Api-Exploitation

A remote, unauthenticated attacker can exploit an unpatched Server-Side Request Forgery (SSRF) vulnerability in Crawl4AI Docker API versions up to 0.8.9, specifically targeting the `/crawl/stream` endpoint, to read internal network services and cloud-metadata endpoints, potentially exposing sensitive information like IAM credentials.

A high-severity authentication bypass vulnerability in PraisonAI versions prior to 4.6.61 allows unauthenticated attackers to invoke any registered agent by setting the `PRAISONAI_CALL_AUTH=disabled` environment variable, potentially leading to arbitrary code execution or system compromise.