PYSEC-2025-80

A path traversal vulnerability exists in modelscope/agentscope version v.0.0.4. The API endpoint /api/file does not properly sanitize the path parameter, allowing an attacker to read arbitrary files on the server...

PYSEC-2025-82

An arbitrary file download vulnerability exists in the rpcagentclient component of modelscope/agentscope version v0.0.4. This vulnerability allows any user to download any file from the rpcagent's host by exploiting the downloadfile method. This can lead to unauthorized access to sensitive...

CVE-2024-10051

Realchar version v0.0.4 is vulnerable to an unauthenticated denial of service DoS attack. The vulnerability exists in the file upload request handling, where appending characters, such as dashes -, to the end of a multipart boundary in an HTTP request causes the server to continuously process eac...

PT-2025-12023

Name of the Vulnerable Software and Affected Versions Realchar version v0.0.4 Description The issue is an unauthenticated denial of service DoS attack that exists in the file upload request handling. By appending characters, such as dashes -, to the end of a multipart boundary in an HTTP request,...

CVE-2024-48050

In agentscope =v0.0.4, the file agentscope\web\workstation\workflowutils.py has the function iscallableexpression. Within this function, the line result = evals poses a security risk as it can directly execute user-provided commands...

CVE-2024-48050

CVE-2024-48050 affects AgentScope

obx Prototype Pollution

almela obx before v.0.0.4 has a Prototype Pollution issue which allows arbitrary code execution via the obx/build/index.js:656, reduce @almela/obx/build/index.js:470, Object.set obx/build/index.js:269 component...

CVE-2024-36573

almela obx before v.0.0.4 has a Prototype Pollution issue which allows arbitrary code execution via the obx/build/index.js:656, reduce @almela/obx/build/index.js:470, Object.set obx/build/index.js:269 component...

CVE-2022-38621

Doufox v0.0.4 was discovered to contain a remote code execution RCE vulnerability via the edit file page. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2022-38621

Doufox v0.0.4 was discovered to contain a remote code execution RCE vulnerability via the edit file page. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...

Remote code execution

Doufox v0.0.4 was discovered to contain a remote code execution RCE vulnerability via the edit file page. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2022-38621

CVE-2022-38621 concerns Doufox v0.0.4, where a remote code execution (RCE) vulnerability exists on the edit file page. The issue allows an attacker to execute arbitrary code by supplying a crafted PHP file, as described across multiple sources (notably the NVD entry with a 9.8 CVSSv3.1 score). Th...

CVE-2022-38621

Doufox v0.0.4 was discovered to contain a remote code execution RCE vulnerability via the edit file page. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2022-29188 Smokescreen SSRF via deny list bypass (square brackets) in Smokescreen

Smokescreen is an HTTP proxy. The primary use case for Smokescreen is to prevent server-side request forgery SSRF attacks in which external attackers leverage the behavior of applications to connect to or scan internal infrastructure. Smokescreen also offers an option to deny access to additional...