Lucene search
K

31247 matches found

OSV
OSV
added 2026/01/30 8:38 p.m.4 views

GHSA-JFPC-WJ3M-QW2M CAI find_file Agent Tool has Command Injection Vulnerability Through Argument Injection

Summary The CAI Cybersecurity AI framework contains multiple argument injection vulnerabilities in its function tools. User-controlled input is passed directly to shell commands via subprocess.Popen with shell=True, allowing attackers to execute arbitrary commands on the host system. Vulnerable...

9.6CVSS6.2AI score0.008EPSS
Exploits3References5
EUVD
EUVD
added 2026/01/30 8:15 p.m.6 views

EUVD-2026-5008

Cybersecurity AI CAI is a framework for AI Security. In versions up to and including 0.5.10, the CAI Cybersecurity AI framework contains multiple argument injection vulnerabilities in its function tools. User-controlled input is passed directly to shell commands via subprocess.Popen with...

9.6CVSS6.2AI score0.008EPSS
Exploits3References3
ATTACKERKB
ATTACKERKB
added 2026/01/30 8:15 p.m.5 views

CVE-2026-25130

Cybersecurity AI CAI is a framework for AI Security. In versions up to and including 0.5.10, the CAI Cybersecurity AI framework contains multiple argument injection vulnerabilities in its function tools. User-controlled input is passed directly to shell commands via subprocess.Popen with...

9.6CVSS6.2AI score0.008EPSS
Exploits3References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/30 8:15 p.m.6 views

CVE-2026-25130 Cybersecurity AI vulnerable to command Injection through argument injection in find_file Agent tool

Cybersecurity AI CAI is a framework for AI Security. In versions up to and including 0.5.10, the CAI Cybersecurity AI framework contains multiple argument injection vulnerabilities in its function tools. User-controlled input is passed directly to shell commands via subprocess.Popen with...

9.6CVSS6AI score0.008EPSS
Exploits3References3
Cvelist
Cvelist
added 2026/01/30 8:15 p.m.28 views

CVE-2026-25130 Cybersecurity AI vulnerable to command Injection through argument injection in find_file Agent tool

Cybersecurity AI CAI is a framework for AI Security. In versions up to and including 0.5.10, the CAI Cybersecurity AI framework contains multiple argument injection vulnerabilities in its function tools. User-controlled input is passed directly to shell commands via subprocess.Popen with...

9.6CVSS0.008EPSS
Exploits3References3
CVE
CVE
added 2026/01/30 8:15 p.m.33 views

CVE-2026-25130

CVE-2026-25130 affects the Cybersecurity AI (CAI) framework up to version 0.5.10. The vulnerability is in the find_file() tool (src/cai/tools/reconnaissance/filesystem.py): user-controlled input is concatenated into a shell command using a plain f-string and run via shell=True, enabling argument ...

9.6CVSS6.2AI score0.008EPSS
Exploits3References3
OSV
OSV
added 2026/01/30 4:36 p.m.1 views

CLEANSTART-2026-QD78411 SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process

Multiple security vulnerabilities affect the elastic-beats-fips package. SSH clients receiving SSHAGENTSUCCESS when expecting a typed response will panic and cause early termination of the client process. See references for individual vulnerability details...

9.8CVSS5.6AI score0.00579EPSS
Exploits1References5
OSV
OSV
added 2026/01/30 4:35 p.m.9 views

CLEANSTART-2026-AX77726 vulnerability was found in PAM

Multiple security vulnerabilities affect the gitlab-shell-fips package. A vulnerability was found in PAM. See references for individual vulnerability details...

9.8CVSS8.5AI score0.00265EPSS
Exploits0References5
OSV
OSV
added 2026/01/30 4:29 p.m.9 views

CLEANSTART-2026-TF33105 SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process

Multiple security vulnerabilities affect the minio-client-fips package. SSH clients receiving SSHAGENTSUCCESS when expecting a typed response will panic and cause early termination of the client process. See references for individual vulnerability details...

9.8CVSS8.5AI score0.05623EPSS
Exploits1References15
OSV
OSV
added 2026/01/30 4:11 p.m.3 views

CLEANSTART-2026-XR17407 SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption

Multiple security vulnerabilities affect the argo-workflows-fips package. SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption. See references for individual vulnerability...

