BentoML 安全漏洞

BentoML is an open-source model service library developed by BentoML. It is used to build high-performance and scalable artificial intelligence applications using Python. Versions of BentoML prior to 1.4.38 contained a security vulnerability. This vulnerability stemmed from the Dockerfile...

CVE-2026-28797 RAGFlow: Server-Side Template Injection (SSTI) leading to Remote Code Execution (RCE) in Agent "Text Processing" Component

RAGFlow is an open-source RAG Retrieval-Augmented Generation engine. In versions 0.24.0 and prior, a Server-Side Template Injection SSTI vulnerability exists in RAGFlow's Agent workflow Text Processing StringTransform and Message components. These components use Python's jinja2.Template unsandbox...

CVE-2025-66435

An SSTI Server-Side Template Injection vulnerability exists in the getcontracttemplate method of Frappe ERPNext through 15.89.0. The function renders attacker-controlled Jinja2 templates contractterms using frappe.rendertemplate with a user-supplied context doc. Although Frappe uses a custom...

Arbitrary Code Injection

Overview agentc is a The front-facing package for the Couchbase Agent Catalog project. Affected versions of this package are vulnerable to Arbitrary Code Injection due to unsafe rendering of Jinja templates without automatic escaping. The Jinja environment is initialized without autoescape=True,...

Saltstack SaltStack Salt 代码注入漏洞

SaltStack Salt is a set of open source tools for managing infrastructure from SaltStack Saltstack. The tool provides configuration management, remote execution, and other features. A code injection vulnerability exists in SaltStack Salt versions prior to Salt 3002.5 that stems from a failure of t...