Lucene search
K

24 matches found

The Hacker News
The Hacker News
added 2026/07/07 4:37 p.m.25 views

Rogue Agent Flaw Could Have Let Attackers Hijack Google Dialogflow CX Chatbots

A critical flaw in Google's Dialogflow CX could have let an attacker with edit rights on one Code Block-enabled agent compromise other Code Block-enabled agents in the same Google Cloud project. From there, they could read live conversations, steal the data users shared, and make the bots send...

6.7AI score
Exploits0
Wiz blog
Wiz blog
added 2026/06/17 2:33 p.m.16 views

The Red Agent POV: How it Reasoned its Way to SSRF

Part 1: How the Red Agent uncovered a multi-step attack chain allowing SSRF-to-Local-File-Read on a GCP Cloud Run API...

5.2AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:14 p.m.11 views

CVE-2026-4810

A Code Injection and Missing Authentication vulnerability in Google Agent Development Kit ADK versions 1.7.0 and 2.0.0a1 through 1.28.1 and 2.0.0a2 on Python OSS, Cloud Run, and GKE allows an unauthenticated remote attacker to execute arbitrary code on the server hosting the ADK instance. This...

10CVSS6.2AI score0.01816EPSS
Exploits0References1
Wiz blog
Wiz blog
added 2026/05/19 1:17 p.m.28 views

Introducing Runtime Threat Detection for Google Cloud Run

Wiz Runtime Sensor support for Google Cloud Run Containers is now generally available, giving teams real-time threat detection and response for their serverless container workloads...

5.8AI score
Exploits0
OSV
OSV
added 2026/04/16 9:49 a.m.5 views

MAL-2026-2747 Malicious code in cloud-run-microservice-template (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e4c636a68869426b4befc9af7d044d9643686691165d52263cee9b1075b437f4 The package cloud-run-microservice-template was found to contain malicious code...

5.7AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/16 9:49 a.m.8 views

Malicious code in cloud-run-microservice-template (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e4c636a68869426b4befc9af7d044d9643686691165d52263cee9b1075b437f4 The package cloud-run-microservice-template was found to contain malicious code...

5.7AI score
Exploits0
EUVD
EUVD
added 2026/04/13 9:31 a.m.6 views

EUVD-2026-21900

A Code Injection and Missing Authentication vulnerability in Google Agent Development Kit ADK versions 1.7.0 and 2.0.0a1 through 1.28.1 and 2.0.0a2 on Python OSS, Cloud Run, and GKE allows an unauthenticated remote attacker to execute arbitrary code on the server hosting the ADK instance. This...

10CVSS6.3AI score0.01816EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/13 8:35 a.m.29 views

CVE-2026-4810 Remote Code Execution in Google Agent Development Kit (ADK)

A Code Injection and Missing Authentication vulnerability in Google Agent Development Kit ADK versions 1.7.0 and 2.0.0a1 through 1.28.1 and 2.0.0a2 on Python OSS, Cloud Run, and GKE allows an unauthenticated remote attacker to execute arbitrary code on the server hosting the ADK instance. This...

10CVSS0.01816EPSS
Exploits0References1
OSV
OSV
added 2026/04/10 7:22 p.m.3 views

GHSA-FVXX-GGMX-3CJG PraisonAI Vulnerable to Argument Injection into Cloud Run Environment Variables via Unsanitized Comma in gcloud --set-env-vars

Summary deploy.py constructs a single comma-delimited string for the gcloud run deploy --set-env-vars argument by directly interpolating openaimodel, openaikey, and openaibase without validating that these values do not contain commas. gcloud uses a comma as the key-value pair separator for...

8.4CVSS6AI score0.00231EPSS
Exploits1References4
EUVD
EUVD
added 2026/04/10 7:22 p.m.5 views

EUVD-2026-21156

PraisonAI Vulnerable to Argument Injection into Cloud Run Environment Variables via Unsanitized Comma in gcloud --set-env-vars...

8.4CVSS5.8AI score0.00231EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/04/10 7:22 p.m.9 views

PraisonAI Vulnerable to Argument Injection into Cloud Run Environment Variables via Unsanitized Comma in gcloud --set-env-vars

Summary deploy.py constructs a single comma-delimited string for the gcloud run deploy --set-env-vars argument by directly interpolating openaimodel, openaikey, and openaibase without validating that these values do not contain commas. gcloud uses a comma as the key-value pair separator for...

