Lucene search
K

6 matches found

Snyk
Snyk
added 2026/04/18 12:46 a.m.7 views

Incomplete List of Disallowed Inputs

Overview flowise-ui is a Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs in the run method of the AirtableAgents class, which evaluates LLM-generated Python scripts in a non-sandboxed environment. An attacker can execute arbitrary code on the server by...

9.8CVSS6.3AI score0.00464EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/02 8:9 p.m.3 views

Arbitrary Command Injection

Overview ms-agent is a MS-Agent: Lightweight Framework for Empowering Agents with Autonomous Exploration Affected versions of this package are vulnerable to Arbitrary Command Injection via the ms-agent process. An attacker can execute arbitrary operating system commands by supplying specially...

6.9CVSS7.8AI score0.01611EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2026/03/02 8:9 p.m.3 views

CVE-2026-2256 Command injection vulnerability in ModelScope's ms-agent

A command injection vulnerability in ModelScope's ms-agent versions v1.6.0rc1 and earlier exists, allowing an attacker to execute arbitrary operating system commands through crafted prompt-derived input...

6.2AI score0.01611EPSS
Exploits2References4
Snyk
Snyk
added 2026/02/18 12:56 a.m.6 views

Origin Validation Error

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Origin Validation Error via the sessionssend sourceTool. An attacker can cause privileged actions to be performed by injecting crafted inter-session prompts that are misinterpreted as...

7.1CVSS5.6AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/08/22 4:35 p.m.4 views

CVE-2025-57771 Roo-Code potential remote code execution via auto-execute command parsing flaw

Roo Code is an AI-powered autonomous coding agent that lives in users' editors. In versions prior to 3.25.5, Roo-Code fails to properly handle process substitution and single ampersand characters in the command parsing logic for auto-execute commands. If a user has enabled auto-approved execution...

8.1CVSS8AI score0.00703EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2025/03/12 4:15 p.m.2 views

CVE-2025-20138

A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI...

8.8CVSS6.1AI score0.00208EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder