CVE-2026-48703

Warp is an agentic development environment. From 0.2025.04.09.08.11.stable00 until 0.2026.05.06.15.42.stable01, Warp contains a command execution policy bypass in Agent code search tools. The affected Grep and FileGlob actions are authorized as read/search operations, but their implementations...

CVE-2026-48703 Warp: Command Injection via Warp code search tool arguments

Warp is an agentic development environment. From 0.2025.04.09.08.11.stable00 until 0.2026.05.06.15.42.stable01, Warp contains a command execution policy bypass in Agent code search tools. The affected Grep and FileGlob actions are authorized as read/search operations, but their implementations...

CVE-2026-34939 PraisonAI: ReDoS via Unvalidated User-Controlled Regex in MCPToolIndex.search_tools()

PraisonAI is a multi-agent teams system. Prior to version 4.5.90, MCPToolIndex.searchtools compiles a caller-supplied string directly as a Python regular expression with no validation, sanitization, or timeout. A crafted regex causes catastrophic backtracking in the re engine, blocking the Python...

CVE-2026-34939

PraisonAI is vulnerable to a Regular Expression Denial of Service (ReDoS) through MCPToolIndex.search_tools(), where the function compiles a caller-supplied string directly into a Python regex with no validation or timeout. A crafted pattern can trigger catastrophic backtracking, blocking the Pyt...

Regular Expression Denial of Service (ReDoS)

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

CVE-2026-2286

CrewAI contains a server-side request forgery vulnerability that enables content acquisition from internal and cloud services, facilitated by the RAG search tools not properly validating URLs provided at runtime...

CVE-2026-2286

CrewAI contains a server-side request forgery vulnerability that enables content acquisition from internal and cloud services, facilitated by the RAG search tools not properly validating URLs provided at runtime...

CVE-2026-2286

CVE-2026-2286 affects CrewAI ecosystem through a server-side request forgery (SSRF) vulnerability in the RAG search tooling, enabling an attacker to access internal and cloud resources by supplying crafted URLs at runtime. Connected advisories confirm the vulnerability in the CrewAI stack, includ...

Exploiting Web Search Tools of AI Agents for Data Exfiltration

Large language models LLMs are now routinely used to autonomously execute complex tasks, from natural language processing to dynamic workflows like web searches. The usage of tool-calling and Retrieval Augmented Generation RAG allows LLMs to process and retrieve sensitive corporate data, amplifyi...

The vulnerability of the Tools and Frameworks component of the Oracle Commerce Guided Search search engine and the Oracle Commerce Experience Manager user environment management tool allows a perpetrator to gain access to and modify data.

The vulnerability of the Tools and Frameworks component of the Oracle Commerce Guided Search system, as well as the Oracle Commerce Experience Manager user environment management tool, exists due to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to ga...

SolarWinds Log & Event Manager for Log Management and SEIM Security

SolarWinds® Log & Event Manager LEM, a full-function Security & Information Event Management SIEM solution, delivers powerful log management capabilities in a highly affordable, easy-to-deploy virtual appliance. SolarWinds LEM combines real-time log analysis, event correlation, and a groundbreaki...