Lucene search
K

685 matches found

Snyk
Snyk
added 2026/04/17 6:31 a.m.7 views

Allocation of Resources Without Limits or Throttling

Overview github.com/hashicorp/vault/vault is a tool for securely accessing secrets. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the HandlerFunc and ReKey related operations in http/handler.go and vault/core.go. An attacker can start...

8.7CVSS5.7AI score0.00718EPSS
Exploits0References2
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2026/04/17 3:4 a.m.8 views

Vault Vulnerable to Denial-of-Service via Unauthenticated Root Token Generation/Rekey Operations

Summary Vault is vulnerable to a denial-of-service condition where an unauthenticated attacker can repeatedly initiate or cancel root token generation or rekey operations, occupying the single in-progress operation slot. This prevents legitimate operators from completing these workflows. This...

7.5CVSS6.9AI score0.00718EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/04/15 9:17 p.m.6 views

CVE-2026-40176

Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::generateP4Command method, which constructs shell commands by interpolating user-supplied Perforce connection parameters port, user, client without...

7.8CVSS0.01065EPSS
Exploits4References6
RedhatCVE
RedhatCVE
added 2026/04/13 7:24 p.m.5 views

CVE-2026-6110

A vulnerability was identified in FoundationAgents MetaGPT up to 0.8.1. This affects the function generatethoughts of the file metagpt/strategy/tot.py of the component Tree-of-Thought Solver. The manipulation leads to code injection. It is possible to initiate the attack remotely. The exploit is...

9.8CVSS5.5AI score0.00409EPSS
Exploits1References1
Snyk
Snyk
added 2026/04/12 3:30 a.m.9 views

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview metagpt is a The Multi-Agent Framework Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via the generatethoughts function in the Tree-of-Thought Solver component. An attacker can execute...

9.8CVSS7.8AI score0.00409EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/04/12 3:30 a.m.12 views

MetaGPT has an eval injection in metagpt/strategy/tot.py

A vulnerability was identified in FoundationAgents MetaGPT up to 0.8.2. This affects the function generatethoughts of the file metagpt/strategy/tot.py of the component Tree-of-Thought Solver. The manipulation leads to code injection. It is possible to initiate the attack remotely. The exploit is...

9.8CVSS6.7AI score0.00409EPSS
Exploits1References8Affected Software1
CVE
CVE
added 2026/04/12 2:0 a.m.26 views

CVE-2026-6110

CVE-2026-6110 affects FoundationAgents MetaGPT (Tree-of-Thought Solver) up to version 0.8.1/0.8.2, with the vulnerability located in generate_thoughts (metagpt/strategy/tot.py). The described manipulation enables code injection and remote initiation of an attack. Public exploit content exists and...

9.8CVSS6.8AI score0.00409EPSS
Exploits1References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/12 2:0 a.m.2 views

CVE-2026-6110

A vulnerability was identified in FoundationAgents MetaGPT up to 0.8.1. This affects the function generatethoughts of the file metagpt/strategy/tot.py of the component Tree-of-Thought Solver. The manipulation leads to code injection. It is possible to initiate the attack remotely. The exploit is...

7.5CVSS6.8AI score0.00409EPSS
Exploits1References6Affected Software1
EUVD
EUVD
added 2026/04/12 2:0 a.m.4 views

EUVD-2026-21696

A vulnerability was identified in FoundationAgents MetaGPT up to 0.8.1. This affects the function generatethoughts of the file metagpt/strategy/tot.py of the component Tree-of-Thought Solver. The manipulation leads to code injection. It is possible to initiate the attack remotely. The exploit is...

7.5CVSS6.7AI score0.00409EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/04/12 12:0 a.m.9 views

MetaGPT 代码注入漏洞

MetaGPT is a multi-agent framework developed by MetaGPT Inc. Versions of MetaGPT 0.8.1 and earlier contained a code injection vulnerability. This vulnerability stemmed from the generatethoughts function in the Tree-of-Thought Solver component’s metagpt/strategy/tot.py file, which could lead to...

9.8CVSS7.2AI score0.00409EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/04/12 12:0 a.m.11 views

PT-2026-32143

Name of the Vulnerable Software and Affected Versions FoundationAgents MetaGPT versions up to 0.8.1 Description A code injection issue exists in FoundationAgents MetaGPT up to version 0.8.1. The issue is located in the generate thoughts function within the metagpt/strategy/tot.py file of the...

