10 matches found
PT-2026-57194
Name of the Vulnerable Software and Affected Versions praisonaiagents versions prior to 1.6.78 Description An unsafe dynamic module loading issue exists in the AgentFlow. resolve pydantic class function. When a workflow step utilizes a string output pydantic reference, the framework imports a...
MAL-2026-6111 Malicious code in @rafaelsene01/agent-flow (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3855afe87d31e428546f226e1da9236cd0e4dc45a477afb9f6ba1c707a4b05ec The package's main and bin entry, dist/agent-flow.js, is shipped as a heavily obfuscated bundle produced by javascript-obfuscator declared as a...
Malicious code in @rafaelsene01/agent-flow (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3855afe87d31e428546f226e1da9236cd0e4dc45a477afb9f6ba1c707a4b05ec The package's main and bin entry, dist/agent-flow.js, is shipped as a heavily obfuscated bundle produced by javascript-obfuscator declared as a...
Synthesizing Multi-Agent Harnesses for Vulnerability Discovery
LLM agents have begun to find real security vulnerabilities that human auditors and automated fuzzers missed for decades, in source-available targets where the analyst can build and instrument the code. In practice the work is split among several agents, wired together by a harness: the program...
EUVD-2026-10930
Flowise affected by Server-Side Request Forgery SSRF in HTTP Node Leading to Internal Network Access...
CVE-2026-31829 Flowise affected by Server-Side Request Forgery (SSRF) in HTTP Node Leading to Internal Network Access
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.0.13, Flowise exposes an HTTP Node in AgentFlow and Chatflow that performs server-side HTTP requests using user-controlled URLs. By default, there are no restrictions on target hosts, including...
PT-2026-26383
Summary A client authenticated with a shared gateway token could connect as role=node without device identity/pairing, then call node.event to trigger agent.request and voice.transcript flows. Affected Packages / Versions - Package: npm openclaw - Affected versions: = 2026.2.21-2 - Patched versio...
SUSE CVE-2024-8996
Unquoted Search Path or Element vulnerability in Grafana Agent Flow mode on Windows allows Privilege Escalation from Local User to SYSTEM This issue affects Agent Flow: before 0.43.2...
CVE-2024-8996 Grafana Agent Flow on Windows Unquoted service path
Unquoted Search Path or Element vulnerability in Grafana Agent Flow mode on Windows allows Privilege Escalation from Local User to SYSTEM This issue affects Agent Flow: before 0.43.2...
Grafana Agent flow mode unquoted service path
On a windows machine, the Grafana Agent Flow mode service prior to version 0.43.1 is vulnerable to a privilege escalation from local user to SYSTEM due to an unquoted service path. It is recommended that you remove the Grafana Agent Flow installation and do a clean install. An update will not...