25 matches found
EUVD-2025-14753
Malicious code in bioql PyPI...
EUVD-2024-17604
Malicious code in bioql PyPI...
CVE-2025-31491
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to 0.6.1, AutoGPT allows of leakage of cross-domain cookies and protected headers in requests redirect. AutoGPT uses a wrapper around the requests...
CVE-2025-31490
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to 0.6.1, AutoGPT allows SSRF due to DNS Rebinding in requests wrapper. AutoGPT is built with a wrapper around Python's requests library, hardenin...
CVE-2025-31491
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to 0.6.1, AutoGPT allows of leakage of cross-domain cookies and protected headers in requests redirect. AutoGPT uses a wrapper around the requests...
CVE-2025-31494
AutoGPT CVE-2025-31494 affects the WebSocket API where node execution updates are published per graph_id+graph_version. A missing permission check allowed subscribers within the same instance to receive another user�s graph execution updates, exposing potentially sensitive data. The issue does no...
CVE-2025-31491 AutoGPT allows leakage of cross-domain cookies and protected headers in requests redirect
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to 0.6.1, AutoGPT allows of leakage of cross-domain cookies and protected headers in requests redirect. AutoGPT uses a wrapper around the requests...
CVE-2025-31491 AutoGPT allows leakage of cross-domain cookies and protected headers in requests redirect
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to 0.6.1, AutoGPT allows of leakage of cross-domain cookies and protected headers in requests redirect. AutoGPT uses a wrapper around the requests...
CVE-2025-31491
CVE-2025-31491 affects AutoGPT prior to version 0.6.1. A custom requests wrapper does not follow redirects safely: the initial request is not redirected, but the wrapper re-issues the request to the new location. Crucially, this re-request path does not account for security-sensitive headers and ...
CVE-2025-31490 AutoGPT allows SSRF due to DNS Rebinding in requests wrapper
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to 0.6.1, AutoGPT allows SSRF due to DNS Rebinding in requests wrapper. AutoGPT is built with a wrapper around Python's requests library, hardenin...
AutoGPT 信息泄露漏洞
AutoGPT is a tool from AutoGPT Open Source. Used to enable everyone to use and build accessible AI. An information disclosure vulnerability exists in versions of AutoGPT prior to 0.6.1 that stems from the presence of cross-domain cookies and protected header disclosure in request redirects...
CVE-2025-1040
AutoGPT versions 0.3.4 and earlier are vulnerable to a Server-Side Template Injection SSTI that could lead to Remote Code Execution RCE. The vulnerability arises from the improper handling of user-supplied format strings in the AgentOutputBlock implementation, where malicious input is passed to t...
CVE-2025-1040 Server-Side Template Injection (SSTI) in significant-gravitas/autogpt
AutoGPT versions 0.3.4 and earlier are vulnerable to a Server-Side Template Injection SSTI that could lead to Remote Code Execution RCE. The vulnerability arises from the improper handling of user-supplied format strings in the AgentOutputBlock implementation, where malicious input is passed to t...
CVE-2025-1040
CVE-2025-1040 : AutoGPT versions 0.3.4 and earlier are vulnerable to a Server-Side Template Injection (SSTI) that can lead to Remote Code Execution (RCE). The root cause is improper handling of user-supplied format strings in the AgentOutputBlock, where input is passed to the Jinja2 templating en...
CVE-2025-22603 AutoGPT SSRF vulnerability
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Versions prior to autogpt-platform-beta-v0.4.2 contains a server-side request forgery SSRF vulnerability inside component or block Send Web Request. The...
CVE-2025-22603 AutoGPT SSRF vulnerability
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Versions prior to autogpt-platform-beta-v0.4.2 contains a server-side request forgery SSRF vulnerability inside component or block Send Web Request. The...
CVE-2025-22603
CVE-2025-22603 affects AutoGPT platform prior to autogpt-platform-beta-v0.4.2. The vulnerability is in the Send Web Request component where IPv6 addresses are not restricted or filtered, enabling a server-side request forgery (SSRF) to visit an IPv6 service. The issue is addressed in autogpt-plat...
AutoGPT 代码问题漏洞
AutoGPT is a tool from AutoGPT Open Source. Used to enable everyone to use and build accessible AI. A code issue vulnerability exists in versions prior to AutoGPT autogpt-platform-beta-v0.4.2, which stems from a Send Web Request component that could lead to server-side request forgery...
CVE-2024-1879
A Cross-Site Request Forgery CSRF vulnerability in significant-gravitas/autogpt version v0.5.0 allows attackers to execute arbitrary commands on the AutoGPT server. The vulnerability stems from the lack of protections on the API endpoint receiving instructions, enabling an attacker to direct a us...
CVE-2024-1881
AutoGPT, a component of significant-gravitas/autogpt, is vulnerable to an improper neutralization of special elements used in an OS command 'OS Command Injection' due to a flaw in its shell command validation function. Specifically, the vulnerability exists in versions v0.5.0 up to but not...