Lucene search
+L

82 matches found

NVD
NVD
added 2026/07/08 8:16 p.m.7 views

CVE-2026-59807

Composio SDK before 0.2.32-beta.283 contains a path validation bypass vulnerability that allows attackers to read and exfiltrate sensitive files by exploiting a missing assertSafeFileUploadPath check in the readFileFromDisk function within tool-file-uploads.ts. Attackers can exploit prompt...

8.9CVSS0.00289EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/07/08 7:43 p.m.35 views

CVE-2026-59807 Composio SDK < 0.2.32-beta.283 - Sensitive File Upload via tool-file-uploads.ts

Composio SDK before 0.2.32-beta.283 contains a path validation bypass vulnerability that allows attackers to read and exfiltrate sensitive files by exploiting a missing assertSafeFileUploadPath check in the readFileFromDisk function within tool-file-uploads.ts. Attackers can exploit prompt...

8.9CVSS0.00289EPSS
Exploits0References5
CVE
CVE
added 2026/07/08 7:43 p.m.9 views

CVE-2026-59807

CVE-2026-59807 affects Composio SDK prior to 0.2.32-beta.283. A path validation bypass in readFileFromDisk (tool-file-uploads.ts) can enable an attacker to read and exfiltrate sensitive files by manipulating file_uploadable parameters via prompt injection, referencing sensitive paths such as SSH ...

8.9CVSS6AI score0.00289EPSS
Exploits0References5
EUVD
EUVD
added 2026/07/08 7:43 p.m.5 views

EUVD-2026-42377

Composio SDK before 0.2.32-beta.283 contains a path validation bypass vulnerability that allows attackers to read and exfiltrate sensitive files by exploiting a missing assertSafeFileUploadPath check in the readFileFromDisk function within tool-file-uploads.ts. Attackers can exploit prompt...

8.9CVSS6AI score0.00289EPSS
Exploits0References5
OSV
OSV
added 2026/07/08 7:43 p.m.3 views

CVE-2026-59807 Composio SDK < 0.2.32-beta.283 - Sensitive File Upload via tool-file-uploads.ts

Composio SDK before 0.2.32-beta.283 contains a path validation bypass vulnerability that allows attackers to read and exfiltrate sensitive files by exploiting a missing assertSafeFileUploadPath check in the readFileFromDisk function within tool-file-uploads.ts. Attackers can exploit prompt...

8.9CVSS6.1AI score0.00289EPSS
Exploits0References8
OSV
OSV
added 2026/07/07 2:34 p.m.5 views

PYSEC-2026-1268 Composio Command Execution vulnerability

composio =0.5.40 is vulnerable to Command Execution in composioopenai, composioclaude, and composiojulep via the handletoolcalls function...

6.4CVSS6AI score0.00584EPSS
Exploits1References10
vulnersOsv
vulnersOsv
added 2025/12/04 3:45 p.m.5 views

agentic-fleet (>=0.1.6 <=0.4.81), composio (=0.1.1) +37 more potentially affected by CVE-2025-56427 via composio-core (>=0.3.13 <=0.7.21)

composio-core PYPI version =0.3.13, =0.1.6, =0.7.1, =0.3.13, =0.3.17, =0.3.13, =0.3.13, =0.7.1, =0.5.26, =0.3.13, =0.3.13, =0.3.13, =0.3.24, =0.7.15, =0.3.13, =0.7.20 and more Source cves: CVE-2025-56427 Source advisory: SNYK:PYTHON-COMPOSIOCORE-14191990...

7.5CVSS5.7AI score0.00822EPSS
Exploits1
Snyk
Snyk
added 2025/12/04 3:45 p.m.5 views

Directory Traversal

Overview composio-core is a Core package to act as a bridge between composio platform and other services. Affected versions of this package are vulnerable to Directory Traversal via the downloadfileordir function. An attacker can access sensitive files outside the intended directory by supplying...

7.5CVSS7.4AI score0.00822EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/12/04 12:0 a.m.6 views

Composio SDK 安全漏洞

Composio SDK is a developer toolkit from Composio Open Source. A security vulnerability exists in Composio SDK version 0.7.20, which stems from the presence of path traversal in the downloadfileordir function, which could lead to the disclosure of sensitive information...

7.5CVSS6.2AI score0.00822EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-2838

Malicious code in bioql PyPI...

8.8CVSS5.5AI score0.00823EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-6877

Malicious code in bioql PyPI...

7.5CVSS6.6AI score0.00671EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-0213

Malicious code in bioql PyPI...

6.4CVSS6.4AI score0.00584EPSS
Exploits1References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-6881

Malicious code in bioql PyPI...

9.8CVSS9.5AI score0.00817EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-2729

Malicious code in bioql PyPI...

5.1CVSS4.7AI score0.00863EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-6884

Malicious code in bioql PyPI...

9.8CVSS7AI score0.01103EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/05/23 9:2 a.m.4 views

CVE-2024-8865

A vulnerability was found in composiohq composio up to 0.5.8 and classified as problematic. Affected by this issue is the function path of the file composio\server\api.py. The manipulation of the argument file leads to path traversal. The exploit has been disclosed to the public and may be used...

5.1CVSS6AI score0.00863EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:24 a.m.9 views

CVE-2024-8864

A vulnerability has been found in composiohq composio up to 0.5.6 and classified as critical. Affected by this vulnerability is the function Calculator of the file python/composio/tools/local/mathematical/actions/calculator.py. The manipulation leads to code injection. The exploit has been...

8.8CVSS6.7AI score0.00823EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:15 a.m.9 views

CVE-2024-53526

composio =0.5.40 is vulnerable to Command Execution in composioopenai, composioclaude, and composiojulep via the handletoolcalls function...

6.4CVSS7AI score0.00584EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/03/22 12:48 p.m.8 views

CVE-2024-8955

A Server-Side Request Forgery SSRF vulnerability exists in composiohq/composio version v0.4.4. This vulnerability allows an attacker to read the contents of any file in the system by exploiting the BROWSERTOOLGOTOPAGE and BROWSERTOOLGETPAGEDETAILS actions...

7.5CVSS6.7AI score0.00679EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/03/22 12:44 p.m.15 views

CVE-2024-8952

A Server-Side Request Forgery SSRF vulnerability exists in composiohq/composio version v0.4.2, specifically in the /api/actions/execute/WEBTOOLSCRAPEWEBSITECONTENT endpoint. This vulnerability allows an attacker to read files, access AWS metadata, and interact with local services on the system...

7.5CVSS6.6AI score0.00671EPSS
Exploits1References1
Rows per page
Query Builder