Lucene search
K

24 matches found

Snyk
Snyk
added 5 days ago5 views

Protection Mechanism Failure

Overview praisonaiagents is a Praison AI agents for completing complex tasks with Self Reflection Agents Affected versions of this package are vulnerable to Protection Mechanism Failure in the AgentFlow.resolvepydanticclass process. An attacker can execute arbitrary Python code with the privilege...

8.5CVSS6.3AI score0.00129EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 5 days ago6 views

PT-2026-57194

Name of the Vulnerable Software and Affected Versions praisonaiagents versions prior to 1.6.78 Description An unsafe dynamic module loading issue exists in the AgentFlow. resolve pydantic class function. When a workflow step utilizes a string output pydantic reference, the framework imports a...

8.5CVSS6.4AI score0.00129EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:43 p.m.9 views

CVE-2026-8081

A vulnerability has been found in router-for-me CLIProxyAPI 6.9.29. Affected by this issue is some unknown functionality of the file internal/api/handlers/management/apitools.go of the component API Interface. The manipulation of the argument url leads to server-side request forgery. Remote...

6.5CVSS6AI score0.00215EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/07 6:0 p.m.44 views

CVE-2026-8081 router-for-me CLIProxyAPI api_tools.go server-side request forgery

A vulnerability has been found in router-for-me CLIProxyAPI 6.9.29. Affected by this issue is some unknown functionality of the file internal/api/handlers/management/apitools.go of the component API Interface. The manipulation of the argument url leads to server-side request forgery. Remote...

6.5CVSS0.00215EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/06 10:8 p.m.11 views

PraisonAI has unauthenticated RCE via `tool_override.py` (CVE-2026-40287 patch bypass)

TL;DR CVE-2026-40287's fix gated tools.py auto-import behind PRAISONAIALLOWLOCALTOOLS=true in two files toolresolver.py, api/call.py. A third import sink in praisonai/templates/tooloverride.py was missed and remains unguarded. It is reached by the recipe runner on every recipe execution and is...

8.4CVSS5.9AI score0.00246EPSS
Exploits3References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.14 views

PT-2026-35969

A security flaw has been discovered in NousResearch hermes-agent 0.8.0. This affects the function check sensitive path of the file tools/file tools.py. The manipulation results in symlink following. Attacking locally is a requirement. The exploit has been released to the public and may be used fo...

4.8CVSS4.7AI score0.00138EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/04/20 4:15 a.m.4 views

CVE-2026-6604 modelscope agentscope Cloud Metadata Endpoint _openai_tools.py openai_audio_to_text server-side request forgery

A vulnerability was identified in modelscope agentscope up to 1.0.18. Affected by this issue is the function parseurl/prepareimage/openaiaudiototext of the file src/agentscope/tool/multimodality/openaitools.py of the component Cloud Metadata Endpoint. Such manipulation of the argument...

7.5CVSS6.7AI score0.00284EPSS
Exploits0References4
OSV
OSV
added 2026/04/10 7:26 p.m.4 views

GHSA-2G3W-CPC4-CHR4 PraisonAI Vulnerable to Implicit Execution of Arbitrary Code via Automatic `tools.py` Loading

PraisonAI automatically loads a file named tools.py from the current working directory to discover and register custom agent tools. This loading process uses importlib.util.specfromfilelocation and immediately executes module-level code via spec.loader.execmodule without explicit user consent,...

7.8CVSS6.4AI score0.00209EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/04/10 7:26 p.m.4 views

PraisonAI Vulnerable to Implicit Execution of Arbitrary Code via Automatic `tools.py` Loading

PraisonAI automatically loads a file named tools.py from the current working directory to discover and register custom agent tools. This loading process uses importlib.util.specfromfilelocation and immediately executes module-level code via spec.loader.execmodule without explicit user consent,...

