Lucene search
K

20 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-7115

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00525EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-6821

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00534EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/03/22 1:7 p.m.5 views

CVE-2024-10457

Multiple Server-Side Request Forgery SSRF vulnerabilities were identified in the significant-gravitas/autogpt repository, specifically in the GitHub Integration and Web Search blocks. These vulnerabilities affect version agpt-platform-beta-v0.1.1. The issues arise when block inputs are controlled...

6.5CVSS7.3AI score0.00525EPSS
Exploits0References1
NVD
NVD
added 2025/03/20 10:15 a.m.3 views

CVE-2024-10457

Multiple Server-Side Request Forgery SSRF vulnerabilities were identified in the significant-gravitas/autogpt repository, specifically in the GitHub Integration and Web Search blocks. These vulnerabilities affect version agpt-platform-beta-v0.1.1. The issues arise when block inputs are controlled...

6.5CVSS0.00525EPSS
Exploits0References2
OSV
OSV
added 2025/03/20 10:11 a.m.6 views

CVE-2024-10457 SSRF Vulnerabilities in significant-gravitas/autogpt

Multiple Server-Side Request Forgery SSRF vulnerabilities were identified in the significant-gravitas/autogpt repository, specifically in the GitHub Integration and Web Search blocks. These vulnerabilities affect version agpt-platform-beta-v0.1.1. The issues arise when block inputs are controlled...

6.5CVSS6.6AI score0.00525EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/03/20 10:11 a.m.10 views

CVE-2024-10457 SSRF Vulnerabilities in significant-gravitas/autogpt

Multiple Server-Side Request Forgery SSRF vulnerabilities were identified in the significant-gravitas/autogpt repository, specifically in the GitHub Integration and Web Search blocks. These vulnerabilities affect version agpt-platform-beta-v0.1.1. The issues arise when block inputs are controlled...

6.5CVSS0.00525EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/03/20 10:11 a.m.5 views

CVE-2024-10457 SSRF Vulnerabilities in significant-gravitas/autogpt

Multiple Server-Side Request Forgery SSRF vulnerabilities were identified in the significant-gravitas/autogpt repository, specifically in the GitHub Integration and Web Search blocks. These vulnerabilities affect version agpt-platform-beta-v0.1.1. The issues arise when block inputs are controlled...

6.5CVSS6.8AI score0.00525EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/03/20 10:11 a.m.17 views

CVE-2025-0454 SSRF Check Bypass in Requests Utility in significant-gravitas/autogpt

A Server-Side Request Forgery SSRF vulnerability was identified in the Requests utility of significant-gravitas/autogpt versions prior to v0.4.0. The vulnerability arises due to a hostname confusion between the urlparse function from the urllib.parse library and the requests library. A malicious...

7.5CVSS0.00534EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/03/20 10:11 a.m.9 views

CVE-2025-0454 SSRF Check Bypass in Requests Utility in significant-gravitas/autogpt

A Server-Side Request Forgery SSRF vulnerability was identified in the Requests utility of significant-gravitas/autogpt versions prior to v0.4.0. The vulnerability arises due to a hostname confusion between the urlparse function from the urllib.parse library and the requests library. A malicious...

7.5CVSS7.6AI score0.00534EPSS
Exploits1References2
CVE
CVE
added 2025/03/20 10:9 a.m.53 views

CVE-2024-8156

CVE-2024-8156 describes a command injection in the workflow-checker.yml of significant-gravitas/autogpt. The vulnerability arises from insecure use of untrusted input github.head.ref, allowing an attacker to inject arbitrary commands. Affected: significant-gravitas/autogpt, all versions up to the...

9.8CVSS8.8AI score0.01666EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/03/20 12:0 a.m.8 views

PT-2025-12316 · Significant Gravitas +1 · Autogpt +2

Name of the Vulnerable Software and Affected Versions: significant-gravitas/autogpt versions prior to v0.4.0 Description: A Server-Side Request Forgery SSRF issue was identified, arising from a hostname confusion between the urlparse function from the urllib.parse library and the requests library...