9.8CVSS5.7AI score0.0056EPSS
Exploits1References20
OSV
OSV
added 2026/01/30 4:8 p.m.8 views

CLEANSTART-2026-ZM51114 SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption

Multiple security vulnerabilities affect the argo-workflows-fips package. SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption. See references for individual vulnerability...

9.8CVSS5.8AI score0.0056EPSS
Exploits1References17
OSV
OSV
added 2026/01/30 4:5 p.m.4 views

CLEANSTART-2026-WP20592 SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption

Multiple security vulnerabilities affect the argo-workflows-fips package. SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption. See references for individual vulnerability...

9.8CVSS5.8AI score0.0056EPSS
Exploits1References17
OSV
OSV
added 2026/01/30 4:1 p.m.3 views

CLEANSTART-2026-WQ07901 SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process

Multiple security vulnerabilities affect the argo-cd-fips package. SSH clients receiving SSHAGENTSUCCESS when expecting a typed response will panic and cause early termination of the client process. See references for individual vulnerability details...

9.8CVSS5.6AI score0.04518EPSS
Exploits4References44
OSV
OSV
added 2026/01/30 3:52 p.m.4 views

CLEANSTART-2026-OH86281 SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process

Multiple security vulnerabilities affect the cert-manager-cmctl-fips package. SSH clients receiving SSHAGENTSUCCESS when expecting a typed response will panic and cause early termination of the client process. See references for individual vulnerability details...

9.8CVSS5.6AI score0.00579EPSS
Exploits2References17
OSV
OSV
added 2026/01/30 3:50 p.m.2 views

CLEANSTART-2026-EJ58111 SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process

Multiple security vulnerabilities affect the cert-manager-cmctl-fips package. SSH clients receiving SSHAGENTSUCCESS when expecting a typed response will panic and cause early termination of the client process. See references for individual vulnerability details...

9.8CVSS5.8AI score0.00579EPSS
Exploits2References14
OSV
OSV
added 2026/01/30 3:47 p.m.3 views

CLEANSTART-2026-AD41794 SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process

Multiple security vulnerabilities affect the cert-manager-webhook-pdns-fips package. SSH clients receiving SSHAGENTSUCCESS when expecting a typed response will panic and cause early termination of the client process. See references for individual vulnerability details...

9.8CVSS5.6AI score0.00579EPSS
Exploits1References7
OSV
OSV
added 2026/01/30 3:47 p.m.2 views

CLEANSTART-2026-SV79070 SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process

Multiple security vulnerabilities affect the cloudnative-pg-fips package. SSH clients receiving SSHAGENTSUCCESS when expecting a typed response will panic and cause early termination of the client process. See references for individual vulnerability details...

9.8CVSS5.8AI score0.00579EPSS
Exploits3References11
OSV
OSV
added 2026/01/30 3:47 p.m.7 views

CLEANSTART-2026-ZP68963 SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process

Multiple security vulnerabilities affect the cloudnative-pg-fips package. SSH clients receiving SSHAGENTSUCCESS when expecting a typed response will panic and cause early termination of the client process. See references for individual vulnerability details...

9.8CVSS5.5AI score0.00579EPSS
Exploits3References11
OSV
OSV
added 2026/01/30 3:45 p.m.17 views

CLEANSTART-2026-RX06615 SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process

Multiple security vulnerabilities affect the cloudnative-pg-fips package. SSH clients receiving SSHAGENTSUCCESS when expecting a typed response will panic and cause early termination of the client process. See references for individual vulnerability details...

9.8CVSS5.5AI score0.00579EPSS
Exploits3References11
OSV
OSV
added 2026/01/30 3:44 p.m.11 views

CLEANSTART-2026-BS24435 SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process

Multiple security vulnerabilities affect the cloudnative-pg-fips package. SSH clients receiving SSHAGENTSUCCESS when expecting a typed response will panic and cause early termination of the client process. See references for individual vulnerability details...

9.8CVSS5.6AI score0.00579EPSS
Exploits3References11
Rows per page
Query Builder