Lucene search
K

174 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-5038

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.0048EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-6907

Malicious code in bioql PyPI...

9.8CVSS7.4AI score0.00273EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-6894

Malicious code in bioql PyPI...

8.8CVSS7.6AI score0.00922EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/05/23 6:22 a.m.14 views

CVE-2024-48050

In agentscope =v0.0.4, the file agentscope\web\workstation\workflowutils.py has the function iscallableexpression. Within this function, the line result = evals poses a security risk as it can directly execute user-provided commands...

9.8CVSS7.1AI score0.00788EPSS
Exploits1References1
Veracode
Veracode
added 2025/03/27 8:50 a.m.4 views

Remote Code Execution (RCE)

agentscope is vulnerable to Remote code execution RCE. The vulnerability is due to improper handling of serialized input, which is deserialized using dill.loads without validation, allowing execution of arbitrary commands...

9.8CVSS7.8AI score0.01631EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2025/03/27 5:23 a.m.13 views

Origin Validation Error

AgentScope is vulnerable to Origin Validation Error. The vulnerability is due to improper access control due to the server not properly restricting access to trusted origins, allowing any external domain to make API requests, leading to unauthorized data access and potential exploitation...

9.8CVSS7AI score0.00273EPSS
Exploits1References3Affected Software1
Veracode
Veracode
added 2025/03/27 2:44 a.m.5 views

Directory Traversal

agentscope is vulnerable to Directory Traversal. The vulnerability is due to improper validation of user-supplied file paths in the /read-examples endpoint, allowing attackers to traverse directories and access arbitrary JSON files...

7.5CVSS7.1AI score0.01211EPSS
Exploits1References4Affected Software1
Veracode
Veracode
added 2025/03/26 12:40 a.m.8 views

Path Traversal

agentscope is vulnerable to Path traversal. The vulnerability is due to improper input validation in the /delete-workflow endpoint, allowing an attacker to delete arbitrary files outside the intended directory...

9.1CVSS7.1AI score0.00953EPSS
Exploits1References6Affected Software1
RedhatCVE
RedhatCVE
added 2025/03/22 12:44 p.m.29 views

CVE-2024-8556

A stored cross-site scripting XSS vulnerability exists in modelscope/agentscope, as of the latest commit 21161fe on the main branch. The vulnerability occurs in the view for inspecting detailed run information, where a user-controllable string run ID is appended and rendered as HTML. This allows ...

6.1CVSS5.6AI score0.00389EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/03/22 11:30 a.m.9 views

CVE-2024-8438

A path traversal vulnerability exists in modelscope/agentscope version v.0.0.4. The API endpoint /api/file does not properly sanitize the path parameter, allowing an attacker to read arbitrary files on the server...

7.5CVSS6.8AI score0.00713EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/03/22 11:29 a.m.7 views

CVE-2024-8551

A path traversal vulnerability exists in the save-workflow and load-workflow functionality of modelscope/agentscope versions prior to the fix. This vulnerability allows an attacker to read and write arbitrary JSON files on the filesystem, potentially leading to the exposure or modification of...

9.1CVSS6.5AI score0.0091EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/03/22 11:28 a.m.22 views

CVE-2024-8524

A directory traversal vulnerability exists in modelscope/agentscope version 0.0.4. An attacker can exploit this vulnerability to read any local JSON file by sending a crafted POST request to the /read-examples endpoint...

7.5CVSS6.5AI score0.01211EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/03/22 11:26 a.m.11 views

CVE-2024-8487

A Cross-Origin Resource Sharing CORS vulnerability exists in modelscope/agentscope version v0.0.4. The CORS configuration on the agentscope server does not properly restrict access to only trusted origins, allowing any external domain to make requests to the API. This can lead to unauthorized dat...

9.8CVSS6.5AI score0.00273EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/03/22 11:24 a.m.7 views

CVE-2024-8489

A vulnerability in modelscope/agentscope, specifically in the AgentScope Studio backend server, allows for Cross-Site Request Forgery CSRF due to overly permissive CORS headers. This issue affects the latest commit on the main branch 21161fe. The vulnerability permits an attacker to access all...

8.8CVSS7AI score0.00214EPSS
Exploits0References1
Snyk
Snyk
added 2025/03/20 12:32 p.m.4 views

Directory Traversal

Overview agentscope is an AgentScope: A Flexible yet Robust Multi-Agent Platform. Affected versions of this package are vulnerable to Directory Traversal through the path parameter due to improper input sanitization. An attacker can read arbitrary files on the server by manipulating the input to...

8.7CVSS7.6AI score0.00713EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2025/03/20 12:32 p.m.10 views

tashan-scispark (>=1.0.1 <=1.0.8) potentially affected by CVE-2024-8537 via agentscope (=0.1.0)

agentscope PYPI version =0.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on agentscope and may be impacted: - tashan-scispark =1.0.1, =1.0.8 Source cves: CVE-2024-8537 Source advisory: SNYK:PYTHON-AGENTSCOPE-9511367...

9.1CVSS7.2AI score0.00953EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2025/03/20 12:32 p.m.3 views

tashan-scispark (>=1.0.1 <=1.0.8) potentially affected by CVE-2024-8537 via agentscope (=0.1.0)

agentscope PYPI version =0.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on agentscope and may be impacted: - tashan-scispark =1.0.1, =1.0.8 Source cves: CVE-2024-8537 Source advisory: OSV:GHSA-C4CC-W454-4634...

9.1CVSS7.2AI score0.00953EPSS
Exploits1
Snyk
Snyk
added 2025/03/20 12:32 p.m.3 views

Directory Traversal

Overview agentscope is an AgentScope: A Flexible yet Robust Multi-Agent Platform. Affected versions of this package are vulnerable to Directory Traversal via the downloadfile method. An attacker can access sensitive information, including configuration files and credentials, by exploiting this...

8.8CVSS7.7AI score0.00922EPSS
Exploits1References2
Snyk
Snyk
added 2025/03/20 12:32 p.m.2 views

Deserialization of Untrusted Data

Overview agentscope is an AgentScope: A Flexible yet Robust Multi-Agent Platform. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the AgentServerServicer.createagent method. An attacker can execute arbitrary commands on the server by deserializing untrust...

9.8CVSS7.6AI score0.01631EPSS
Exploits0References2
Snyk
Snyk
added 2025/03/20 12:32 p.m.5 views

Relative Path Traversal

Overview agentscope is an AgentScope: A Flexible yet Robust Multi-Agent Platform. Affected versions of this package are vulnerable to Relative Path Traversal through the save-workflow functionality. An attacker can write arbitrary JSON files on the filesystem by exploiting this vulnerability. PoC...

9.1CVSS7.1AI score0.0091EPSS
Exploits1References2
Rows per page
Query Builder