Lucene search
K

3014 matches found

CVE
CVE
added 2026/04/20 4:0 a.m.20 views

CVE-2026-6603

CVE-2026-6603 affects modelscope agentscope up to version 1.0.18. The vulnerability targets the function execute_python_code/execute_shell_command in src/AgentScope/tool/_coding/_python.py, enabling code injection due to the underlying manipulation. The attack is described as remotely exploitable...

7.5CVSS6.8AI score0.00311EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/20 4:0 a.m.4 views

CVE-2026-6603 modelscope agentscope _python.py execute_shell_command code injection

A vulnerability was determined in modelscope agentscope up to 1.0.18. Affected by this vulnerability is the function executepythoncode/executeshellcommand of the file src/AgentScope/tool/coding/python.py. This manipulation causes code injection. The attack is possible to be carried out remotely...

7.5CVSS6.8AI score0.00311EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/14 7:23 p.m.6 views

CVE-2026-5973

A vulnerability was found in FoundationAgents MetaGPT up to 0.8.1. Impacted is the function getmimetype of the file metagpt/utils/common.py. The manipulation results in os command injection. The attack can be executed remotely. The exploit has been made public and could be used. The project was...

9.8CVSS6.7AI score0.02283EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/04/13 7:25 p.m.5 views

CVE-2026-6125

A security flaw has been discovered in Dromara warm-flow up to 1.8.4. Impacted is the function SpelHelper.parseExpression of the file /warm-flow/save-json of the component Workflow Definition Handler. The manipulation of the argument listenerPath/skipCondition/permissionFlag results in code...

6.5CVSS5.5AI score0.00301EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/13 7:24 p.m.5 views

CVE-2026-6110

A vulnerability was identified in FoundationAgents MetaGPT up to 0.8.1. This affects the function generatethoughts of the file metagpt/strategy/tot.py of the component Tree-of-Thought Solver. The manipulation leads to code injection. It is possible to initiate the attack remotely. The exploit is...

9.8CVSS5.5AI score0.00409EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/12 12:30 p.m.6 views

EUVD-2026-21729

A security flaw has been discovered in Dromara warm-flow up to 1.8.4. Impacted is the function SpelHelper.parseExpression of the file /warm-flow/save-json of the component Workflow Definition Handler. The manipulation of the argument listenerPath/skipCondition/permissionFlag results in code...

6.5CVSS6.3AI score0.00301EPSS
Exploits0References6
NVD
NVD
added 2026/04/12 10:16 a.m.3 views

CVE-2026-6125

A security flaw has been discovered in Dromara warm-flow up to 1.8.4. Impacted is the function SpelHelper.parseExpression of the file /warm-flow/save-json of the component Workflow Definition Handler. The manipulation of the argument listenerPath/skipCondition/permissionFlag results in code...

6.5CVSS0.00301EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/12 9:30 a.m.3 views

CVE-2026-6125

A security flaw has been discovered in Dromara warm-flow up to 1.8.4. Impacted is the function SpelHelper.parseExpression of the file /warm-flow/save-json of the component Workflow Definition Handler. The manipulation of the argument listenerPath/skipCondition/permissionFlag results in code...

6.5CVSS6.3AI score0.00301EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/04/12 9:30 a.m.18 views

CVE-2026-6125

Affected software: Dromara warm-flow up to version 1.8.4. Vulnerable component: SpelHelper.parseExpression in /warm-flow/save-json of the Workflow Definition Handler. Issue: argument manipulation of listenerPath/skipCondition/permissionFlag enables code injection. Impact: remote attacker could ex...

6.5CVSS6.3AI score0.00301EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/12 9:30 a.m.36 views

CVE-2026-6125 Dromara warm-flow Workflow Definition save-json SpelHelper.parseExpression code injection

A security flaw has been discovered in Dromara warm-flow up to 1.8.4. Impacted is the function SpelHelper.parseExpression of the file /warm-flow/save-json of the component Workflow Definition Handler. The manipulation of the argument listenerPath/skipCondition/permissionFlag results in code...

6.5CVSS0.00301EPSS
Exploits0References5
OSV
OSV
added 2026/04/12 3:30 a.m.4 views

GHSA-XR7V-M9PX-Q4QJ MetaGPT has an eval injection in metagpt/strategy/tot.py

A vulnerability was identified in FoundationAgents MetaGPT up to 0.8.2. This affects the function generatethoughts of the file metagpt/strategy/tot.py of the component Tree-of-Thought Solver. The manipulation leads to code injection. It is possible to initiate the attack remotely. The exploit is...

