CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

978 matches found

GithubExploit•added 2026/04/30 8:38 p.m.•74 views

Exploit for CVE-2026-31431

Copy Fail PoC English Python PoC for CVE-2026-31431,...

7.8CVSS5.7AI score0.96775EPSS

Exploits227

Github Security Blog•added 2026/04/29 9:21 p.m.•11 views

n8n has a Python Task Runner Sandbox Escape Vulnerability

Impact An authenticated user with permission to create or modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner container. - This issue only affects instances where the Python Task Runner is enabled. Patches The issue has...

8.8CVSS6.4AI score0.00377EPSS

Exploits0References3Affected Software1

GithubExploit•added 2026/04/27 8:29 a.m.•84 views

Sentinal-ai

Sentinal-ai Free, offline...

5.7AI score

Exploits0

Cvelist•added 2026/04/23 7:5 p.m.•31 views

CVE-2026-41138 Flowise: Remote code execution vulnerability in AirtableAgent.ts caused by lack of input verification when using Pandas.

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, there is a remote code execution vulnerability in AirtableAgent.ts caused by lack of input verification when using Pandas. The user’s input is directly applied to the question parameter within...

8.3CVSS0.00603EPSS

Exploits1References1

Positive Technologies•added 2026/04/23 12:0 a.m.•2 views

PT-2026-34730

8.3CVSS8AI score0.00603EPSS

Exploits1References2

CNNVD•added 2026/04/22 12:0 a.m.•6 views

Red Hat Enterprise Linux AI 安全漏洞

Red Hat Enterprise Linux AI is a Linux distribution created by the American company Red Hat for generative AI. Red Hat Enterprise Linux AI RHEL AI 3 has a security vulnerability. This vulnerability stems from the linuxtrain.py script, which loads models from HuggingFace by hardcoding...

8.8CVSS6.2AI score0.00353EPSS

Exploits0References1

Github Security Blog•added 2026/04/20 6:31 a.m.•4 views

AgentScope Vulnerable to Remote Code Injection

A vulnerability was determined in modelscope agentscope up to 1.0.18. Affected by this vulnerability is the function executepythoncode/executeshellcommand of the file src/AgentScope/tool/coding/python.py. This manipulation causes code injection. The attack is possible to be carried out remotely...

7.5CVSS7.1AI score0.00311EPSS

Exploits0References6Affected Software1

OSV•added 2026/04/20 6:31 a.m.•1 views

GHSA-CR24-FV3H-8CJM AgentScope Vulnerable to Remote Code Injection

7.3CVSS5.5AI score0.00311EPSS

Exploits0References6

Vulnrichment•added 2026/04/20 4:0 a.m.•1 views

CVE-2026-6603 modelscope agentscope _python.py execute_shell_command code injection

7.5CVSS6.8AI score0.00311EPSS

Exploits0References4

CNNVD•added 2026/04/20 12:0 a.m.•8 views

AgentScope 安全漏洞

AgentScope is an open-source application developed by ModelScope. It simplifies the development of multi-agent applications based on LLMs. Versions of AgentScope prior to 1.0.18 contain security vulnerabilities, which stem from incorrect operations on the function...

7.5CVSS7.2AI score0.00311EPSS

Exploits0References1

Snyk•added 2026/04/16 9:43 p.m.•2 views

Arbitrary Code Injection

Overview flowise-components is a Flowiseai Components Affected versions of this package are vulnerable to Arbitrary Code Injection through the pythonCodeValidator and the Python execution paths in AirtableAgent.ts and CSVAgent.ts. An attacker can supply LLM-generated Python code that smuggles in...

8.8CVSS6.1AI score0.00603EPSS

Exploits1References2

Packet Storm News•added 2026/04/15 12:0 a.m.•2 views

RealVuln: Benchmarking Rule-Based, General-Purpose LLM, and Security-Specialized Scanners on Real-World Code

How do security scanners perform on real-world code? We present RealVuln, the first open-source benchmark comparing Rule-Based SAST, General-Purpose LLMs, and Security-Specialized scanners on 26 intentionally vulnerable Python repositories educational and Capture-The-Flag applications with 796...

5.8AI score

Exploits0

Veracode•added 2026/04/11 5:35 a.m.•4 views

Eval Injection

Agno is vulnerable to Eval Injection. The vulnerability is due to unsafe use of eval on the fieldtype parameter without proper validation, which allows an attacker to execute arbitrary Python code by manipulating input...

9.8CVSS5.8AI score0.00852EPSS

Exploits0References2Affected Software1

Github Security Blog•added 2026/04/10 7:26 p.m.•5 views

PraisonAI Vulnerable Untrusted Remote Template Code Execution

PraisonAI treats remotely fetched template files as trusted executable code without integrity verification, origin validation, or user confirmation, enabling supply chain attacks through malicious templates. --- Description When a user installs a template from a remote source e.g., GitHub,...

9.6CVSS6.3AI score0.00304EPSS

Exploits1References4Affected Software1

Github Security Blog•added 2026/04/06 11:9 p.m.•5 views

PraisonAI Has Path Traversal in FileTools

Executive Summary: The path validation has a critical logic bug: it checks for .. AFTER normpath has already collapsed all .. sequences. This makes the check completely useless and allows trivial path traversal to any file on the system. The path validation function also does not resolve the...

9.2CVSS6.1AI score0.00416EPSS

Exploits1References4Affected Software1

EUVD•added 2026/04/02 3:31 p.m.•2 views

EUVD-2026-18334

Agno versions prior to 2.3.24 contain an arbitrary code execution vulnerability in the model execution component that allows attackers to execute arbitrary Python code by manipulating the fieldtype parameter passed to eval. Attackers can influence the fieldtype value in a FunctionCall to achieve...

9.3CVSS6.7AI score0.00852EPSS

Exploits0References4

Github Security Blog•added 2026/04/02 3:31 p.m.•4 views

Agno is vulnerable to Eval Injection

9.8CVSS6.8AI score0.00852EPSS

Exploits0References5Affected Software1