7.8CVSS6.4AI score0.00209EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/04/10 5:17 p.m.5 views

CVE-2026-40156

PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI automatically loads a file named tools.py from the current working directory to discover and register custom agent tools. This loading process uses importlib.util.specfromfilelocation and immediately executes module-level code v...

7.8CVSS0.00209EPSS
Exploits0References1
OSV
OSV
added 2026/04/10 4:46 p.m.3 views

CVE-2026-40156 PraisonAI Affected by Implicit Execution of Arbitrary Code via Automatic `tools.py` Loading

PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI automatically loads a file named tools.py from the current working directory to discover and register custom agent tools. This loading process uses importlib.util.specfromfilelocation and immediately executes module-level code v...

7.8CVSS6.6AI score0.00209EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/10 4:46 p.m.3 views

CVE-2026-40156 PraisonAI Affected by Implicit Execution of Arbitrary Code via Automatic `tools.py` Loading

PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI automatically loads a file named tools.py from the current working directory to discover and register custom agent tools. This loading process uses importlib.util.specfromfilelocation and immediately executes module-level code v...

7.8CVSS6.4AI score0.00209EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/10 4:46 p.m.2 views

CVE-2026-40156

PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI automatically loads a file named tools.py from the current working directory to discover and register custom agent tools. This loading process uses importlib.util.specfromfilelocation and immediately executes module-level code v...

7.8CVSS6.4AI score0.00209EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/04/10 4:46 p.m.31 views

CVE-2026-40156 PraisonAI Affected by Implicit Execution of Arbitrary Code via Automatic `tools.py` Loading

PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI automatically loads a file named tools.py from the current working directory to discover and register custom agent tools. This loading process uses importlib.util.specfromfilelocation and immediately executes module-level code v...

7.8CVSS0.00209EPSS
Exploits0References1
CVE
CVE
added 2026/04/10 4:46 p.m.26 views

CVE-2026-40156

PraisonAI before 4.5.128 loads a file named tools.py from the CWD using importlib, executing module-level code without explicit consent, validation, or sandboxing. Merely having tools.py in the working directory triggers code execution, bypassing configuration references. This creates a local, im...

7.8CVSS6.4AI score0.00209EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.8 views

PraisonAI 安全漏洞

PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI prior to 4.5.128 contained a security vulnerability. This vulnerability stemmed from the automatic loading and execution of the tools.py file located in the working directory, which coul...

7.8CVSS6.2AI score0.00209EPSS
Exploits0References1
OSV
OSV
added 2025/09/16 8:51 a.m.6 views

BIT-PRESTASHOP-2024-36626

In prestashop 8.1.4, a NULL pointer dereference was identified in the mathround function within Tools.php...

5.3CVSS6.9AI score0.00628EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/08/06 12:0 a.m.6 views

DeepResearchAgent 命令注入漏洞

DeepResearchAgent is an open source application from Skywork. DeepResearchAgent has a command injection vulnerability that stems from the incorrect manipulation of parameters in the fromcode/fromdict/frommcp functions in the src/tools/tools.py file, which could lead to os command injection...

6.5CVSS6.8AI score0.02133EPSS
Exploits0References5
CVE
CVE
added 2025/05/12 10:46 a.m.264 views

CVE-2025-22247

CVE-2025-22247 affects open-vm-tools ( VMware Tools open-source components) and can be triggered by a non-administrative guest-VM user due to insecure file handling that may tamper local files, potentially enabling partial integrity impact within the guest. Several advisories confirm affected pac...

6.1CVSS6.2AI score0.00255EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/03/22 12:0 a.m.9 views

PT-2024-22790 · Freescout · Freescout

Name of the Vulnerable Software and Affected Versions: FreeScout versions prior to 1.8.128 Description: FreeScout is a self-hosted help desk and shared mailbox. The issue concerns OS Command Injection in the /public/tools.php source file. The value of the php path parameter is being executed as a...

9CVSS8.2AI score0.01731EPSS
Exploits1References7
Rows per page
Query Builder