Lucene search
K

6 matches found

OSV
OSV
added 2026/06/10 1:55 p.m.5 views

CVE-2026-53473 Migration-planner-ui-app: stored xss via javascript: url in agent credential link

A flaw was found in migration-planner-ui-app. An attacker can register a malicious discovery agent with a specially crafted credentialUrl containing JavaScript code. When an organizational user clicks this link in the user interface, the embedded malicious code executes within the user's browser...

7.3CVSS5.8AI score0.00187EPSS
Exploits0References6
NVD
NVD
added 2026/04/23 2:16 a.m.9 views

CVE-2026-41208

Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Versions of @paperclipai/server prior to 2026.416.0 contain a privilege escalation vulnerability that allows an attacker with an Agent API key to execute arbitrary OS commands on the Paperclip serv...

8.8CVSS0.00591EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/23 12:47 a.m.2 views

CVE-2026-41208 Paperclip: Privilege Escalation via Agent-Controlled workspaceStrategy.provisionCommand Leading to OS Command Execution

Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Versions of @paperclipai/server prior to 2026.416.0 contain a privilege escalation vulnerability that allows an attacker with an Agent API key to execute arbitrary OS commands on the Paperclip serv...

8.8CVSS6.8AI score0.00591EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/23 12:47 a.m.9 views

EUVD-2026-25162

Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Versions of @paperclipai/server prior to 2026.416.0 contain a privilege escalation vulnerability that allows an attacker with an Agent API key to execute arbitrary OS commands on the Paperclip serv...

8.8CVSS6.8AI score0.00591EPSS
Exploits1References1
CVE
CVE
added 2026/04/23 12:47 a.m.45 views

CVE-2026-41208

The CVE affects Paperclip server (@paperclipai/server) prior to 2026.416.0. A privilege escalation exists where an attacker with an Agent API key can modify adapterConfig via /agents/:id, specifically workspaceStrategy.provisionCommand, which is later executed by the server runtime. This allows i...

8.8CVSS6.8AI score0.00591EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.8 views

PT-2026-34600

Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Versions of @paperclipai/server prior to 2026.416.0 contain a privilege escalation vulnerability that allows an attacker with an Agent API key to execute arbitrary OS commands on the Paperclip serv...

8.8CVSS6.8AI score0.00591EPSS
Exploits1References2
Rows per page
Query Builder