EUVD-2026-38465

NanoClaw before 2.1.17 contains a privilege escalation vulnerability in the createagent delivery-action handler that performs privileged central-database writes without host-side authorization checks. Confined agent containers can invoke createagent to create arbitrary agent groups, container...

CVE-2026-56693

NanoClaw before 2.1.17 contains a privilege escalation vulnerability in the createagent delivery-action handler that performs privileged central-database writes without host-side authorization checks. Confined agent containers can invoke createagent to create arbitrary agent groups, container...

CVE-2026-56693

NanoClaw prior to version 2.1.17 contains a privilege-escalation flaw in the create_agent delivery-action handler. It performs privileged central-database writes without host-side authorization checks, enabling confined agent containers to invoke create_agent to create arbitrary agent groups, con...

Arbitrary Code Injection

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

CVE-2023-43803

Arduino Create Agent is a package to help manage Arduino development. This vulnerability affects the endpoint /v2/pkgs/tools/installed and the way it handles plugin names supplied as user input. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass t...

CVE-2023-49296

The Arduino Create Agent allows users to use the Arduino Create applications to upload code to any USB connected Arduino board directly from the browser. A vulnerability in versions prior to 1.3.6 affects the endpoint /certificate.crt and the way the web interface of the ArduinoCreateAgent handle...

CVE-2023-43800

Arduino Create Agent is a package to help manage Arduino development. The vulnerability affects the endpoint /v2/pkgs/tools/installed. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass the CORS configuration, can escalate his privileges to those ...

EUVD-2023-2771

Malicious code in bioql PyPI...

EUVD-2023-53283

Malicious code in bioql PyPI...

EUVD-2023-2683

Malicious code in bioql PyPI...

EUVD-2023-2649

Malicious code in bioql PyPI...

CVE-2023-43802

Arduino Create Agent is a package to help manage Arduino development. This vulnerability affects the endpoint /upload which handles request with the filename parameter. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass the CORS configuration, can...

Deserialization of Untrusted Data

Overview agentscope is an AgentScope: A Flexible yet Robust Multi-Agent Platform. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the AgentServerServicer.createagent method. An attacker can execute arbitrary commands on the server by deserializing untrust...

Cross-Site Scripting (XSS)

github.com/arduino/arduino-create-agent is vulnerable to Cross-Site Scripting. The vulnerability is due to a lack of user input and custom error messages sanitization in the /certificate.crt endpoint. This allows attackers to execute Reflected Cross-Site Scripting XSS attacks through specially...

CVE-2023-49296

The Arduino Create Agent allows users to use the Arduino Create applications to upload code to any USB connected Arduino board directly from the browser. A vulnerability in versions prior to 1.3.6 affects the endpoint /certificate.crt and the way the web interface of the ArduinoCreateAgent handle...

Cross site scripting

The Arduino Create Agent allows users to use the Arduino Create applications to upload code to any USB connected Arduino board directly from the browser. A vulnerability in versions prior to 1.3.6 affects the endpoint /certificate.crt and the way the web interface of the ArduinoCreateAgent handle...

CVE-2023-49296 Arduino Create Agent vulnerable to Reflected Cross-Site Scripting

The Arduino Create Agent allows users to use the Arduino Create applications to upload code to any USB connected Arduino board directly from the browser. A vulnerability in versions prior to 1.3.6 affects the endpoint /certificate.crt and the way the web interface of the ArduinoCreateAgent handle...

CVE-2023-49296 Arduino Create Agent vulnerable to Reflected Cross-Site Scripting

The Arduino Create Agent allows users to use the Arduino Create applications to upload code to any USB connected Arduino board directly from the browser. A vulnerability in versions prior to 1.3.6 affects the endpoint /certificate.crt and the way the web interface of the ArduinoCreateAgent handle...

CVE-2023-49296

The CVE-2023-49296 vulnerability affects the Arduino Create Agent prior to version 1.3.6, where the /certificate.crt endpoint and error-message handling allow Reflected Cross-Site Scripting. An attacker can lure a user to click a malicious link, enabling arbitrary client-side code execution in th...

Arduino Cross-Site Scripting Vulnerability

Arduino is a microcontroller board from the Arduino project. A cross-site scripting vulnerability exists in Arduino Create Agent versions prior to 1.3.6, which stems from vulnerability to reflective cross-site scripting attacks that allow an attacker to execute arbitrary code on the browser clien...