Résumé
Crawl4AI: Unauthenticated RCE via Chromium launch-argument injection in browser_config.extra_args
Références
Vulnérabilités liées
Tout Supply chain →- HIGHGHSA-7QW2-W5RC-37X2
PraisonAI recipe workflow policy can be bypassed by declaring and YAML-approving dangerous tools outside TEMPLATE.yaml
- CRITICALGHSA-P69M-4F92-2V84
PraisonAI: Remote Code Execution via Sandbox Escape in `codeMode` Tool
- CRITICALGHSA-FQ2M-6WQH-X44G
PraisonAI: Jobs API exposes agent-execution endpoints with no authentication
- CRITICALGHSA-365W-HQF6-VXFG
Crawl4AI: Multiple Docker API Vulnerabilities - File Write, SSRF, Auth Bypass, XSS, JS Execution
- CRITICALGHSA-QXJP-W3PJ-48M7
Crawl4AI: AST Sandbox Escape via gi_frame.f_back Chain - Pre-Auth RCE in Docker API
- CRITICALGHSA-V5FF-9Q35-Q26F
Langflow: Unauthenticated RCE in Shareable Playgrounds