CVE-2026-40288

PraisonAI is a multi-agent teams system. In versions below 4.5.139 of PraisonAI and 1.5.140 of praisonaiagents, the workflow engine is vulnerable to arbitrary command and code execution through untrusted YAML files. When praisonai workflow run loads a YAML file with type: job, the...

CVE-2026-45672

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.12, the /api/v1/utils/code/execute endpoint executes arbitrary Python code via Jupyter for any verified user, even when the admin has set ENABLECODEEXECUTION=false. The feature gate is...

Red Hat Enterprise Linux AI 安全漏洞

Red Hat Enterprise Linux AI is a Linux distribution created by the American company Red Hat for generative AI. Red Hat Enterprise Linux AI RHEL AI 3 has a security vulnerability. This vulnerability stems from the linuxtrain.py script, which loads models from HuggingFace by hardcoding...

CVE-2026-33229

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Prior to 17.4.8 and 17.10.1, an improperly protected scripting API allows any user with script right to bypass the sandboxing of the Velocity scripting API and execute, e.g., arbitrary Python...

Permissive List of Allowed Inputs

Overview @backstage/plugin-techdocs-node is a Common node.js functionalities for TechDocs, to be shared between techdocs-backend plugin and techdocs-cli Affected versions of this package are vulnerable to Permissive List of Allowed Inputs via the processing of the mkdocs.yml configuration file...

CVE-2026-26020

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to 0.6.48, an authenticated user could achieve Remote Code Execution RCE on the backend server by embedding a disabled block inside a graph. The...

CVE-2024-2356

A Local File Inclusion LFI vulnerability exists in the '/reinstallextension' endpoint of the parisneo/lollms-webui application, specifically within the name parameter of the @router.post"/reinstallextension" route. This vulnerability allows attackers to inject a malicious name parameter, leading ...

CVE-2024-2356

A Local File Inclusion LFI vulnerability exists in the '/reinstallextension' endpoint of the parisneo/lollms-webui application, specifically within the name parameter of the @router.post"/reinstallextension" route. This vulnerability allows attackers to inject a malicious name parameter, leading ...

EUVD-2024-27309

A Local File Inclusion LFI vulnerability exists in the '/reinstallextension' endpoint of the parisneo/lollms-webui application, specifically within the name parameter of the @router.post"/reinstallextension" route. This vulnerability allows attackers to inject a malicious name parameter, leading ...

PT-2026-5649

A Local File Inclusion LFI vulnerability exists in the '/reinstall extension' endpoint of the parisneo/lollms-webui application, specifically within the name parameter of the @router.post"/reinstall extension" route. This vulnerability allows attackers to inject a malicious name parameter, leadin...

Backstage Code Injection Vulnerability

Backstage is an open-source application developed by Backstage. It serves as an open platform for building developer portals. Versions of Backstage prior to 1.13.11 and 1.14.1 contained a code injection vulnerability. This vulnerability stemmed from the ability to configure malicious hooks in the...

CVE-2026-24780 AutoGPT is Vulnerable to RCE via Disabled Block Execution

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.44, AutoGPT Platform's block execution endpoints both main web API and external API allow executing blocks by UUID...

EUVD-2017-0101

Malware in sbrugna...

EUVD-2021-13350

Malware in sbrugna...

EUVD-2008-6506

Malware in sbrugna...

EUVD-2024-54800

Malicious code in bioql PyPI...

EUVD-2025-21808

Malicious code in bioql PyPI...

EUVD-2024-54360

Malicious code in bioql PyPI...

EUVD-2023-0249

Malicious code in bioql PyPI...

Creation of Temporary File With Insecure Permissions

Overview Affected versions of this package are vulnerable to Creation of Temporary File With Insecure Permissions in the getorcreatetmpdir function in fileutils.py. This enables an attacker who can write to /tmp to cause the execution of arbitrary .py files during environment setup. Remediation...