CVE-2026-41265

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the specific flaw exists within the run method of the AirtableAgents class. The issue results from the lack of proper sandboxing when evaluating an LLM generated python script. Using prompt...

CVE-2026-31231

Cognee thru v0.4.0 contains a critical remote code execution vulnerability in its notebook cell execution API endpoint. The endpoint is designed to execute arbitrary Python code provided by the user, but it does so using the unsafe exec function without any sandboxing, validation, or security...

Flowise 安全漏洞

Flowise is an open-source tool developed by FlowiseAI, designed for easily building LLM applications. Prior versions of Flowise, up to 3.1.0, contained a security vulnerability. This vulnerability stemmed from the lack of proper sandboxing mechanisms in the run method of the CSVAgents class,...

vanna Code Injection Vulnerability

Vanna is a personalized AI SQL agent from Vanna. vanna suffers from a code injection vulnerability that stems from a lack of sandboxing for executing LLM-generated code, which allows an attacker to manipulate the exec function in src/vanna/base/base.py, which can be exploited by an attacker to...