Network-AI 访问控制错误漏洞

Network-AI is a multi-agent orchestration and governance tool developed by Jovan Marinovic. Versions prior to Network-AI 5.1.3 contained an access control vulnerability. This vulnerability stemmed from the lack of authentication, session, source, or token checks for JSON-RPC tool calls transmitte...

Fugue is Vulnerable to Remote Code Execution by Pickle Deserialization via FlaskRPCServer

Summary The Fugue framework implements an RPC server system for distributed computing operations. In the core functionality of the RPC server implementation, I found that the decode function in fugue/rpc/flask.py directly uses cloudpickle.loads to deserialize data without any sanitization. This...