CVE-2026-27961

Agenta is an open-source LLMOps platform. A Server-Side Template Injection SSTI vulnerability exists in versions prior to 0.86.8 in Agenta's API server evaluator template rendering. Although the vulnerable code lives in the SDK package, it is executed server-side within the API process when runni...

EUVD-2026-8817

Agenta is an open-source LLMOps platform. A Server-Side Template Injection SSTI vulnerability exists in versions prior to 0.86.8 in Agenta's API server evaluator template rendering. Although the vulnerable code lives in the SDK package, it is executed server-side within the API process when runni...

CVE-2026-27961

Agenta (open-source LLMOps platform) has a Server-Side Template Injection (SSTI) vulnerability in API server evaluator templates for versions prior to 0.86.8. The vulnerable code runs server-side within the API process (SDK code executed server-side) and does not affect standalone SDK usage; impa...

EUVD-2023-23567

Malicious code in bioql PyPI...

CVE-2023-1304 Rapid7 InsightCloudSec getattr() method access

An authenticated attacker can leverage an exposed getattr method via a Jinja template to smuggle OS commands and perform other actions that are normally expected to be private methods. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the...