8.4CVSS6AI score0.00231EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2026/04/09 10:16 p.m.3 views

CVE-2026-40113

PraisonAI is a multi-agent teams system. Prior to 4.5.128, deploy.py constructs a single comma-delimited string for the gcloud run deploy --set-env-vars argument by directly interpolating openaimodel, openaikey, and openaibase without validating that these values do not contain commas. gcloud use...

8.4CVSS0.00231EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/09 9:17 p.m.2 views

CVE-2026-40113 PraisonAI has an Argument Injection into Cloud Run Environment Variables via Unsanitized Comma in gcloud --set-env-vars

PraisonAI is a multi-agent teams system. Prior to 4.5.128, deploy.py constructs a single comma-delimited string for the gcloud run deploy --set-env-vars argument by directly interpolating openaimodel, openaikey, and openaibase without validating that these values do not contain commas. gcloud use...

8.4CVSS5.9AI score0.00231EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/09 9:17 p.m.5 views

CVE-2026-40113

PraisonAI is a multi-agent teams system. Prior to 4.5.128, deploy.py constructs a single comma-delimited string for the gcloud run deploy --set-env-vars argument by directly interpolating openaimodel, openaikey, and openaibase without validating that these values do not contain commas. gcloud use...

8.4CVSS6AI score0.00231EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/04/09 9:17 p.m.18 views

CVE-2026-40113 PraisonAI has an Argument Injection into Cloud Run Environment Variables via Unsanitized Comma in gcloud --set-env-vars

PraisonAI is a multi-agent teams system. Prior to 4.5.128, deploy.py constructs a single comma-delimited string for the gcloud run deploy --set-env-vars argument by directly interpolating openaimodel, openaikey, and openaibase without validating that these values do not contain commas. gcloud use...

8.4CVSS0.00231EPSS
Exploits1References1
OSV
OSV
added 2026/04/09 9:17 p.m.3 views

CVE-2026-40113 PraisonAI has an Argument Injection into Cloud Run Environment Variables via Unsanitized Comma in gcloud --set-env-vars

PraisonAI is a multi-agent teams system. Prior to 4.5.128, deploy.py constructs a single comma-delimited string for the gcloud run deploy --set-env-vars argument by directly interpolating openaimodel, openaikey, and openaibase without validating that these values do not contain commas. gcloud use...

8.4CVSS6.1AI score0.00231EPSS
Exploits1References3
CVE
CVE
added 2026/04/09 9:17 p.m.13 views

CVE-2026-40113

PraxionAI’s CVE-2026-40113 affects PraisonAI before version 4.5.128. The flaw arises in deploy.py, which builds a single comma-delimited string for gcloud run deploy --set-env-vars by directly interpolating openai_model, openai_key, and openai_base without validating for commas. Since gcloud uses...

8.4CVSS6AI score0.00231EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.5 views

PT-2026-31782

PraisonAI is a multi-agent teams system. Prior to 4.5.128, deploy.py constructs a single comma-delimited string for the gcloud run deploy --set-env-vars argument by directly interpolating openai model, openai key, and openai base without validating that these values do not contain commas. gcloud...

8.4CVSS6AI score0.00231EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.9 views

PraisonAI 参数注入漏洞

PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI prior to 4.5.128 contained a parameter injection vulnerability. This vulnerability stemmed from the deploy.py script, which did not validate the values containing commas when constructin...

8.4CVSS5.9AI score0.00231EPSS
Exploits1References1
The Hacker News
The Hacker News
added 2025/04/02 1:48 p.m.23 views

Google Fixed Cloud Run Vulnerability Allowing Unauthorized Image Access via IAM Misuse

Cybersecurity researchers have disclosed details of a now-patched privilege escalation vulnerability in Google Cloud Platform GCP Cloud Run that could have allowed a malicious actor to access container images and even inject malicious code. "The vulnerability could have allowed such an identity t...

7.5AI score
Exploits0
Rows per page
Query Builder