Lucene search
+L

700 matches found

OSV
OSV
added 2026/04/12 2:0 a.m.3 views

CVE-2026-6110 FoundationAgents MetaGPT Tree-of-Thought Solver tot.py generate_thoughts code injection

A vulnerability was identified in FoundationAgents MetaGPT up to 0.8.1. This affects the function generatethoughts of the file metagpt/strategy/tot.py of the component Tree-of-Thought Solver. The manipulation leads to code injection. It is possible to initiate the attack remotely. The exploit is...

6.9CVSS6.7AI score0.00409EPSS
Exploits1References8
CNNVD
CNNVD
added 2026/04/12 12:0 a.m.9 views

MetaGPT 代码注入漏洞

MetaGPT is a multi-agent framework developed by MetaGPT Inc. Versions of MetaGPT 0.8.1 and earlier contained a code injection vulnerability. This vulnerability stemmed from the generatethoughts function in the Tree-of-Thought Solver component’s metagpt/strategy/tot.py file, which could lead to...

9.8CVSS7.2AI score0.00409EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/04/12 12:0 a.m.14 views

PT-2026-32143

Name of the Vulnerable Software and Affected Versions FoundationAgents MetaGPT versions up to 0.8.1 Description A code injection issue exists in FoundationAgents MetaGPT up to version 0.8.1. The issue is located in the generate thoughts function within the metagpt/strategy/tot.py file of the...

9.8CVSS7.1AI score0.00409EPSS
Exploits1References16
Vulnrichment
Vulnrichment
added 2026/04/09 2:0 a.m.3 views

CVE-2026-5832 atototo api-lab-mcp HTTP http-server.ts test_http_endpoint server-side request forgery

A weakness has been identified in atototo api-lab-mcp up to 0.2.1. This affects the function analyzeapispec/generatetestscenarios/testhttpendpoint of the file src/mcp/http-server.ts of the component HTTP Interface. This manipulation of the argument source/url causes server-side request forgery. T...

7.5CVSS5.4AI score0.00288EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/04/06 10:57 a.m.4 views

CVE-2026-5532

A vulnerability was found in ScrapeGraphAI scrapegraph-ai up to 1.74.0. The affected element is the function createsandboxandexecute of the file scrapegraphai/nodes/generatecodenode.py of the component GenerateCodeNode Component. The manipulation results in os command injection. The attack may be...

7.5CVSS6.2AI score0.01449EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/06 10:57 a.m.6 views

CVE-2026-22662

prompts.chat prior to commit 1464475 contains a blind server-side request forgery vulnerability in the Wiro media generator that allows authenticated users to perform server-side fetches of user-controlled inputImageUrl parameters. Attackers can exploit this vulnerability by sending POST requests...

5.3CVSS6AI score0.00195EPSS
Exploits0References1
NVD
NVD
added 2026/04/05 2:16 a.m.7 views

CVE-2026-5532

A vulnerability was found in ScrapeGraphAI scrapegraph-ai up to 1.74.0. The affected element is the function createsandboxandexecute of the file scrapegraphai/nodes/generatecodenode.py of the component GenerateCodeNode Component. The manipulation results in os command injection. The attack may be...

7.5CVSS0.01449EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/05 1:15 a.m.5 views

CVE-2026-5532 ScrapeGraphAI scrapegraph-ai GenerateCodeNode generate_code_node.py create_sandbox_and_execute os command injection

A vulnerability was found in ScrapeGraphAI scrapegraph-ai up to 1.74.0. The affected element is the function createsandboxandexecute of the file scrapegraphai/nodes/generatecodenode.py of the component GenerateCodeNode Component. The manipulation results in os command injection. The attack may be...

7.5CVSS6.2AI score0.01449EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/05 1:15 a.m.34 views

CVE-2026-5532 ScrapeGraphAI scrapegraph-ai GenerateCodeNode generate_code_node.py create_sandbox_and_execute os command injection

A vulnerability was found in ScrapeGraphAI scrapegraph-ai up to 1.74.0. The affected element is the function createsandboxandexecute of the file scrapegraphai/nodes/generatecodenode.py of the component GenerateCodeNode Component. The manipulation results in os command injection. The attack may be...

