Agions taskflow-ai vulnerable to os command injection in src/mcp/server/handlers.ts

A security flaw has been discovered in Agions taskflow-ai up to 2.1.8. This impacts an unknown function of the file src/mcp/server/handlers.ts of the component terminalexecute. Performing a manipulation results in os command injection. The attack is possible to be carried out remotely. Upgrading ...

TaskFlow AI 操作系统命令注入漏洞

TaskFlow AI is an AI thinking flow orchestration and visualization engine developed by Agions’ individual developers. Versions of TaskFlow AI such as 2.1.8 and earlier contained a vulnerability related to operating system command injection. This vulnerability stemmed from an unknown function in t...

(Pwn2Own) QNAP TS-453E server_handlers.pyc rr2s.kwargs Error Message Information Disclosure Vulnerability

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of QNAP TS-453E devices. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the handling of Protobuf messages within multiple server handlers due to missing nil-pointer validation after unmarshalling. An attacker can cause the server process to terminate unexpectedly by sending a...

PT-2026-5723

Name of the Vulnerable Software and Affected Versions OpenList Frontend versions prior to 4.1.10 Description The OpenList Frontend application contains a path traversal flaw in multiple file operation handlers within the server/handles/fsmanage.go file. The application directly concatenates...

CVE-2024-1558

A path traversal vulnerability exists in the createmodelversion function within server/handlers.py of the mlflow/mlflow repository, due to improper validation of the source parameter. Attackers can exploit this vulnerability by crafting a source parameter that bypasses the...

CVE-2024-1558 Path Traversal Vulnerability in mlflow/mlflow

A path traversal vulnerability exists in the createmodelversion function within server/handlers.py of the mlflow/mlflow repository, due to improper validation of the source parameter. Attackers can exploit this vulnerability by crafting a source parameter that bypasses the...

CVE-2024-1558

CVE-2024-1558 (mlflow/mlflow) describes a path traversal vulnerability in the function _create_model_version() in server/handlers.py due to improper validation of the source parameter. Attackers can bypass the check in _validate_non_local_source_contains_relative_paths(source) and gain arbitrary ...