7.3CVSS6.7AI score0.00409EPSS
Exploits1References7
Github Security Blog
Github Security Blog
added 2026/04/12 3:30 a.m.12 views

MetaGPT has an eval injection in metagpt/strategy/tot.py

A vulnerability was identified in FoundationAgents MetaGPT up to 0.8.2. This affects the function generatethoughts of the file metagpt/strategy/tot.py of the component Tree-of-Thought Solver. The manipulation leads to code injection. It is possible to initiate the attack remotely. The exploit is...

9.8CVSS6.7AI score0.00409EPSS
Exploits1References8Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/12 2:0 a.m.3 views

CVE-2026-6110 FoundationAgents MetaGPT Tree-of-Thought Solver tot.py generate_thoughts code injection

A vulnerability was identified in FoundationAgents MetaGPT up to 0.8.1. This affects the function generatethoughts of the file metagpt/strategy/tot.py of the component Tree-of-Thought Solver. The manipulation leads to code injection. It is possible to initiate the attack remotely. The exploit is...

7.5CVSS5.5AI score0.00409EPSS
Exploits1References6
CVE
CVE
added 2026/04/12 2:0 a.m.19 views

CVE-2026-6110

CVE-2026-6110 affects FoundationAgents MetaGPT (Tree-of-Thought Solver) up to version 0.8.1/0.8.2, with the vulnerability located in generate_thoughts (metagpt/strategy/tot.py). The described manipulation enables code injection and remote initiation of an attack. Public exploit content exists and...

9.8CVSS6.8AI score0.00409EPSS
Exploits1References6Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/12 12:0 a.m.11 views

PT-2026-32143

Name of the Vulnerable Software and Affected Versions FoundationAgents MetaGPT versions up to 0.8.1 Description A code injection issue exists in FoundationAgents MetaGPT up to version 0.8.1. The issue is located in the generate thoughts function within the metagpt/strategy/tot.py file of the...

9.8CVSS7.1AI score0.00409EPSS
Exploits1References11
Positive Technologies
Positive Technologies
added 2026/04/12 12:0 a.m.7 views

PT-2026-32157

A security flaw has been discovered in Dromara warm-flow up to 1.8.4. Impacted is the function SpelHelper.parseExpression of the file /warm-flow/save-json of the component Workflow Definition Handler. The manipulation of the argument listenerPath/skipCondition/permissionFlag results in code...

6.5CVSS6.3AI score0.00301EPSS
Exploits0References6
CVE
CVE
added 2026/04/10 6:0 a.m.17 views

CVE-2026-6027

CVE-2026-6027 affects Totolink A7100RU (firmware 7.4cu.2313_b20191024). The vulnerability is in the CGI Handler’s /cgi-bin/cstecgi.cgi, function setUrlFilterRules, where manipulating the enable argument can trigger an os command injection. The issue is exploitable remotely, and public exploit inf...

10CVSS7AI score0.02499EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/04/09 6:31 p.m.10 views

MetaGPT has an Injection issue

A vulnerability was detected in FoundationAgents MetaGPT up to 0.8.1. This affects the function checksolution of the component HumanEvalBenchmark/MBPPBenchmark. Performing a manipulation results in code injection. The attack may be initiated remotely. The exploit is now public and may be used. Th...

9.8CVSS6.9AI score0.00387EPSS
Exploits1References8Affected Software1
NVD
NVD
added 2026/04/09 6:17 p.m.3 views

CVE-2026-5970

A vulnerability was detected in FoundationAgents MetaGPT up to 0.8.1. This affects the function checksolution of the component HumanEvalBenchmark/MBPPBenchmark. Performing a manipulation results in code injection. The attack may be initiated remotely. The exploit is now public and may be used. Th...

9.8CVSS0.00387EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2026/04/09 5:0 p.m.1 views

CVE-2026-5970 FoundationAgents MetaGPT HumanEvalBenchmark/MBPPBenchmark check_solution code injection

A vulnerability was detected in FoundationAgents MetaGPT up to 0.8.1. This affects the function checksolution of the component HumanEvalBenchmark/MBPPBenchmark. Performing a manipulation results in code injection. The attack may be initiated remotely. The exploit is now public and may be used. Th...

7.5CVSS6.8AI score0.00387EPSS
Exploits1References6
Rows per page
Query Builder