Lucene search
K

2345 matches found

CVE
CVE
added 2026/03/29 12:44 p.m.14 views

CVE-2026-32979

OpenClaw CVE-2026-32979 affects versions prior to 2026.3.11, where an approval integrity vulnerability enables attackers to execute rewritten local code by modifying scripts between approval and execution when exact file binding cannot occur. Remote attackers can alter approved local scripts befo...

7.3CVSS6.4AI score0.00132EPSS
Exploits0References2Affected Software1
Fedora
Fedora
added 2026/03/29 12:51 a.m.5 views

[SECURITY] Fedora 43 Update: python3.13-3.13.12-2.fc43

Python 3.13 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.13 package provides the "python3.13" executable:...

7.1CVSS5.9AI score0.00308EPSS
Exploits0
Fedora
Fedora
added 2026/03/29 12:51 a.m.10 views

[SECURITY] Fedora 43 Update: python3.11-3.11.15-2.fc43

Python 3.11 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.11 package provides the "python3.11" executable:...

7.1CVSS5.9AI score0.00308EPSS
Exploits0
Fedora
Fedora
added 2026/03/29 12:18 a.m.6 views

[SECURITY] Fedora 44 Update: python3.13-3.13.12-2.fc44

Python 3.13 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.13 package provides the "python3.13" executable:...

7.1CVSS5.9AI score0.00308EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/28 4:56 a.m.4 views

CVE-2026-30302

The command auto-approval module in CodeRider-Kilo contains an OS Command Injection vulnerability, rendering its whitelist security mechanism ineffective. The vulnerability stems from the incorrect use of an incompatible command parser the Unix-based shell-quote library to analyze commands on the...

10CVSS6.2AI score0.01993EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/27 12:0 a.m.20 views

CVE-2026-30303

The command auto-approval module in Axon Code contains an OS Command Injection vulnerability, rendering its whitelist security mechanism ineffective. The vulnerability stems from the incorrect use of an incompatible command parser the Unix-based shell-quote library to analyze commands on the...

0.01376EPSS
Exploits0References2
CVE
CVE
added 2026/03/27 12:0 a.m.8 views

CVE-2026-30302

The CVE-2026-30302 entry describes an OS Command Injection in CodeRider-Kilo’s command auto-approval module. The root cause is the use of a Unix-based shell-quote parser to analyze Windows commands and improper handling of Windows CMD escape sequences (^). Attackers can craft payloads such as git...

10CVSS6.2AI score0.01993EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/26 3:15 p.m.6 views

CVE-2026-4516

A vulnerability was found in Foundation Agents MetaGPT up to 0.8.1. This vulnerability affects unknown code of the file metagpt/actions/di/writeanalysiscode.py of the component DataInterpreter. The manipulation results in injection. It is possible to launch the attack remotely. The exploit has be...

6.5CVSS6.2AI score0.00246EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/24 8:31 p.m.4 views

CVE-2026-32948

A flaw was found in sbt, a build tool for Scala and Java. On Windows, sbt uses the cmd /c command interpreter to execute version control system VCS commands. A remote attacker can exploit this by providing a specially crafted URI fragment such as a branch, tag, or revision name in the build...

7.8CVSS6AI score0.00304EPSS
Exploits1References7
Snyk
Snyk
added 2026/03/21 4:37 p.m.3 views

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview metagpt is a The Multi-Agent Framework Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via the DataInterpreter component. An attacker can execute arbitrary code by injecting malicious inp...

6.5CVSS6.9AI score0.00246EPSS
Exploits0References2
NVD
NVD
added 2026/03/21 3:17 p.m.5 views

CVE-2026-4516

A vulnerability was found in Foundation Agents MetaGPT up to 0.8.1. This vulnerability affects unknown code of the file metagpt/actions/di/writeanalysiscode.py of the component DataInterpreter. The manipulation results in injection. It is possible to launch the attack remotely. The exploit has be...

