Lucene search
K

9 matches found

CNNVD
CNNVD
added 2026/04/12 12:0 a.m.5 views

MetaGPT 代码注入漏洞

MetaGPT is a multi-agent framework developed by MetaGPT Inc. Versions of MetaGPT 0.8.1 and earlier contained a code injection vulnerability. This vulnerability stemmed from the generatethoughts function in the Tree-of-Thought Solver component’s metagpt/strategy/tot.py file, which could lead to...

9.8CVSS7.2AI score0.00409EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.8 views

MetaGPT 代码注入漏洞

MetaGPT is a multi-agent framework developed by MetaGPT Inc. Versions of MetaGPT 0.8.1 and earlier contained a code injection vulnerability. This vulnerability stemmed from operations on the checksolution function within the HumanEvalBenchmark/MBPPBenchmark component, which could lead to code...

9.8CVSS7.2AI score0.00387EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/03/21 12:0 a.m.9 views

MetaGPT 代码注入漏洞

MetaGPT is a multi-agent framework developed by MetaGPT Inc. Versions of MetaGPT 0.8.1 and earlier contained a code injection vulnerability. This vulnerability stemmed from a code injection flaw in the code generate function located in the file metagpt/ext/aflow/scripts/operator.py. It could...

6.5CVSS6.9AI score0.00241EPSS
Exploits0References4
VulnCheck KEV
VulnCheck KEV
added 2025/06/08 12:0 a.m.4 views

VulnCheck KEV: CVE-2025-0868

A vulnerability, that could result in Remote Code Execution RCE, has been found in DocsGPT. Due to improper parsing of JSON data using eval an unauthorized attacker could send arbitrary Python code to be executed via /api/remote endpoint.. This issue affects DocsGPT: from 0.8.1 through 0.12.0...

9.3CVSS7.4AI score0.15099EPSS
Exploits3References1
Snyk
Snyk
added 2025/03/18 3:17 p.m.0 views

Improper Privilege Management

Overview Affected versions of this package are vulnerable to Improper Privilege Management when handling namespace scopes for BMCEventSubscription. A user with namespace level roles can access and manipulate secrets from unauthorized namespaces by creating a BMCEventSubscription in a namespace th...

8.2CVSS6.8AI score0.00169EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/05/14 12:0 a.m.2 views

Dotmesh 安全漏洞

Dotmesh is a git-like CLI open-sourced by Dotscience for capturing, organizing and sharing application state. A security vulnerability exists in Dotmesh 0.8.1 and earlier versions, which stems from the insecure handling of symbolic links in the unpacking routine, and could allow an attacker to re...

8.1CVSS7.8AI score0.00441EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/10/16 12:0 a.m.3 views

PT-2023-8832

Name of the Vulnerable Software and Affected Versions Axios versions 0.8.1 through 1.5.1 Description The issue is related to a JavaScript library and involves a cross-site request forgery vulnerability. This vulnerability can allow a remote attacker to gain unauthorized access to the XSRF-TOKEN...

7.8CVSS7.6AI score0.00556EPSS
Exploits1References28
OSV
OSV
added 2022/05/25 12:0 a.m.3 views

GHSA-236C-VHJ4-GFXG Duplicate Advisory: Embedded malware in ua-parser-js

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-pjwm-rvh2-c87w. This link is maintained to preserve external references. Original Description A vulnerability was found in ua-parser-js 0.7.29/0.8.0/1.0.0. It has been rated as critical. This issue affects the...

8.8CVSS5.4AI score0.01314EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/06/30 12:0 a.m.5 views

libavif 缓冲区错误漏洞

libavif is a library for encoding and decoding .avif files. libavif suffers from a security vulnerability that stems from libavif 0.8.0 and 0.8.1 having an out-of-bounds write in the avifDecoderDataFillImageGrid. no details of the vulnerability are currently available...

8.8CVSS5.5AI score0.01402EPSS
Exploits1References4
Rows per page
Query Builder