Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Wallarm Lab
Wallarm Labadded 2026/04/22 12:0 p.m.5 views

Attacking the MCP Trust Boundary

Every secure API draws a line between code and data. HTTP separates headers from bodies. SQL has prepared statements. Even email distinguishes the envelope from the message. The Model Context Protocol MCP, the fast-growing standard for connecting AI agents to external services, inherits that gap...

5.9AI score
Exploits0
Cvelist
Cvelistadded 2026/04/08 8:46 p.m.19 views

CVE-2026-39891 PraisonAI has a Template Injection in Agent Tool Definitions

PraisonAI is a multi-agent teams system. Prior to 4.5.115, the createagentcentrictools function returns tools like acpcreatefile that process file content using template rendering. When user input from agent.start is passed directly into these tools without escaping, template expressions in the...

8.8CVSS0.00023EPSS
Exploits1References1
CVE
CVEadded 2026/04/08 8:46 p.m.4 views

CVE-2026-39891

PraisonAI’s multi-agent system contains a template injection in the create_agent_centric_tools() function prior to version 4.5.115. Tools such as acp_create_file process file content via template rendering, and user input from agent.start() could be rendered as template expressions instead of bei...

8.8CVSS5.9AI score0.00023EPSS
Exploits1References1Affected Software1
Github Security Blog
Github Security Blogadded 2026/04/08 7:21 p.m.2 views

PraisonAI has Template Injection in Agent Tool Definitions

Summary Direct insertion of unescaped user input into template-rendering tools allows arbitrary code execution via specially crafted agent instructions. Details The createagentcentrictools function returns tools like acpcreatefile that process file content using template rendering. When user inpu...

8.8CVSS6.6AI score0.00023EPSS
Exploits1References4Affected Software1
EUVD
EUVDadded 2026/04/08 7:21 p.m.0 views

EUVD-2026-20639

PraisonAI has Template Injection in Agent Tool Definitions...

8.8CVSS5.9AI score0.00023EPSS
Exploits1References2
Veracode
Veracodeadded 2025/11/06 9:25 a.m.2 views

Command Injection

adb-mcp Server is vulnerable to Command Injection. The vulnerability is due to improper handling of user-supplied input in certain MCP Server tool definitions and implementations, which allows an attacker to inject and execute arbitrary system commands...

9.8CVSS7.5AI score0.01795EPSS
Exploits1References3Affected Software1
Packet Storm News
Packet Storm Newsadded 2025/06/02 12:0 a.m.2 views

ETDI: Mitigating Tool Squatting and Rug Pull Attacks in Model Context Protocol (MCP) by Using OAuth-Enhanced Tool Definitions and Policy-Based Access Control

The Model Context Protocol MCP plays a crucial role in extending the capabilities of Large Language Models LLMs by enabling integration with external tools and data sources. However, the standard MCP specification presents significant security vulnerabilities, notably Tool Poisoning and Rug Pull...

6.8AI score
Exploits0
Rows per page
Query Builder