6 matches found
CVE-2026-40153
PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, the executecommand function in shelltools.py calls os.path.expandvars on every command argument at line 64, manually re-implementing shell-level environment variable expansion despite using shell=False line 88 for security. This...
PraisonAIAgents: Environment Variable Secret Exfiltration via os.path.expandvars() Bypassing shell=False in Shell Tool
Summary The executecommand function in shelltools.py calls os.path.expandvars on every command argument at line 64, manually re-implementing shell-level environment variable expansion despite using shell=False line 88 for security. This allows exfiltration of secrets stored in environment variabl...
CVE-2026-40153
PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, the executecommand function in shelltools.py calls os.path.expandvars on every command argument at line 64, manually re-implementing shell-level environment variable expansion despite using shell=False line 88 for security. This...
PT-2026-31792
Name of the Vulnerable Software and Affected Versions PraisonAIAgents versions prior to 1.5.128 Description PraisonAIAgents is a multi-agent teams system. The execute command function in shell tools.py calls os.path.expandvars on every command argument, allowing exfiltration of secrets stored in...
Python and Go Top the Chart of 2019’s Most Popular Hacking Tools
Imperva Cloud WAF protects over a hundred thousand websites globally and observes around a billion of attacks daily. We detect thousands of hacking tools on a daily basis and employ various measures to stop malicious requests. Here are the most dangerous tools and attacks we discover while...
shtool shell tools set synbolic links problem
gentmpfile symbolic links problem...