Monthly
OpenClaw Client exposes PKCE verifier and stored credentials through unencrypted OAuth authorization URL query strings, allowing remote attackers to disclose authentication data when users initiate OAuth flows. The vulnerability requires user interaction (target must start authorization), has a CVSS score of 5.3 (medium), and affects all versions of OpenClaw Client. No active exploitation has been publicly reported, though the ZDI designation (ZDI-CAN-29381) indicates coordinated disclosure.
PraisonAI before version 4.5.128 exposes sensitive environment variables to untrusted subprocess commands executed through its MCP (Model Context Protocol) integration, enabling credential theft and supply chain attacks when third-party tools like npx packages are invoked. An unauthenticated local attacker with user interaction can trigger MCP commands that inherit the parent process environment, gaining access to API keys, authentication tokens, and database credentials without the knowledge of developers using PraisonAI. The vulnerability is fixed in version 4.5.128.
Information disclosure in code-projects Online Library Management System 1.0 allows unauthenticated remote attackers to access sensitive data from SQL database backup files via the /sql/library.sql component, requiring user interaction (clicking a link or similar action). The vulnerability has a publicly available exploit and carries a CVSS score of 4.3 with an exploit proof-of-concept (E:P) rating, making it a low-to-moderate priority issue with confirmed public discoverability but limited real-world attack surface due to interaction requirements.
PraisonAI AgentOS prior to version 4.5.128 exposes agent metadata including names, roles, and system instruction snippets via an unauthenticated GET /api/agents endpoint accessible from any network origin due to missing authentication middleware and permissive CORS defaults. This information disclosure vulnerability allows remote attackers to enumerate agent configurations without credentials, potentially revealing sensitive operational details that could inform social engineering or reconnaissance attacks against multi-agent deployments.
Directus before 11.17.0 stores sensitive authentication and credential data in plaintext within revision records due to incomplete sanitization of revision snapshots, allowing authenticated users with database access to retrieve user tokens, 2FA secrets, external auth identifiers, and API keys from the directus_revisions table. The vulnerability affects all versions before 11.17.0 and requires low-privilege authenticated access to exploit; no public exploit code or active exploitation has been identified at time of analysis.
Information disclosure in code-projects Patient Record Management System 1.0 allows unauthenticated remote attackers to access sensitive patient data via manipulation of the SQL database backup file (/db/hcpms.sql), with publicly available exploit code and user interaction required. The vulnerability affects the SQL Database Backup File Handler component and has moderate CVSS impact (4.3) but is elevated by public exploit availability and the sensitivity of healthcare data exposure.
Arbitrary file read vulnerability in HashiCorp go-getter library versions up to 1.8.5 enables unauthenticated remote attackers to access sensitive files from the target filesystem through specially crafted git operation URLs. The vulnerability permits confidentiality breach without authentication requirements, affecting network-accessible services utilizing the library for repository cloning or fetching operations. Fixed in version 1.8.6; go-getter/v2 branch unaffected. No public exploit identified at time of analysis.
Unauthenticated information disclosure in Apache DolphinScheduler 3.1.x exposes database credentials and sensitive configuration via unsecured management endpoints. Network-accessible attackers can retrieve authentication secrets without authentication (CVSS vector PR:N), directly compromising backend infrastructure. Affects all 3.1.* releases. No public exploit identified at time of analysis. Vendor remediation available in version 3.2.0.
Code-Projects Movie Ticketing System 1.0 exposes sensitive database information through an unprotected SQL backup file at /db/moviedb.sql, allowing remote unauthenticated attackers to download and read the entire database via simple HTTP request. The vulnerability requires user interaction (UI:P per CVSS4.0) and has a publicly available exploit demonstrating the disclosure technique, though the very low CVSS score of 2.1 reflects limited confidentiality impact in typical deployments.
Unauthenticated information disclosure in PraisonAI's A2U event stream server allows remote attackers to intercept real-time AI agent activity including responses, internal reasoning chains, and tool invocation arguments. The create_a2u_routes() function exposes five endpoints (/a2u/info, /a2u/subscribe, /a2u/events/{stream_name}, /a2u/events/sub/{id}, /a2u/health) without authentication controls. Attackers subscribe via POST /a2u/subscribe to receive subscription IDs, then stream live Server-Sent Events containing sensitive agent outputs. Affects PraisonAI Python package (pkg:pip/praisonai) versions prior to 4.5.115. No public exploit identified at time of analysis.