7.5CVSS0.01449EPSS
Exploits0References4
CVE
CVE
added 2026/04/05 1:15 a.m.15 views

CVE-2026-5532

The CVE-2026-5532 entry concerns ScrapeGraphAI scrapegraph-ai (up to version 1.74.0). The vulnerable element is the function create_sandbox_and_execute in scrapegraphai/nodes/generate_code_node.py of the GenerateCodeNode Component, where manipulation leads to an OS command injection. The attack c...

7.5CVSS6.2AI score0.01449EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/05 12:0 a.m.5 views

PT-2026-30403

A vulnerability was found in ScrapeGraphAI scrapegraph-ai up to 1.74.0. The affected element is the function create sandbox and execute of the file scrapegraphai/nodes/generate code node.py of the component GenerateCodeNode Component. The manipulation results in os command injection. The attack m...

7.5CVSS5.6AI score0.01449EPSS
Exploits0References5
Snyk
Snyk
added 2026/04/03 10:21 p.m.6 views

Server-side Request Forgery (SSRF)

Overview prompts.chat is a Developer toolkit for AI prompts - build, validate, parse, and connect to prompts.chat Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the Wiro media-generate plugin. An attacker can access internal network resources and exfiltra...

5.3CVSS5.8AI score0.00195EPSS
Exploits0References2
NVD
NVD
added 2026/04/03 9:17 p.m.5 views

CVE-2026-22662

prompts.chat prior to commit 1464475 contains a blind server-side request forgery vulnerability in the Wiro media generator that allows authenticated users to perform server-side fetches of user-controlled inputImageUrl parameters. Attackers can exploit this vulnerability by sending POST requests...

5.3CVSS0.00195EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/03 8:27 p.m.2 views

CVE-2026-22662

prompts.chat prior to commit 1464475 contains a blind server-side request forgery vulnerability in the Wiro media generator that allows authenticated users to perform server-side fetches of user-controlled inputImageUrl parameters. Attackers can exploit this vulnerability by sending POST requests...

5.3CVSS6AI score0.00195EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/03 8:27 p.m.3 views

CVE-2026-22662 prompts.chat Blind SSRF via media-generate

prompts.chat prior to commit 1464475 contains a blind server-side request forgery vulnerability in the Wiro media generator that allows authenticated users to perform server-side fetches of user-controlled inputImageUrl parameters. Attackers can exploit this vulnerability by sending POST requests...

5.3CVSS6AI score0.00195EPSS
Exploits0References3
OSV
OSV
added 2026/04/03 8:27 p.m.3 views

CVE-2026-22662 prompts.chat Blind SSRF via media-generate

prompts.chat prior to commit 1464475 contains a blind server-side request forgery vulnerability in the Wiro media generator that allows authenticated users to perform server-side fetches of user-controlled inputImageUrl parameters. Attackers can exploit this vulnerability by sending POST requests...

5.3CVSS6AI score0.00195EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/03 12:0 a.m.6 views

PT-2026-30226

prompts.chat prior to commit 1464475 contains a blind server-side request forgery vulnerability in the Wiro media generator that allows authenticated users to perform server-side fetches of user-controlled inputImageUrl parameters. Attackers can exploit this vulnerability by sending POST requests...

5.3CVSS6AI score0.00195EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/02 12:31 p.m.5 views

EUVD-2026-18173

Due to the improper neutralisation of special elements used in an OS command, a remote attacker can exploit an RCE vulnerability in the generateSrpArray function, resulting in full system compromise. This vulnerability can only be attacked if the attacker has some other way to write arbitrary dat...

7.2CVSS6AI score0.005EPSS
Exploits0References3
CVE
CVE
added 2026/04/02 8:59 a.m.14 views

CVE-2026-33613

CVE-2026-33613 concerns MB Connect Line mbCONNECT24 with a remote code execution in the generateSrpArray function caused by improper neutralisation of special elements in an OS command. The vulnerability allows an attacker to achieve full system compromise, but only if there is another path to wr...

8.8CVSS6AI score0.005EPSS
Exploits0References2Affected Software2
Snyk
Snyk
added 2026/03/31 11:43 p.m.7 views

Insufficient Entropy

Overview openssl-encrypt is an A package for secure file encryption and decryption based on modern ciphers using heavy-compute-load chaining of hashing and KDF to generate strong encryption password based on users provided password to ensure secure encryption of files Affected versions of this...

8.7CVSS5.9AI score
Exploits0References2
Rows per page
Query Builder