6.5CVSS0.00246EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/21 3:2 p.m.4 views

CVE-2026-4516

A vulnerability was found in Foundation Agents MetaGPT up to 0.8.1. This vulnerability affects unknown code of the file metagpt/actions/di/writeanalysiscode.py of the component DataInterpreter. The manipulation results in injection. It is possible to launch the attack remotely. The exploit has be...

6.5CVSS5.4AI score0.00246EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/21 3:2 p.m.3 views

CVE-2026-4516 Foundation Agents MetaGPT DataInterpreter write_analysis_code.py injection

A vulnerability was found in Foundation Agents MetaGPT up to 0.8.1. This vulnerability affects unknown code of the file metagpt/actions/di/writeanalysiscode.py of the component DataInterpreter. The manipulation results in injection. It is possible to launch the attack remotely. The exploit has be...

6.5CVSS5.4AI score0.00246EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/21 3:2 p.m.33 views

CVE-2026-4516 Foundation Agents MetaGPT DataInterpreter write_analysis_code.py injection

A vulnerability was found in Foundation Agents MetaGPT up to 0.8.1. This vulnerability affects unknown code of the file metagpt/actions/di/writeanalysiscode.py of the component DataInterpreter. The manipulation results in injection. It is possible to launch the attack remotely. The exploit has be...

6.5CVSS0.00246EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/21 12:0 a.m.6 views

PT-2026-26920

A vulnerability was found in Foundation Agents MetaGPT up to 0.8.1. This vulnerability affects unknown code of the file metagpt/actions/di/write analysis code.py of the component DataInterpreter. The manipulation results in injection. It is possible to launch the attack remotely. The exploit has...

6.5CVSS6.2AI score0.00246EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.11 views

CPython 安全漏洞

CPython is a Python interpreter implemented in C language by the Python Foundation. CPython has a security vulnerability that stems from the webbrowser.open API accepting leading dashes in URLs. This could allow certain web browsers to treat these URLs as command-line options, resulting in securi...

7CVSS6.7AI score0.00308EPSS
Exploits0References6
OSV
OSV
added 2026/03/19 1:0 a.m.3 views

CVE-2026-31995 OpenClaw 2026.1.21 < 2026.2.19 - Command Injection via Windows Shell Fallback in Lobster Extension

OpenClaw versions 2026.1.21 prior to 2026.2.19 contain a command injection vulnerability in the Lobster extension's Windows shell fallback mechanism that allows attackers to inject arbitrary commands through tool-provided arguments. When spawn failures trigger shell fallback with shell: true,...

5.8CVSS6.3AI score0.00525EPSS
Exploits0References5
The Hacker News
The Hacker News
added 2026/03/17 4:39 p.m.10 views

AI Flaws in Amazon Bedrock, LangSmith, and SGLang Enable Data Exfiltration and RCE

Cybersecurity researchers have disclosed details of a new method for exfiltrating sensitive data from artificial intelligence AI code execution environments using domain name system DNS queries. In a report published Monday, BeyondTrust revealed that Amazon Bedrock AgentCore Code Interpreter's...

9.8CVSS7.8AI score0.01534EPSS
Exploits2
HackRead
HackRead
added 2026/03/16 11:13 p.m.7 views

Researchers Find Data Leak Risk in AWS Bedrock AI Code Interpreter

AWS Bedrock AI tool flaw allows data leaks via DNS queries in AgentCore Code Interpreter sandbox, exposing sensitive cloud data, researchers warn...

5.8AI score
Exploits0
CNNVD
CNNVD
added 2026/03/16 12:0 a.m.10 views

CPython 安全漏洞

CPython is a Python interpreter implemented in C language by the Python Foundation. CPython has security vulnerabilities; these vulnerabilities arise when parsing inline document type definitions that contain deeply nested content models, potentially leading to C stack overflows...

6CVSS5.8AI score0.00621EPSS
Exploits0References7
Rows per page
Query Builder