unvalidated X-Atlassian-Jira-Url

TaskWeaver has Protection Mechanism Failure and Server-Side Request Forgery

OpenClaw: Lower-trust background runtime output is injected into trusted

npm PraisonAI AgentOS exposes unauthenticated agent listing and invocation

DeepSeek TUI has SSRF via HTTP Redirect Bypass in fetch

PraisonAI: Unauthenticated Information Disclosure of Agent Instructions via /api/agents in

Cursor is a code editor built for programming with AI

SearXNG MCP Server: DNS-resolved Private Hostname SSRF in `web

npm PraisonAI SandboxExecutor network-isolated mode does not block non

PraisonAI: Compute-bridged file tools allow shell command injection

Pi Agent: Potential XSS in HTML session exports via Markdown

PraisonAI vulnerable to unauthenticated arbitrary file read via MCP workflow.show

PraisonAI vulnerable to sandbox escape via `print.__self__` builtins module leak

PraisonAI ships and generates a legacy API server with authentication

wireshark-mcp vulnerable to arbitrary file write via export_objects

PPTAgent: Arbitrary Code Execution via Python eval() of LLM-Generated

OpenClaw's gateway config mutation guard allowed unsafe model-driven

OpenClaw: Webchat audio embedding could read local files without local

OpenClaw: Agent gateway config mutations could change protected operator settings