CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

12 matches found

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2024-0100

Malicious code in bioql PyPI...

8.8CVSS8.5AI score0.00527EPSS

Exploits1References3

RedhatCVE•added 2025/05/23 9:42 a.m.•7 views

CVE-2024-23750

MetaGPT through 0.6.4 allows the QaEngineer role to execute arbitrary code because RunCode.runscript passes shell metacharacters to subprocess.Popen...

8.8CVSS7.8AI score0.00527EPSS

Exploits1References1

Veracode•added 2024/01/24 10:40 a.m.•20 views

Arbitrary Code Execution

metagpt is vulnerable to Arbitrary Code Execution. The vulnerability is due to the 'RunCode.runscript function passing shell metacharacters to subprocess.Popen caused by improper prompt santization. A user with the QaEngineer role can execute arbitrary code...

8.8CVSS7.5AI score0.00527EPSS

Exploits1References2Affected Software1

OSV•added 2024/01/22 3:30 a.m.•16 views

GHSA-G7PH-8423-PF4J Code execution in metagpt

MetaGPT through 0.6.4 allows the QaEngineer role to execute arbitrary code because RunCode.runscript passes shell metacharacters to subprocess.Popen...

8.8CVSS8.9AI score0.00527EPSS

Exploits1References4

NVD•added 2024/01/22 1:15 a.m.•10 views

CVE-2024-23750

MetaGPT through 0.6.4 allows the QaEngineer role to execute arbitrary code because RunCode.runscript passes shell metacharacters to subprocess.Popen...

8.8CVSS9AI score0.00527EPSS

Exploits1References1

OSV•added 2024/01/22 1:15 a.m.•14 views

CVE-2024-23750

MetaGPT through 0.6.4 allows the QaEngineer role to execute arbitrary code because RunCode.runscript passes shell metacharacters to subprocess.Popen...

8.8CVSS9AI score

Exploits0References1

Prion•added 2024/01/22 1:15 a.m.•11 views

Design/Logic Flaw

MetaGPT through 0.6.4 allows the QaEngineer role to execute arbitrary code because RunCode.runscript passes shell metacharacters to subprocess.Popen...

6.5CVSS8AI score0.00527EPSS

Exploits1References1Affected Software1

OSV•added 2024/01/22 1:15 a.m.•24 views

PYSEC-2024-9

MetaGPT through 0.6.4 allows the QaEngineer role to execute arbitrary code because RunCode.runscript passes shell metacharacters to subprocess.Popen...

8.8CVSS7.9AI score0.00527EPSS

Exploits1References1

PyPA•added 2024/01/22 1:15 a.m.•4 views

PYSEC-2024-9

MetaGPT through 0.6.4 allows the QaEngineer role to execute arbitrary code because RunCode.runscript passes shell metacharacters to subprocess.Popen...

8.8CVSS8AI score0.00527EPSS

Exploits1References1Affected Software1

CVE•added 2024/01/22 12:0 a.m.•44 views

CVE-2024-23750

Summary: CVE-2024-23750 affects MetaGPT (0.6.4 and earlier). The root cause is in RunCode.run_script(), which passes shell metacharacters to subprocess.Popen, enabling arbitrary code execution by the QaEngineer role. Impact: full code execution with high severity (CVSS 3.1 base score 8.8) as indi...

8.8CVSS8.9AI score0.00527EPSS

Exploits1References1Affected Software1

Vulnrichment•added 2024/01/22 12:0 a.m.•2 views

CVE-2024-23750

MetaGPT through 0.6.4 allows the QaEngineer role to execute arbitrary code because RunCode.runscript passes shell metacharacters to subprocess.Popen...

9AI score0.00527EPSS

Exploits1References1

Cvelist•added 2024/01/22 12:0 a.m.•12 views

CVE-2024-23750

MetaGPT through 0.6.4 allows the QaEngineer role to execute arbitrary code because RunCode.runscript passes shell metacharacters to subprocess.Popen...

9.2AI score0.00527EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by