CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

vulnersOsv•added 2026/04/15 6:31 p.m.•3 views

ai-safety-engine (=0.1.0) potentially affected by CVE-2026-30625 via upsonic (=0.60.0a1754435135)

upsonic PYPI version =0.60.0a1754435135 is affected by a known vulnerability. The following packages have a transitive dependency on upsonic and may be impacted: - ai-safety-engine =0.1.0 Source cves: CVE-2026-30625 Source advisory: OSV:GHSA-CW73-5F7H-M4GV...

9.8CVSS6AI score0.00343EPSS

EUVD•added 2026/04/15 6:31 p.m.•2 views

EUVD-2026-22945

6.6AI score0.00343EPSS

Exploits0References3

Github Security Blog•added 2026/04/15 6:31 p.m.•3 views

Upsonic: remote code execution vulnerability in its MCP server/task creation functionality

9.8CVSS6.6AI score0.00343EPSS

Exploits0References4Affected Software1

Snyk•added 2026/04/15 4:11 p.m.•3 views

Arbitrary Code Injection

Overview upsonic is a Task oriented AI agent framework for digital workers and vertical AI agents Affected versions of this package are vulnerable to Arbitrary Code Injection via the MCP server task creation functionality. An attacker can execute arbitrary operating system commands with the...

9.8CVSS6AI score0.00343EPSS

vulnersOsv•added 2026/04/15 4:11 p.m.•4 views

ai-safety-engine (=0.1.0) potentially affected by CVE-2026-30625 via upsonic (=0.60.0a1754435135)

9.8CVSS6AI score0.00343EPSS

CNNVD•added 2026/04/15 12:0 a.m.•4 views

Upsonic 安全漏洞

Upsonic is an open-source AI proxy framework developed by Upsonic. Version 0.71.6 of Upsonic contains a security vulnerability. This vulnerability stems from defects in the MCP server or the task creation functionality, which may lead to remote code execution...

9.8CVSS6.3AI score0.00343EPSS

Vulnrichment•added 2026/04/15 12:0 a.m.•1 views

CVE-2026-30625

6.6AI score0.00343EPSS

RedhatCVE•added 2026/01/24 9:15 a.m.•3 views

CVE-2026-0773

Upsonic Cloudpickle Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Upsonic. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...

9.8CVSS6.6AI score0.01649EPSS

vulnersOsv•added 2026/01/23 5:8 a.m.•4 views

ai-safety-engine (=0.1.0) potentially affected by CVE-2026-0773 via upsonic (=0.60.0a1754435135)

9.8CVSS7.2AI score0.01649EPSS

Snyk•added 2026/01/23 5:8 a.m.•2 views

Deserialization of Untrusted Data

Overview upsonic is a Task oriented AI agent framework for digital workers and vertical AI agents Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the addtool endpoint, which listens on TCP port 7541 by default, and uses cloudpickle.loads. An attacker can...

9.8CVSS8.8AI score0.01649EPSS

NVD•added 2026/01/23 4:16 a.m.•3 views

CVE-2026-0773

9.8CVSS0.01649EPSS

Cvelist•added 2026/01/23 3:29 a.m.•25 views

CVE-2026-0773 Upsonic Cloudpickle Deserialization of Untrusted Data Remote Code Execution Vulnerability

9.8CVSS0.01649EPSS

Vulnrichment•added 2026/01/23 3:29 a.m.•3 views

CVE-2026-0773 Upsonic Cloudpickle Deserialization of Untrusted Data Remote Code Execution Vulnerability

9.8CVSS6.6AI score0.01649EPSS

CVE•added 2026/01/23 3:29 a.m.•10 views

CVE-2026-0773

Upsonic is affected by a Cloudpickle deserialization vulnerability in the add_tool endpoint (default TCP port 7541). The flaw arises from improper validation of user-supplied data, allowing cloudpickle.loads() to deserialize untrusted data, enabling remote code execution with the service account’...

9.8CVSS6.6AI score0.01649EPSS

ATTACKERKB•added 2026/01/23 3:29 a.m.•2 views

CVE-2026-0773

9.8CVSS6.5AI score0.01649EPSS

Exploits0References2Affected Software1

CNNVD•added 2026/01/23 12:0 a.m.•1 views

Upsonic code issue vulnerabilities

Upsonic is an open-source AI proxy framework developed by Upsonic. Upsonic has code vulnerabilities, which stem from the lack of validation for data provided by users at the addtool endpoint. This vulnerability may lead to the deserialization of untrusted data and remote code execution...

9.8CVSS7.6AI score0.01649EPSS

Zero Day Initiative•added 2026/01/09 12:0 a.m.•10 views

(0Day) Upsonic Cloudpickle Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Upsonic. Authentication is not required to exploit this vulnerability. The specific flaw exists within the addtool endpoint, which listens on TCP port 7541 by default. The issue results from the lack...

9.8CVSS7.7AI score0.01649EPSS