OpenClaw Client exposes PKCE verifier and stored credentials through unencrypted OAuth authorization URL query strings, allowing remote attackers to disclose authentication data when users initiate OAuth flows. The vulnerability requires user interaction (target must start authorization), has a CVSS score of 5.3 (medium), and affects all versions of OpenClaw Client. No active exploitation has been publicly reported, though the ZDI designation (ZDI-CAN-29381) indicates coordinated disclosure.
PraisonAI before version 4.5.128 exposes sensitive environment variables to untrusted subprocess commands executed through its MCP (Model Context Protocol) integration, enabling credential theft and supply chain attacks when third-party tools like npx packages are invoked. An unauthenticated local attacker with user interaction can trigger MCP commands that inherit the parent process environment, gaining access to API keys, authentication tokens, and database credentials without the knowledge of developers using PraisonAI. The vulnerability is fixed in version 4.5.128.
Information disclosure in code-projects Online Library Management System 1.0 allows unauthenticated remote attackers to access sensitive data from SQL database backup files via the /sql/library.sql component, requiring user interaction (clicking a link or similar action). The vulnerability has a publicly available exploit and carries a CVSS score of 4.3 with an exploit proof-of-concept (E:P) rating, making it a low-to-moderate priority issue with confirmed public discoverability but limited real-world attack surface due to interaction requirements.
PraisonAI AgentOS prior to version 4.5.128 exposes agent metadata including names, roles, and system instruction snippets via an unauthenticated GET /api/agents endpoint accessible from any network origin due to missing authentication middleware and permissive CORS defaults. This information disclosure vulnerability allows remote attackers to enumerate agent configurations without credentials, potentially revealing sensitive operational details that could inform social engineering or reconnaissance attacks against multi-agent deployments.
Directus before 11.17.0 stores sensitive authentication and credential data in plaintext within revision records due to incomplete sanitization of revision snapshots, allowing authenticated users with database access to retrieve user tokens, 2FA secrets, external auth identifiers, and API keys from the directus_revisions table. The vulnerability affects all versions before 11.17.0 and requires low-privilege authenticated access to exploit; no public exploit code or active exploitation has been identified at time of analysis.
Information disclosure in code-projects Patient Record Management System 1.0 allows unauthenticated remote attackers to access sensitive patient data via manipulation of the SQL database backup file (/db/hcpms.sql), with publicly available exploit code and user interaction required. The vulnerability affects the SQL Database Backup File Handler component and has moderate CVSS impact (4.3) but is elevated by public exploit availability and the sensitivity of healthcare data exposure.
Arbitrary file read vulnerability in HashiCorp go-getter library versions up to 1.8.5 enables unauthenticated remote attackers to access sensitive files from the target filesystem through specially crafted git operation URLs. The vulnerability permits confidentiality breach without authentication requirements, affecting network-accessible services utilizing the library for repository cloning or fetching operations. Fixed in version 1.8.6; go-getter/v2 branch unaffected. No public exploit identified at time of analysis.
Unauthenticated information disclosure in Apache DolphinScheduler 3.1.x exposes database credentials and sensitive configuration via unsecured management endpoints. Network-accessible attackers can retrieve authentication secrets without authentication (CVSS vector PR:N), directly compromising backend infrastructure. Affects all 3.1.* releases. No public exploit identified at time of analysis. Vendor remediation available in version 3.2.0.
Code-Projects Movie Ticketing System 1.0 exposes sensitive database information through an unprotected SQL backup file at /db/moviedb.sql, allowing remote unauthenticated attackers to download and read the entire database via simple HTTP request. The vulnerability requires user interaction (UI:P per CVSS4.0) and has a publicly available exploit demonstrating the disclosure technique, though the very low CVSS score of 2.1 reflects limited confidentiality impact in typical deployments.
Unauthenticated information disclosure in PraisonAI's A2U event stream server allows remote attackers to intercept real-time AI agent activity including responses, internal reasoning chains, and tool invocation arguments. The create_a2u_routes() function exposes five endpoints (/a2u/info, /a2u/subscribe, /a2u/events/{stream_name}, /a2u/events/sub/{id}, /a2u/health) without authentication controls. Attackers subscribe via POST /a2u/subscribe to receive subscription IDs, then stream live Server-Sent Events containing sensitive agent outputs. Affects PraisonAI Python package (pkg:pip/praisonai) versions prior to 4.5.115. No public exploit identified at time of analysis.