Lucene search
K

246 matches found

vulnersOsv
vulnersOsv
added 2026/04/07 8:13 p.m.7 views

ai.telosforge:kimaira-starter-agentic (>=1.2.4 <=1.2.6), ai.telosforge:kimaira-starter-agentic-factory (>=1.2.4 <=1.2.6) +504 more potentially affected by CVE-2026-35568 via io.modelcontextprotocol.sdk:mcp-core (>=0.13.0 <=1.0.0-RC3)

io.modelcontextprotocol.sdk:mcp-core MAVEN version =0.13.0, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =0.0.1, =0.1.0, =0.3.0, =2.0.0-beta.7, =1.1.0.0, =1.1.0.0, =2.0.0-M1.1 and more Source cves: CVE-2026-35568 Source advisory: OSV:GHSA-8JXR-PR72-R468...

7.6CVSS5.7AI score0.00136EPSS
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/07 12:0 a.m.8 views

LanG -- a Governance-Aware Agentic AI Platform for Unified Security Operations

Modern Security Operations Centers struggle with alert fatigue, fragmented tooling, and limited cross-source event correlation. Challenges that current Security Information Event Management and Extended Detection and Response systems only partially address through fragmented tools. This paper...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/07 12:0 a.m.5 views

Foundations for Agentic AI Investigations from the Forensic Analysis of OpenClaw

Agentic Al systems are increasingly deployed as personal assistants and are likely to become a common object of digital investigations. However, little is known about how their internal state and actions can be reconstructed during forensic analysis. Despite growing popularity, systematic forensi...

6.1AI score
Exploits0
OSV
OSV
added 2026/04/03 3:3 a.m.4 views

GHSA-V3QC-WRWX-J3PW OpenClaw: Agentic Consent Bypass — LLM Agent Can Silently Disable Exec Approval via `config.patch`

Summary Agentic Consent Bypass: LLM Agent Can Silently Disable Exec Approval via config.patch Current Maintainer Triage - Status: open - Normalized severity: high - Assessment: Maintainers accepted this issue, fixed it in 76411b2afc4ae721e36c12e0ea24fd23e2fed61e on 2026-03-27, and that fix shippe...

8.2CVSS5.9AI score0.00473EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/03 3:3 a.m.9 views

OpenClaw: Agentic Consent Bypass — LLM Agent Can Silently Disable Exec Approval via `config.patch`

Summary Agentic Consent Bypass: LLM Agent Can Silently Disable Exec Approval via config.patch Current Maintainer Triage - Status: open - Normalized severity: high - Assessment: Maintainers accepted this issue, fixed it in 76411b2afc4ae721e36c12e0ea24fd23e2fed61e on 2026-03-27, and that fix shippe...

5.8AI score
Exploits0References3Affected Software1
vulnersOsv
vulnersOsv
added 2026/04/02 4:29 p.m.6 views

agentic-blocks (>=0.1.36 <=0.1.37) potentially affected by CVE-2026-35002 via agno (=2.0.9)

agno PYPI version =2.0.9 is affected by a known vulnerability. The following packages have a transitive dependency on agno and may be impacted: - agentic-blocks =0.1.36, =0.1.37 Source cves: CVE-2026-35002 Source advisory: SNYK:PYTHON-AGNO-15874153...

9.8CVSS5.8AI score0.00852EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/02 3:31 p.m.6 views

agentic-blocks (>=0.1.36 <=0.1.37), aiqtoolkit-agno (>=1.1.0 <=1.3.1) +9 more potentially affected by CVE-2026-35002 via agno (>=1.2.16 <=2.0.9)

agno PYPI version =1.2.16, =0.1.36, =1.1.0, =0.8.0, =0.1.0, =1.3.4, =0.1.0.post1, =1.1.0a20251020, =1.7.0a20260513 - synvya-sdk =0.2.12 Source cves: CVE-2026-35002 Source advisory: OSV:GHSA-77RH-M34W-RV36...

9.8CVSS5.7AI score0.00852EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/04/01 5:0 a.m.5 views

CVE-2026-29870

A directory traversal vulnerability in the agentic-context-engine project versions up to 0.7.1 allows arbitrary file writes via the checkpointdir parameter in OfflineACE.run. The savetofile method in ace/skillbook.py fails to normalize or validate filesystem paths, allowing traversal sequences to...

7.6CVSS6.3AI score0.00578EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/31 3:31 p.m.7 views

EUVD-2026-17419

A directory traversal vulnerability in the agentic-context-engine project versions up to 0.7.1 allows arbitrary file writes via the checkpointdir parameter in OfflineACE.run. The savetofile method in ace/skillbook.py fails to normalize or validate filesystem paths, allowing traversal sequences to...

