CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

78 matches found

GithubExploit•added 5 days ago•46 views

Exploit for XPath Injection in Huggingface Smolagents

🔐 Smolagents XPath Injection Simulation Framework CVE-2025-11...

5.4CVSS6AI score0.0005EPSS

Exploits2

RedhatCVE•added 2026/03/28 11:9 p.m.•0 views

CVE-2026-4963

A weakness has been identified in huggingface smolagents 1.25.0.dev0. This affects the function evaluateaugassign/evaluatecall/evaluatewith of the file src/smolagents/localpythonexecutor.py of the component Incomplete Fix CVE-2025-9959. This manipulation causes code injection. It is possible to...

7.6CVSS6.3AI score0.00084EPSS

Exploits1References1

Snyk•added 2026/03/27 7:26 p.m.•2 views

Arbitrary Code Injection

Overview smolagents is a 🤗 smolagents: a barebones library for agents. Agents write python code to call tools or orchestrate other agents. Affected versions of this package are vulnerable to Arbitrary Code Injection through the LocalPythonExecutor in the localpythonexecutor.py component. An...

10CVSS7AI score0.00019EPSS

Exploits1References2

vulnersOsv•added 2026/03/27 6:31 p.m.•2 views

a2a-smol-adapter (=0.1.0), agent-lifecycle-toolkit (>=0.2.1 <=0.10.1) +100 more potentially affected by CVE-2026-4963 via smolagents (>=0.1.3 <=1.24.0)

smolagents PYPI version =0.1.3, =0.2.1, =0.1.0, =0.1.5, =0.1.6, =0.0.1, =0.3.4, =1.0.0, =1.0.1 and more Source cves: CVE-2026-4963 Source advisory: OSV:GHSA-54FQ-V6X8-244G...

10CVSS6.5AI score0.00019EPSS

Exploits1

EUVD•added 2026/03/27 6:31 p.m.•1 views

EUVD-2026-16726

7.6CVSS6.3AI score0.00084EPSS

Exploits1References8

Github Security Blog•added 2026/03/27 6:31 p.m.•4 views

Hugging Face Smolagents has an Injection issue

10CVSS6.3AI score0.00019EPSS

Exploits1References9Affected Software1

OSV•added 2026/03/27 6:31 p.m.•0 views

GHSA-54FQ-V6X8-244G Hugging Face Smolagents has an Injection issue

6.3CVSS5.6AI score0.00019EPSS

Exploits1References9

NVD•added 2026/03/27 5:16 p.m.•1 views

CVE-2026-4963

10CVSS0.00019EPSS

Exploits1References7

ATTACKERKB•added 2026/03/27 5:5 p.m.•0 views

CVE-2026-4963

7.6CVSS6.3AI score0.00084EPSS

Exploits1References7Affected Software1

CVE•added 2026/03/27 5:5 p.m.•12 views

CVE-2026-4963

CVE-2026-4963 affects huggingface smolagents 1.25.0.dev0, specifically the LocalPythonExecutor in src/smolagents/local_python_executor.py (evaluate_augassign/evaluate_call/evaluate_with). Root cause is a code injection vulnerability that can be triggered remotely. Public exploits exist; multiple ...

10CVSS6.3AI score0.00019EPSS

Exploits1References7Affected Software1

Cvelist•added 2026/03/27 5:5 p.m.•22 views

CVE-2026-4963 huggingface smolagents Incomplete Fix CVE-2025-9959 local_python_executor.py evaluate_with code injection

7.5CVSS0.00019EPSS

Exploits1References7

Vulnrichment•added 2026/03/27 5:5 p.m.•2 views

CVE-2026-4963 huggingface smolagents Incomplete Fix CVE-2025-9959 local_python_executor.py evaluate_with code injection

7.5CVSS6.3AI score0.00019EPSS

Exploits1References7

Positive Technologies•added 2026/03/27 12:0 a.m.•0 views

PT-2026-28689

A weakness has been identified in huggingface smolagents 1.25.0.dev0. This affects the function evaluate augassign/evaluate call/evaluate with of the file src/smolagents/local python executor.py of the component Incomplete Fix CVE-2025-9959. This manipulation causes code injection. It is possible...

7.6CVSS5.7AI score0.00084EPSS

Exploits1References8

CNNVD•added 2026/03/27 12:0 a.m.•2 views

smolagents 安全漏洞

smolagents is a basic library for agents, open-sourced by Hugging Face. Version smolagents 1.25.0.dev0 contains a security vulnerability, which stems from incorrect operations on functions in the file src/smolagents/localpythonexecutor.py, potentially leading to code injection...

10CVSS6.7AI score0.00019EPSS

Exploits1References8

RedhatCVE•added 2026/02/19 7:21 p.m.•3 views

CVE-2026-2654

A weakness has been identified in huggingface smolagents 1.24.0. Impacted is the function requests.get/requests.post of the component LocalPythonExecutor. Executing a manipulation can lead to server-side request forgery. It is possible to launch the attack remotely. The exploit has been made...

9.8CVSS5.4AI score0.00021EPSS

Exploits1References1

vulnersOsv•added 2026/02/18 3:31 p.m.•2 views

a2a-smol-adapter (=0.1.0), agent-lifecycle-toolkit (>=0.2.1 <=0.10.1) +100 more potentially affected by CVE-2026-2654 via smolagents (>=0.1.3 <=1.24.0)

smolagents PYPI version =0.1.3, =0.2.1, =0.1.0, =0.1.5, =0.1.6, =0.0.1, =0.3.4, =1.0.0, =1.0.1 and more Source cves: CVE-2026-2654 Source advisory: OSV:GHSA-JXGV-6J54-WWC7...

9.8CVSS6.5AI score0.00021EPSS

Exploits1

OSV•added 2026/02/18 3:31 p.m.•1 views

GHSA-JXGV-6J54-WWC7 Hugging Face Smolagents has a Server-Side Request Forgery issue

6.3CVSS6.3AI score0.00021EPSS

Exploits1References7

Github Security Blog•added 2026/02/18 3:31 p.m.•5 views

Hugging Face Smolagents has a Server-Side Request Forgery issue

9.8CVSS5.5AI score0.00021EPSS

Exploits1References7Affected Software1

Snyk•added 2026/02/18 3:2 p.m.•1 views

Server-side Request Forgery (SSRF)

Overview smolagents is a 🤗 smolagents: a barebones library for agents. Agents write python code to call tools or orchestrate other agents. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via requests.post in LocalPythonExecutor, which doesn't filter outgoing...

9.8CVSS5.9AI score0.00021EPSS

Exploits1References2

vulnersOsv•added 2026/02/18 3:2 p.m.•1 views

a2a-smol-adapter (=0.1.0), agent-lifecycle-toolkit (>=0.2.1 <=0.10.1) +101 more potentially affected by CVE-2026-2654 via smolagents (>=0.1.3 <=1.9.2)

smolagents PYPI version =0.1.3, =0.2.1, =0.1.0, =0.1.5, =0.1.6, =0.0.1, =0.3.4, =1.0.0, =1.0.1 and more Source cves: CVE-2026-2654 Source advisory: SNYK:PYTHON-SMOLAGENTS-15307834...

9.8CVSS6.5AI score0.00021EPSS

Exploits1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by