SQL Injection

Overview griptape is a Modular Python framework for LLM workflows, tools, memory, and data. Affected versions of this package are vulnerable to SQL Injection through the executequery path in the SQL tool and loader components. An attacker can execute malicious SQL against the connected database b...

EUVD-2026-19113

A vulnerability has been found in Fosowl agenticSeek 0.1.0. Impacted is the function PyInterpreter.execute of the file sources/tools/PyInterpreter.py of the component query Endpoint. Such manipulation leads to code injection. The attack can be launched remotely. The exploit has been disclosed to...

CVE-2026-5587 wbbeyourself MAC-SQL Refiner Agent agents.py _execute_sql sql injection

A vulnerability was identified in wbbeyourself MAC-SQL up to 31a9df5e0d520be4769be57a4b9022e5e34a14f4. This affects the function executesql of the file core/agents.py of the component Refiner Agent. The manipulation leads to sql injection. Remote exploitation of the attack is possible. The exploi...

CVE-2026-5587 wbbeyourself MAC-SQL Refiner Agent agents.py _execute_sql sql injection

A vulnerability was identified in wbbeyourself MAC-SQL up to 31a9df5e0d520be4769be57a4b9022e5e34a14f4. This affects the function executesql of the file core/agents.py of the component Refiner Agent. The manipulation leads to sql injection. Remote exploitation of the attack is possible. The exploi...

CVE-2026-5587

The CVE-2026-5587 entry concerns wbbeyourself MAC-SQL Refiner Agent. Affected component: Refiner Agent’s core/agents.py, function _execute_sql. Root cause is an SQL injection in _execute_sql that enables remote exploitation. Public exploit is indicated as available. The product uses a rolling rel...

CVE-2026-5587

A vulnerability was identified in wbbeyourself MAC-SQL up to 31a9df5e0d520be4769be57a4b9022e5e34a14f4. This affects the function executesql of the file core/agents.py of the component Refiner Agent. The manipulation leads to sql injection. Remote exploitation of the attack is possible. The exploi...

CVE-2026-5584

A vulnerability has been found in Fosowl agenticSeek 0.1.0. Impacted is the function PyInterpreter.execute of the file sources/tools/PyInterpreter.py of the component query Endpoint. Such manipulation leads to code injection. The attack can be launched remotely. The exploit has been disclosed to...

CVE-2026-5584 Fosowl agenticSeek query Endpoint PyInterpreter.py PyInterpreter.execute code injection

A vulnerability has been found in Fosowl agenticSeek 0.1.0. Impacted is the function PyInterpreter.execute of the file sources/tools/PyInterpreter.py of the component query Endpoint. Such manipulation leads to code injection. The attack can be launched remotely. The exploit has been disclosed to...

CVE-2026-5584

A vulnerability has been found in Fosowl agenticSeek 0.1.0. Impacted is the function PyInterpreter.execute of the file sources/tools/PyInterpreter.py of the component query Endpoint. Such manipulation leads to code injection. The attack can be launched remotely. The exploit has been disclosed to...

CVE-2026-5532 ScrapeGraphAI scrapegraph-ai GenerateCodeNode generate_code_node.py create_sandbox_and_execute os command injection

A vulnerability was found in ScrapeGraphAI scrapegraph-ai up to 1.74.0. The affected element is the function createsandboxandexecute of the file scrapegraphai/nodes/generatecodenode.py of the component GenerateCodeNode Component. The manipulation results in os command injection. The attack may be...

CVE-2026-5532

The CVE-2026-5532 entry concerns ScrapeGraphAI scrapegraph-ai (up to version 1.74.0). The vulnerable element is the function create_sandbox_and_execute in scrapegraphai/nodes/generate_code_node.py of the GenerateCodeNode Component, where manipulation leads to an OS command injection. The attack c...

PT-2026-30403

A vulnerability was found in ScrapeGraphAI scrapegraph-ai up to 1.74.0. The affected element is the function create sandbox and execute of the file scrapegraphai/nodes/generate code node.py of the component GenerateCodeNode Component. The manipulation results in os command injection. The attack m...

PT-2026-30454

A vulnerability was identified in wbbeyourself MAC-SQL up to 31a9df5e0d520be4769be57a4b9022e5e34a14f4. This affects the function execute sql of the file core/agents.py of the component Refiner Agent. The manipulation leads to sql injection. Remote exploitation of the attack is possible. The explo...

ScrapeGraphAI 操作系统命令注入漏洞

ScrapeGraphAI is an open-source intelligent web scraping library based on large language models. Versions of ScrapeGraphAI 1.74.0 and earlier contain a vulnerability related to operating system command injection, which stems from the createsandboxandexecute function’s ability to execute OS comman...

CVE-2026-35616

A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests...

Electron 数据伪造问题漏洞

Electron is an open-source JavaScript framework developed by users for creating cross-platform desktop applications. This framework is based on Node.js and Chromium, allowing the development of cross-platform desktop applications using HTML and CSS. Versions of Electron prior to 38.8.6, 39.8.1,...

CVE-2026-34778

Electron: Service worker spoof IPC replies flaw allows a session service worker to spoof internal IPC replies used by webContents.executeJavaScript, causing the main-process promise to resolve with attacker-controlled data. Affected only if service workers are registered and the result of execute...

CVE-2026-34778 Electron: Service worker can spoof executeJavaScript IPC replies

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.1, and 41.0.0, a service worker running in a session could spoof reply messages on the internal IPC channel used by webContents.executeJavaScript and...

CVE-2026-34778 Electron: Service worker can spoof executeJavaScript IPC replies

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.1, and 41.0.0, a service worker running in a session could spoof reply messages on the internal IPC channel used by webContents.executeJavaScript and...

CVE-2026-34938 PraisonAI: Python Sandbox Escape via str Subclass startswith() Override in execute_code

PraisonAI is a multi-agent teams system. Prior to version 1.5.90, executecode in praisonai-agents runs attacker-controlled Python inside a three-layer sandbox that can be fully bypassed by passing a str subclass with an overridden startswith method to the safegetattr wrapper, achieving arbitrary ...