9.8CVSS7.1AI score0.00409EPSS
Exploits1References11
Vulnrichment
Vulnrichment
added 2026/04/09 2:0 a.m.3 views

CVE-2026-5832 atototo api-lab-mcp HTTP http-server.ts test_http_endpoint server-side request forgery

A weakness has been identified in atototo api-lab-mcp up to 0.2.1. This affects the function analyzeapispec/generatetestscenarios/testhttpendpoint of the file src/mcp/http-server.ts of the component HTTP Interface. This manipulation of the argument source/url causes server-side request forgery. T...

7.5CVSS5.4AI score0.00288EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/04/06 10:57 a.m.3 views

CVE-2026-5532

A vulnerability was found in ScrapeGraphAI scrapegraph-ai up to 1.74.0. The affected element is the function createsandboxandexecute of the file scrapegraphai/nodes/generatecodenode.py of the component GenerateCodeNode Component. The manipulation results in os command injection. The attack may be...

7.5CVSS6.2AI score0.01449EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/06 10:57 a.m.5 views

CVE-2026-22662

prompts.chat prior to commit 1464475 contains a blind server-side request forgery vulnerability in the Wiro media generator that allows authenticated users to perform server-side fetches of user-controlled inputImageUrl parameters. Attackers can exploit this vulnerability by sending POST requests...

5.3CVSS6AI score0.00195EPSS
Exploits0References1
NVD
NVD
added 2026/04/05 2:16 a.m.6 views

CVE-2026-5532

A vulnerability was found in ScrapeGraphAI scrapegraph-ai up to 1.74.0. The affected element is the function createsandboxandexecute of the file scrapegraphai/nodes/generatecodenode.py of the component GenerateCodeNode Component. The manipulation results in os command injection. The attack may be...

7.5CVSS0.01449EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/05 1:15 a.m.5 views

CVE-2026-5532 ScrapeGraphAI scrapegraph-ai GenerateCodeNode generate_code_node.py create_sandbox_and_execute os command injection

A vulnerability was found in ScrapeGraphAI scrapegraph-ai up to 1.74.0. The affected element is the function createsandboxandexecute of the file scrapegraphai/nodes/generatecodenode.py of the component GenerateCodeNode Component. The manipulation results in os command injection. The attack may be...

7.5CVSS6.2AI score0.01449EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/05 1:15 a.m.32 views

CVE-2026-5532 ScrapeGraphAI scrapegraph-ai GenerateCodeNode generate_code_node.py create_sandbox_and_execute os command injection

A vulnerability was found in ScrapeGraphAI scrapegraph-ai up to 1.74.0. The affected element is the function createsandboxandexecute of the file scrapegraphai/nodes/generatecodenode.py of the component GenerateCodeNode Component. The manipulation results in os command injection. The attack may be...

7.5CVSS0.01449EPSS
Exploits0References4
CVE
CVE
added 2026/04/05 1:15 a.m.11 views

CVE-2026-5532

The CVE-2026-5532 entry concerns ScrapeGraphAI scrapegraph-ai (up to version 1.74.0). The vulnerable element is the function create_sandbox_and_execute in scrapegraphai/nodes/generate_code_node.py of the GenerateCodeNode Component, where manipulation leads to an OS command injection. The attack c...

7.5CVSS6.2AI score0.01449EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/05 12:0 a.m.4 views

PT-2026-30403

A vulnerability was found in ScrapeGraphAI scrapegraph-ai up to 1.74.0. The affected element is the function create sandbox and execute of the file scrapegraphai/nodes/generate code node.py of the component GenerateCodeNode Component. The manipulation results in os command injection. The attack m...

7.5CVSS5.6AI score0.01449EPSS
Exploits0References5
Snyk
Snyk
added 2026/04/03 10:21 p.m.5 views

Server-side Request Forgery (SSRF)

Overview prompts.chat is a Developer toolkit for AI prompts - build, validate, parse, and connect to prompts.chat Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the Wiro media-generate plugin. An attacker can access internal network resources and exfiltra...

5.3CVSS5.8AI score0.00195EPSS
Exploits0References2
Rows per page
Query Builder