7 matches found
PT-2026-45050
Name of the Vulnerable Software and Affected Versions PraisonAI affected versions not specified Description The first-party A2A server example in PraisonAI contains a critical chain that allows remote code execution. The example binds the server to 0.0.0.0 and exposes the /a2a endpoint without...
CVE-2026-25481 Langroid has WAF Bypass Leading to RCE in TableChatAgent
Langroid is a framework for building large-language-model-powered applications. Prior to version 0.59.32, there is a bypass to the fix for CVE-2025-46724. TableChatAgent can call pandaseval tool to evaluate the expression. There is a WAF in langroid/utils/pandasutils.py introduced to block code...
Langroid 代码注入漏洞
Langroid is an open-source tool developed using multi-agent programming for LLM tasks. Versions of Langroid prior to 0.59.32 had a code injection vulnerability. This vulnerability stemmed from a bypass in the TableChatAgent’s invocation of the pandaseval tool, which could allow arbitrary code to ...
expr-eval: expr-eval: Prototype Pollution
A prototype pollution flaw was found in expr-eval. An attacker with access to express eval interface can use JavaScript prototype-based inheritance model to achieve arbitrary code execution...
CISA: Cybersecurity Evaluation Tool (CSET) Seminar Presentation
System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...
CISA Develops Factsheet for Free Tools for Cloud Environments
CISA has developed and published a factsheet, Free Tools for Cloud Environments, to help businesses transitioning into a cloud environment identify proper tools and techniques necessary for the protection of critical assets and data security. Free Tools for Cloud Environments provides network...
Department of Homeland Security Releases Cyber Security Evaluation Tool (CSET)
Department of Homeland Security Releases Cyber Security Evaluation Tool CSET The Cyber Security Evaluation Tool CSET is a Department of Homeland Security DHS product that assists organizations in protecting their key national cyber assets. It was developed under the direction of the DHS National...