EUVD-2025-210289

Flowise before 3.0.8 contains a cross-site scripting XSS vulnerability caused by insufficient input filtering in chat messages and custom agent functions. An attacker can inject malicious JavaScript by sending an iframe payload e.g., in a chat box, or by having a custom agent function return an X...

CVE-2026-40518

ByteDance DeerFlow before commit 2176b2b contains a path traversal and arbitrary file write vulnerability in bootstrap-mode custom-agent creation where the agent name validation is bypassed. Attackers can supply traversal-style values or absolute paths as the agent name to influence directory...

CVE-2026-40518

ByteDance DeerFlow before commit 2176b2b contains a path traversal and arbitrary file write vulnerability in bootstrap-mode custom-agent creation where the agent name validation is bypassed. Attackers can supply traversal-style values or absolute paths as the agent name to influence directory...

CVE-2026-40518 ByteDance DeerFlow Path Traversal and Arbitrary File Write via Bootstrap Mode

ByteDance DeerFlow before commit 2176b2b contains a path traversal and arbitrary file write vulnerability in bootstrap-mode custom-agent creation where the agent name validation is bypassed. Attackers can supply traversal-style values or absolute paths as the agent name to influence directory...

CVE-2026-40518

ByteDance DeerFlow before commit 2176b2b contains a path traversal and arbitrary file write vulnerability in bootstrap-mode custom-agent creation where the agent name validation is bypassed. Attackers can supply traversal-style values or absolute paths as the agent name to influence directory...

PT-2026-33466

Name of the Vulnerable Software and Affected Versions ByteDance DeerFlow versions prior to commit 2176b2b Description An issue exists in bootstrap-mode custom-agent creation where the validation of the agent name is bypassed. This allows attackers to use absolute paths or traversal-style values a...

IObit Driver Booster 安全漏洞

IObit Driver Booster is a driver updater from IObit. A security vulnerability exists in IObit Driver Booster version v10.6, which stems from a buffer overflow issue that was found to be contained via the Host parameter under the Custom Agent module...

DNSStager - Hide Your Payload In DNS

DNSStager is an open-source project based on Python used to hide and transfer your payload using DNS. DNSStager will create a malicious DNS server that handles DNS requests to your domain and return your payload as a response to specific record requests such as AAAA or TXT records after splitting...

Command Injection in sofianehamlaoui/lockdoor-framework

✍️ Description CI in Spaghetti function when it asks for custom agent. 🕵️‍♂️ Proof of Concept // PoC https://drive.google.com/file/d/11ljFoTHfge9tA2p9uezV9s1PvM62VC/view?usp=sharing 💥 Impact command run as root. So an attacker could do potential damage to the machine...