CVE-2026-40518

ByteDance DeerFlow before commit 2176b2b contains a path traversal and arbitrary file write vulnerability in bootstrap-mode custom-agent creation where the agent name validation is bypassed. Attackers can supply traversal-style values or absolute paths as the agent name to influence directory...

CVE-2026-40518 ByteDance DeerFlow Path Traversal and Arbitrary File Write via Bootstrap Mode

ByteDance DeerFlow before commit 2176b2b contains a path traversal and arbitrary file write vulnerability in bootstrap-mode custom-agent creation where the agent name validation is bypassed. Attackers can supply traversal-style values or absolute paths as the agent name to influence directory...

GHSA-7XR2-Q9VF-X4R5 OpenClaw: Symlink Traversal via IDENTITY.md appendFile in agents.create/update (Incomplete Fix for CVE-2026-32013)

Summary The patch for CVE-2026-32013 introduced symlink resolution and workspace boundary enforcement for agents.files.get and agents.files.set. However, two other handlers in the same file agents.create and agents.update still use raw fs.appendFile on the IDENTITY.md file without any symlink...

CVE-2025-69517

An HTML injection vulnerability in Amidaware Inc Tactical RMM v1.3.1 and earlier allows authenticated users to inject arbitrary HTML content during the creation of a new agent via the POST /api/v3/newagent/ endpoint. The agentid parameter accepts up to 255 characters and is improperly sanitized...

EUVD-2017-7352

Malware in sbrugna...

Incorrect Access Control check results in authorization bypass

Description When setting the access control for users, an incorrect access check allows for the bypass of authorization, due to the incorrect use of .some Proof of Concept 1. This is for a scenario, where I admin have created a custom agent and want everyone on the platform to use it, without bei...

CVE-2022-2059

In Pandora FMS v7.0NG.761 and below, in the agent creation section, the alias parameter is vulnerable to a Stored Cross Site-Scripting. This vulnerability can be exploited by an attacker with administrator privileges logged in the system...

Cross site scripting

In Pandora FMS v7.0NG.761 and below, in the agent creation section, the alias parameter is vulnerable to a Stored Cross Site-Scripting. This vulnerability can be exploited by an attacker with administrator privileges logged in the system...

PT-2022-14796 · Unknown · Pandora Fms

Name of the Vulnerable Software and Affected Versions: Pandora FMS versions 7.0NG.761 and below Description: The issue concerns a Stored Cross Site-Scripting vulnerability in the agent creation section, specifically affecting the alias parameter. This can be exploited by an attacker with...

CVE-2022-2059

In Pandora FMS v7.0NG.761 and below, in the agent creation section, the alias parameter is vulnerable to a Stored Cross Site-Scripting. This vulnerability can be exploited by an attacker with administrator privileges logged in the system...

CVE-2017-15936

In Artica Pandora FMS version 7.0, an Attacker with write Permission can create an agent with an XSS Payload; when a user enters the agent definitions page, the script will get executed...

Multiple Cross-Site Request Forgery Vulnerabilities in Jenkins

CloudBees Jenkins formerly known as Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task . Jenkin...

Online Automated Tasks: Huginn

Huginn is a system for building agents that perform automated tasks for you online. They can read the web, watch for events, and take actions on your behalf. Huginn’s Agents create and consume events, propagating them along a directed graph. Think of it as a hackable Yahoo! Pipes plus IFTTT on yo...