7.5CVSS7.3AI score0.00534EPSS
Exploits1References9
Vulnrichment
Vulnrichment
added 2024/09/11 12:49 p.m.21 views

CVE-2024-6091 Shell Command Denylist Bypass in significant-gravitas/autogpt

A vulnerability in significant-gravitas/autogpt version 0.5.1 allows an attacker to bypass the shell commands denylist settings. The issue arises when the denylist is configured to block specific commands, such as 'whoami' and '/bin/whoami'. An attacker can circumvent this restriction by executin...

9.8CVSS7AI score0.00812EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/09/11 12:49 p.m.44 views

CVE-2024-6091 Shell Command Denylist Bypass in significant-gravitas/autogpt

A vulnerability in significant-gravitas/autogpt version 0.5.1 allows an attacker to bypass the shell commands denylist settings. The issue arises when the denylist is configured to block specific commands, such as 'whoami' and '/bin/whoami'. An attacker can circumvent this restriction by executin...

9.8CVSS0.00812EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/06/06 6:39 p.m.13 views

CVE-2024-1880 OS Command Injection in MacOS Text-To-Speech Class in significant-gravitas/autogpt

An OS command injection vulnerability exists in the MacOS Text-To-Speech class MacOSTTS of the significant-gravitas/autogpt project, affecting versions up to v0.5.0. The vulnerability arises from the improper neutralization of special elements used in an OS command within the speech method of the...

7.8CVSS8AI score0.01017EPSS
Exploits1References2
OSV
OSV
added 2024/06/06 6:39 p.m.14 views

CVE-2024-1880 OS Command Injection in MacOS Text-To-Speech Class in significant-gravitas/autogpt

An OS command injection vulnerability exists in the MacOS Text-To-Speech class MacOSTTS of the significant-gravitas/autogpt project, affecting versions up to v0.5.0. The vulnerability arises from the improper neutralization of special elements used in an OS command within the speech method of the...

7.8CVSS7.8AI score0.01017EPSS
Exploits1References4
CVE
CVE
added 2024/06/06 6:39 p.m.68 views

CVE-2024-1880

CVE-2024-1880 concerns the significant-gravitas/autogpt project, where the MacOSTTS component (MacOS Text-To-Speech) in the _speech method uses os.system to run the say command with user-supplied text. This allows OS command injection and potential arbitrary code execution when AutoGPT is run wit...

7.8CVSS7.9AI score0.01017EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2024/06/06 6:39 p.m.34 views

CVE-2024-1880 OS Command Injection in MacOS Text-To-Speech Class in significant-gravitas/autogpt

An OS command injection vulnerability exists in the MacOS Text-To-Speech class MacOSTTS of the significant-gravitas/autogpt project, affecting versions up to v0.5.0. The vulnerability arises from the improper neutralization of special elements used in an OS command within the speech method of the...

7.8CVSS0.01017EPSS
Exploits1References2
OSV
OSV
added 2024/06/06 6:19 p.m.25 views

CVE-2024-1881 Improper Neutralization of Special Elements used in an OS Command in significant-gravitas/autogpt

AutoGPT, a component of significant-gravitas/autogpt, is vulnerable to an improper neutralization of special elements used in an OS command 'OS Command Injection' due to a flaw in its shell command validation function. Specifically, the vulnerability exists in versions v0.5.0 up to but not...

8.8CVSS6.1AI score0.01427EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/06/06 5:53 p.m.13 views

CVE-2024-1879 CSRF to RCE in significant-gravitas/autogpt

A Cross-Site Request Forgery CSRF vulnerability in significant-gravitas/autogpt version v0.5.0 allows attackers to execute arbitrary commands on the AutoGPT server. The vulnerability stems from the lack of protections on the API endpoint receiving instructions, enabling an attacker to direct a us...

8.8CVSS7.7AI score0.00524EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/06/06 12:0 a.m.5 views

Auto-GPT Operating System Command Injection Vulnerability

Auto-GPT is an artificial intelligence software agent program open-sourced by Significant Gravitas. An operating system command injection vulnerability exists in Auto-GPT version 0.5.0 and earlier, which stems from an improper neutralization of special elements used in operating system commands,...

7.8CVSS8.1AI score0.01017EPSS
Exploits1References3
Rows per page
Query Builder