7.6CVSS6.3AI score0.00578EPSS
Exploits0References2
NVD
NVD
added 2026/03/31 3:16 p.m.12 views

CVE-2026-29870

A directory traversal vulnerability in the agentic-context-engine project versions up to 0.7.1 allows arbitrary file writes via the checkpointdir parameter in OfflineACE.run. The savetofile method in ace/skillbook.py fails to normalize or validate filesystem paths, allowing traversal sequences to...

7.6CVSS0.00578EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2026/03/31 11:50 a.m.4 views

The AI Arms Race – Why Unified Exposure Management Is Becoming a Boardroom Priority

The cybersecurity landscape is accelerating at an unprecedented rate. What is emerging is not simply a rise in the number of vulnerabilities or tools, but a dramatic increase in speed. Speed of attack, speed of exploitation, and speed of change across modern environments. This is the defining...

6.1AI score
Exploits0
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.7 views

Agentic Context Engine 安全漏洞

Agentic Context Engine is an AI proxy learning and optimization framework developed by Kayba. Versions of Agentic Context Engine 0.7.1 and earlier contained security vulnerabilities. These vulnerabilities were caused by a directory traversal vulnerability in the checkpointdir parameter, which cou...

7.6CVSS6AI score0.00578EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/31 12:0 a.m.9 views

CVE-2026-29870

A directory traversal vulnerability in the agentic-context-engine project versions up to 0.7.1 allows arbitrary file writes via the checkpointdir parameter in OfflineACE.run. The savetofile method in ace/skillbook.py fails to normalize or validate filesystem paths, allowing traversal sequences to...

6.3AI score0.00578EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.7 views

PT-2026-29270

A directory traversal vulnerability in the agentic-context-engine project versions up to 0.7.1 allows arbitrary file writes via the checkpoint dir parameter in OfflineACE.run. The save to file method in ace/skillbook.py fails to normalize or validate filesystem paths, allowing traversal sequences...

7.6CVSS6.3AI score0.00578EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/31 12:0 a.m.3 views

CVE-2026-29870

A directory traversal vulnerability in the agentic-context-engine project versions up to 0.7.1 allows arbitrary file writes via the checkpointdir parameter in OfflineACE.run. The savetofile method in ace/skillbook.py fails to normalize or validate filesystem paths, allowing traversal sequences to...

7.6CVSS6.3AI score0.00578EPSS
Exploits0References2
CVE
CVE
added 2026/03/31 12:0 a.m.6 views

CVE-2026-29870

The CVE-2026-29870 entry describes a directory traversal in the agentic-context-engine (versions up to 0.7.1) that enables arbitrary file writes via the checkpoint_dir parameter in OfflineACE.run. The root cause is that save_to_file in ace/skillbook.py does not normalize or validate filesystem pa...

7.6CVSS6.3AI score0.00578EPSS
Exploits0References1
Trend Micro Simply Security
Trend Micro Simply Security
added 2026/03/31 12:0 a.m.4 views

TrendAI™ Research at RSAC 2026: Advancing Defense Across AI‑Driven and Cyber‑Physical Threats

TrendAI™ Research explored agentic AI cybercrime and EV infrastructure security through two research sessions at RSAC 2026...

5.8AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/03/30 5:26 p.m.6 views

ai.telosforge:kimaira-starter-agentic (>=1.2.4 <=1.2.6), ai.telosforge:kimaira-starter-agentic-factory (>=1.2.4 <=1.2.6) +504 more potentially affected by CVE-2026-34237 via io.modelcontextprotocol.sdk:mcp-core (>=0.13.0 <=0.18.2)

io.modelcontextprotocol.sdk:mcp-core MAVEN version =0.13.0, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =0.0.1, =0.1.0, =0.3.0, =2.0.0-beta.7, =1.1.0.0, =1.1.0.0, =2.0.0-M1.1 and more Source cves: CVE-2026-34237 Source advisory: OSV:GHSA-HV2W-8MJJ-JW22...

6.1CVSS7.2AI score0.00222EPSS
Exploits0
Microsoft Secure
Microsoft Secure
added 2026/03/30 4:0 p.m.5 views

Addressing the OWASP Top 10 Risks in Agentic AI with Microsoft Copilot Studio

Agentic AI is moving fast from pilots to production. That shift changes the security conversation. These systems do not just generate content. They can retrieve sensitive data, invoke tools, and take action using real identities and permissions. When something goes wrong, the failure is not limit...

6.3AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2026/03/30 4:0 p.m.9 views

Addressing the OWASP Top 10 Risks in Agentic AI with Microsoft Copilot Studio

Agentic AI is moving fast from pilots to production. That shift changes the security conversation. These systems do not just generate content. They can retrieve sensitive data, invoke tools, and take action using real identities and permissions. When something goes wrong, the failure is not limit...

6.5AI score
Exploits0
Rows per page
Query Builder