Lucene search
K

22 matches found

EUVD
EUVD
added 2026/06/19 12:31 a.m.9 views

EUVD-2026-37958

PraisonAI before 1.5.128 caches tool approval decisions by tool name only, not by invocation arguments, allowing subsequent executecommand calls to bypass approval prompts. Attackers can exploit this by obtaining initial approval for a benign command, then silently exfiltrate API keys and...

6.8CVSS5.3AI score0.00116EPSS
Exploits0References3
NVD
NVD
added 2026/06/18 11:16 p.m.13 views

CVE-2026-56074

PraisonAI before 1.5.128 caches tool approval decisions by tool name only, not by invocation arguments, allowing subsequent executecommand calls to bypass approval prompts. Attackers can exploit this by obtaining initial approval for a benign command, then silently exfiltrate API keys and...

6.8CVSS0.00116EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/18 10:12 p.m.8 views

CVE-2026-56074

PraisonAI before 1.5.128 caches tool approval decisions by tool name only, not by invocation arguments, allowing subsequent executecommand calls to bypass approval prompts. Attackers can exploit this by obtaining initial approval for a benign command, then silently exfiltrate API keys and...

6.8CVSS5.3AI score0.00116EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.18 views

PT-2026-40787

Three CVEs CVE-2026-29774, CVE-2026-30015, CVE-2026-30221 exploited the fact that the protocol did not, in version 1.2, canonicalize tool names. Multiple servers in the same session could expose tools named, respectively: readfile the legitimate filesystem server…...

8.2CVSS5.8AI score0.00323EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.13 views

PT-2026-40788

Three CVEs CVE-2026-29774, CVE-2026-30015, CVE-2026-30221 exploited the fact that the protocol did not, in version 1.2, canonicalize tool names. Multiple servers in the same session could expose tools named, respectively: readfile the legitimate filesystem server…...

8.2CVSS5.8AI score0.00323EPSS
Exploits1References1
NVD
NVD
added 2026/05/08 2:16 p.m.14 views

CVE-2026-44339

PraisonAI is a multi-agent teams system. Prior to praisonai version 4.6.37 and praisonaiagents version 1.6.37, praisonaiagents resolves unresolved tool names against module globals and main after it fails to match the declared tool list and the registry. With the default agent configuration,...

8.6CVSS0.00363EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.8 views

PraisonAI 安全漏洞

PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI prior to 4.6.37 and PraisonAIagents prior to 1.6.37 have security vulnerabilities. These vulnerabilities stem from unresolved tool name resolution issues, which may allow attackers to...

8.6CVSS5.8AI score0.00363EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.20 views

PT-2026-50805

Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 1.5.128 Description The software caches tool approval decisions based solely on the tool name rather than the invocation arguments. This allows subsequent calls to the execute command function to bypass approval...

6.8CVSS6AI score0.00116EPSS
Exploits0References12
SUSE CVE
SUSE CVE
added 2026/03/25 12:25 a.m.6 views

SUSE CVE-2026-30856

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.0, a vulnerability involving tool name collision and indirect prompt injection allows a malicious remote MCP server to hijack tool execution. By exploiting an ambiguous naming...

7.6CVSS6.1AI score0.00255EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/03/09 8:2 a.m.5 views

CVE-2026-30856

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.0, a vulnerability involving tool name collision and indirect prompt injection allows a malicious remote MCP server to hijack tool execution. By exploiting an ambiguous naming...

5.9CVSS5.9AI score0.00255EPSS
Exploits1References1
NVD
NVD
added 2026/03/07 5:15 p.m.5 views

CVE-2026-30856

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.0, a vulnerability involving tool name collision and indirect prompt injection allows a malicious remote MCP server to hijack tool execution. By exploiting an ambiguous naming...

7.6CVSS0.00255EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/07 4:32 p.m.4 views

CVE-2026-30856

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.0, a vulnerability involving tool name collision and indirect prompt injection allows a malicious remote MCP server to hijack tool execution. By exploiting an ambiguous naming...

5.9CVSS5.9AI score0.00255EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/03/07 4:32 p.m.13 views

CVE-2026-30856

WeKnora CVE-2026-30856: Pre-0.3.0 versions are vulnerable to a tool-name collision and indirect prompt injection via an MCP client naming convention (mcp_{service}_{tool}), allowing a remote MCP server to hijack tool execution and potentially exfiltrate prompts/context or run other tools with use...

7.6CVSS5.9AI score0.00255EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2026/03/07 12:0 a.m.6 views

WeKnora 安全漏洞

WeKnora is an open-source framework based on LLM developed by Tencent. It features deep document understanding using the RAG paradigm, semantic retrieval, and context-aware answers. Prior to version 0.3.0, WeKnora had security vulnerabilities. These vulnerabilities were caused by tool name...

7.6CVSS7.4AI score0.00255EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/06 11:54 p.m.2 views

Use of Incorrectly-Resolved Name or Reference

Overview Affected versions of this package are vulnerable to Use of Incorrectly-Resolved Name or Reference via the MCPTool.Name sanitization in the NewMCPTool registration process in internal/agent/tools. An attacker can execute arbitrary MCP tools and inject prompts to exfiltrate context by...

7.6CVSS6AI score0.00255EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/03/06 11:54 p.m.8 views

WeKnora Vulnerable to Tool Execution Hijacking via Ambigous Naming Convention In MCP client and Indirect Prompt Injection

Summary A vulnerability involving tool name collision and indirect prompt injection allows a malicious remote MCP server to hijack tool execution. By exploiting an ambiguous naming convention in the MCP client mcpservicetool, an attacker can register a malicious tool that overwrites a legitimate...

7.6CVSS6.1AI score0.00255EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2026/03/06 11:54 p.m.6 views

GHSA-67Q9-58VJ-32QX WeKnora Vulnerable to Tool Execution Hijacking via Ambigous Naming Convention In MCP client and Indirect Prompt Injection

Summary A vulnerability involving tool name collision and indirect prompt injection allows a malicious remote MCP server to hijack tool execution. By exploiting an ambiguous naming convention in the MCP client mcpservicetool, an attacker can register a malicious tool that overwrites a legitimate...

5.4CVSS6.1AI score0.00255EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.9 views

PT-2026-23799

Name of the Vulnerable Software and Affected Versions WeKnora versions prior to 0.3.0 Description WeKnora, an LLM-powered framework for deep document understanding and semantic retrieval, is susceptible to a vulnerability involving tool name collision and indirect prompt injection. A malicious...

9.9CVSS5.9AI score0.22162EPSS
Exploits68References140
Snyk
Snyk
added 2025/12/02 6:45 a.m.4 views

Use of Incorrectly-Resolved Name or Reference

Overview strands-agents is an A model-driven approach to building AI agents in just a few lines of code Affected versions of this package are vulnerable to Use of Incorrectly-Resolved Name or Reference via dynamic tool module registration in ToolLoader. The loadtoolsfromfilepath and loadpythontoo...

7.1CVSS6.7AI score
Exploits0References3
OSV
OSV
added 2022/05/14 4:4 a.m.5 views

GHSA-X3RC-CXV7-6XP6 Cross-site Scripting in Jenkins Core

Jenkins through 2.93 allows remote authenticated administrators to conduct XSS attacks via a crafted tool name in a job configuration form, as demonstrated by the JDK tool in Jenkins core and the Ant tool in the Ant plugin, aka SECURITY-624...

4.7CVSS5.9AI score0.01152EPSS
Exploits0References4
Rows per page
Query Builder