9 matches found
CVE-2026-7784
A vulnerability has been found in RTGS2017 NagaAgent up to 5.1.0. This issue affects some unknown processing of the file apiserver/routes/extensions.py of the component Skills Endpoint. Such manipulation of the argument Name leads to path traversal. It is possible to launch the attack remotely. T...
EUVD-2026-27157
A vulnerability has been found in RTGS2017 NagaAgent up to 5.1.0. This issue affects some unknown processing of the file apiserver/routes/extensions.py of the component Skills Endpoint. Such manipulation of the argument Name leads to path traversal. It is possible to launch the attack remotely. T...
CVE-2026-7784
A vulnerability has been found in RTGS2017 NagaAgent up to 5.1.0. This issue affects some unknown processing of the file apiserver/routes/extensions.py of the component Skills Endpoint. Such manipulation of the argument Name leads to path traversal. It is possible to launch the attack remotely. T...
NagaAgent 路径遍历漏洞
NagaAgent is a 2D AI assistant developed by RTGS2017. It supports streaming tool calls, knowledge graph memory, and voice interactions. Versions of NagaAgent 5.1.0 and earlier have a path traversal vulnerability. This vulnerability stems from the handling of the parameter Name by the Skills...
CVE-2026-7784 RTGS2017 NagaAgent Skills Endpoint extensions.py path traversal
A vulnerability has been found in RTGS2017 NagaAgent up to 5.1.0. This issue affects some unknown processing of the file apiserver/routes/extensions.py of the component Skills Endpoint. Such manipulation of the argument Name leads to path traversal. It is possible to launch the attack remotely. T...
CVE-2026-7784 RTGS2017 NagaAgent Skills Endpoint extensions.py path traversal
A vulnerability has been found in RTGS2017 NagaAgent up to 5.1.0. This issue affects some unknown processing of the file apiserver/routes/extensions.py of the component Skills Endpoint. Such manipulation of the argument Name leads to path traversal. It is possible to launch the attack remotely. T...
CVE-2026-7784
RTGS2017 NagaAgent (up to 5.1.0) has a path traversal vulnerability in the Skills Endpoint component, specifically affecting the apiserver/routes/extensions.py file. The issue arises from improper handling of the Name argument, enabling remote exploitation. Public exploit activity is noted, and w...
PT-2026-36933
Name of the Vulnerable Software and Affected Versions RTGS2017 NagaAgent versions prior to 5.1.1 Description Improper processing of the file 'apiserver/routes/extensions.py' within the Skills Endpoint component allows for a remote path traversal attack. This occurs through the manipulation of the...
Paperclip: Unauthenticated Access to Multiple API Endpoints in Authenticated Mode
Summary Several API endpoints in authenticated mode have no authentication at all. They respond to completely unauthenticated requests with sensitive data or allow state-changing operations. No account, no session, no API key needed. Verified against the latest version. Discord: sagi03581 Steps t...