CVE-2026-5602 Nor2-io heim-mcp new_heim_application tools.ts registerTools os command injection

A vulnerability was determined in Nor2-io heim-mcp up to 0.1.3. Impacted is the function registerTools of the file src/tools.ts of the component newheimapplication/deployheimapplication/deployheimapplicationtocloud. This manipulation causes os command injection. The attack requires local access...

CVE-2026-5602

Nor2-io heim-mcp up to 0.1.3 is affected in new_heim_application/deploy_heim_application/deploy_heim_application_to_cloud, specifically the registerTools function in src/tools.ts, which enables OS command injection due to the underlying root cause described in the CVE. The vulnerability requires ...

composio-griptape (>=0.3.13 <=0.7.20), griptape-cli (=0.1.0) +5 more potentially affected by CVE-2026-5596 via griptape (>=1.10.2 <=1.8.13)

griptape PYPI version =1.10.2, =0.3.13, =0.26.4, =0.84.0, =0.8.0, =2.0.3, =2.2.9 Source cves: CVE-2026-5596 Source advisory: SNYK:PYTHON-GRIPTAPE-15915642...

griptape (>=0.1.0 <=0.5.1) potentially affected by CVE-2026-5596 via griptape-tools (>=0.7.0 <=0.7.1)

griptape-tools PYPI version =0.7.0, =0.1.0, =0.5.1 Source cves: CVE-2026-5596 Source advisory: SNYK:PYTHON-GRIPTAPETOOLS-15915643...

SQL Injection

Overview griptape-tools is a Tools for the Griptape framework. Affected versions of this package are vulnerable to SQL Injection through the executequery path in the SQL tool and loader components. An attacker can execute malicious SQL against the connected database by prompt-injecting the LLM to...

Directory Traversal

Overview griptape-tools is a Tools for the Griptape framework. Affected versions of this package are vulnerable to Directory Traversal via the filename handling in the code-writing path used by executecodeincontainer in griptape/tools/computer/tool.py. An attacker can write arbitrary files on the...

CVE-2018-25256

CVE-2018-25256 affects IP TOOLS 2.50, specifically the SNMP Scanner component. A local buffer overflow can be triggered by oversized input in the From Addr and To Addr fields, crashing the application when Start is clicked and causing a denial of service via an SEH overwrite. The description in t...

CVE-2018-25256 IP TOOLS 2.50 Local Buffer Overflow Denial of Service

IP TOOLS 2.50 contains a local buffer overflow vulnerability in the SNMP Scanner component that allows local attackers to crash the application by supplying oversized input. Attackers can paste malicious data into the 'From Addr' and 'To Addr' fields and trigger the crash by clicking the Start...

CVE-2018-25256

IP TOOLS 2.50 contains a local buffer overflow vulnerability in the SNMP Scanner component that allows local attackers to crash the application by supplying oversized input. Attackers can paste malicious data into the 'From Addr' and 'To Addr' fields and trigger the crash by clicking the Start...

CVE-2018-25256 IP TOOLS 2.50 Local Buffer Overflow Denial of Service

IP TOOLS 2.50 contains a local buffer overflow vulnerability in the SNMP Scanner component that allows local attackers to crash the application by supplying oversized input. Attackers can paste malicious data into the 'From Addr' and 'To Addr' fields and trigger the crash by clicking the Start...

PT-2026-30512

Name of the Vulnerable Software and Affected Versions Nor2-io heim-mcp versions up to 0.1.3 Description A flaw exists in the registerTools function within the src/tools.ts file of the new heim application/deploy heim application/deploy heim application to cloud component. This can lead to operati...

Hackers Are Posting the Claude Code Leak With Bonus Malware

Plus: The FBI says a recent hack of its wiretap tools poses a national security risk, attackers stole Cisco source code as part of an ongoing supply chain hacking spree, and more...

RHSA-2023:6179 Red Hat Security Advisory: Red Hat Product OCP Tools 4.13 OpenShift Jenkins security update

Bulletin has no description...

CVE-2026-34952

PraisonAI is a multi-agent teams system. Prior to version 4.5.97, the PraisonAI Gateway server accepts WebSocket connections at /ws and serves agent topology at /info with no authentication. Any network client can connect, enumerate registered agents, and send arbitrary messages to agents and the...

CVE-2026-34954

PraisonAI is a multi-agent teams system. Prior to version 1.5.95, FileTools.downloadfile in praisonaiagents validates the destination path but performs no validation on the url parameter, passing it directly to httpx.stream with followredirects=True. An attacker who controls the URL can reach any...

CVE-2026-34052

LTI JupyterHub Authenticator is a JupyterHub authenticator for LTI. Prior to version 1.6.3, the LTI 1.1 validator stores OAuth nonces in a class-level dictionary that grows without bounds. Nonces are added before signature validation, so an attacker with knowledge of a valid consumer key can send...

CVE-2026-34954 PraisonAI: SSRF in FileTools.download_file() via Unvalidated URL

PraisonAI is a multi-agent teams system. Prior to version 1.5.95, FileTools.downloadfile in praisonaiagents validates the destination path but performs no validation on the url parameter, passing it directly to httpx.stream with followredirects=True. An attacker who controls the URL can reach any...

CVE-2026-34954 PraisonAI: SSRF in FileTools.download_file() via Unvalidated URL

PraisonAI is a multi-agent teams system. Prior to version 1.5.95, FileTools.downloadfile in praisonaiagents validates the destination path but performs no validation on the url parameter, passing it directly to httpx.stream with followredirects=True. An attacker who controls the URL can reach any...

CVE-2026-34952 PraisonAI: Missing Authentication in WebSocket Gateway

PraisonAI is a multi-agent teams system. Prior to version 4.5.97, the PraisonAI Gateway server accepts WebSocket connections at /ws and serves agent topology at /info with no authentication. Any network client can connect, enumerate registered agents, and send arbitrary messages to agents and the...

CVE-2026-34939 PraisonAI: ReDoS via Unvalidated User-Controlled Regex in MCPToolIndex.search_tools()

PraisonAI is a multi-agent teams system. Prior to version 4.5.90, MCPToolIndex.searchtools compiles a caller-supplied string directly as a Python regular expression with no validation, sanitization, or timeout. A crafted regex causes catastrophic backtracking in the re engine, blocking the Python...