23 matches found
Cybersecurity AI (CAI) Framework 0.5.10 - Command Injection
Exploit Title: Cybersecurity AI CAI Framework 0.5.10 - Command Injection CVE: CVE-2026-25130 Date: 2026-02-03 Exploit Author: Mohammed Idrees Banyamer Author Country: Jordan Instagram: @banyamersecurity Author GitHub: https://github.com/yourusername Vendor Homepage:...
EUVD-2026-11569
CAI findfile Agent Tool has Command Injection Vulnerability Through Argument Injection...
Exploit for CVE-2026-25130
CVE-2026-25130 – Cybersecurity AI CAI Framework Argument Inj...
CVE-2026-25130
Cybersecurity AI CAI is a framework for AI Security. In versions up to and including 0.5.10, the CAI Cybersecurity AI framework contains multiple argument injection vulnerabilities in its function tools. User-controlled input is passed directly to shell commands via subprocess.Popen with...
Arbitrary Command Injection
Overview cai-framework is a Cybersecurity AI Framework Affected versions of this package are vulnerable to Arbitrary Command Injection via the findfile function, which calls subprocess.Popen with shell=True. An attacker can execute arbitrary commands on the host system by injecting malicious...
GHSA-JFPC-WJ3M-QW2M CAI find_file Agent Tool has Command Injection Vulnerability Through Argument Injection
Summary The CAI Cybersecurity AI framework contains multiple argument injection vulnerabilities in its function tools. User-controlled input is passed directly to shell commands via subprocess.Popen with shell=True, allowing attackers to execute arbitrary commands on the host system. Vulnerable...
CAI find_file Agent Tool has Command Injection Vulnerability Through Argument Injection
Summary The CAI Cybersecurity AI framework contains multiple argument injection vulnerabilities in its function tools. User-controlled input is passed directly to shell commands via subprocess.Popen with shell=True, allowing attackers to execute arbitrary commands on the host system. Vulnerable...
CVE-2026-25130 Cybersecurity AI vulnerable to command Injection through argument injection in find_file Agent tool
Cybersecurity AI CAI is a framework for AI Security. In versions up to and including 0.5.10, the CAI Cybersecurity AI framework contains multiple argument injection vulnerabilities in its function tools. User-controlled input is passed directly to shell commands via subprocess.Popen with...
EUVD-2026-5008
Cybersecurity AI CAI is a framework for AI Security. In versions up to and including 0.5.10, the CAI Cybersecurity AI framework contains multiple argument injection vulnerabilities in its function tools. User-controlled input is passed directly to shell commands via subprocess.Popen with...
CVE-2026-25130 Cybersecurity AI vulnerable to command Injection through argument injection in find_file Agent tool
Cybersecurity AI CAI is a framework for AI Security. In versions up to and including 0.5.10, the CAI Cybersecurity AI framework contains multiple argument injection vulnerabilities in its function tools. User-controlled input is passed directly to shell commands via subprocess.Popen with...
CVE-2026-25130
Cybersecurity AI CAI is a framework for AI Security. In versions up to and including 0.5.10, the CAI Cybersecurity AI framework contains multiple argument injection vulnerabilities in its function tools. User-controlled input is passed directly to shell commands via subprocess.Popen with...
CVE-2026-25130 Cybersecurity AI vulnerable to command Injection through argument injection in find_file Agent tool
Cybersecurity AI CAI is a framework for AI Security. In versions up to and including 0.5.10, the CAI Cybersecurity AI framework contains multiple argument injection vulnerabilities in its function tools. User-controlled input is passed directly to shell commands via subprocess.Popen with...
CVE-2025-64989
CVE-2025-64989 describes a command-injection flaw in TeamViewer DEX (formerly 1E DEX), within the 1E-Explorer-TachyonCore-FindFileBySizeAndHash instruction prior to V21.1. The issue stems from improper input validation that allows authenticated attackers with Actioner privileges to inject and exe...
CVE-2025-64989 Command Injection in 1E-Explorer-TachyonCore-FindFileBySizeAndHash Instruction
A command injection vulnerability was discovered in TeamViewer DEX former 1E DEX, specifically within the 1E-Explorer-TachyonCore-FindFileBySizeAndHash instruction prior V21.1. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands...
CVE-2025-64989 Command Injection in 1E-Explorer-TachyonCore-FindFileBySizeAndHash Instruction
A command injection vulnerability was discovered in TeamViewer DEX former 1E DEX, specifically within the 1E-Explorer-TachyonCore-FindFileBySizeAndHash instruction prior V21.1. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands...
PT-2025-50596
A command injection vulnerability was discovered in TeamViewer DEX former 1E DEX, specifically within the 1E-Explorer-TachyonCore-FindFileBySizeAndHash instruction prior V21.1. Improper input validation, allowing authenticated attackers with Actioner privileges to inject arbitrary commands...
EUVD-2025-32476
A weakness has been identified in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. The affected element is the function findFileServerPage of the file findFileServerPage.do. Executing manipulation of the argument sort can lead to sql injection. It is possible to launch the attac...
Tipray Data Leakage Prevention System 安全漏洞
Tipray Data Leakage Prevention System is a data leakage prevention system of China Tipray Company. A security vulnerability exists in Tipray Data Leakage Prevention System version 1.0, which originates from the incorrect operation of the parameter sort in the file findFileServerPage.do, and may...
CVE-2025-22240
Arbitrary directory creation or file deletion. In the findfile method of the GitFS class, a path is created using os.path.join using unvalidated input from the “tgtenv” variable. This can be exploited by an attacker to delete any file on the Master's process has permissions to...
Salt 安全漏洞
Salt is an automation, infrastructure management, data-driven orchestration and remote execution application from the Salt project. A security vulnerability exists in Salt that stems from the use of unvalidated input to create paths in the findfile method of the GitFS class, which could lead to...