CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2 matches found

Github Security Blog•added 2025/10/22 3:31 p.m.•6 views

Hugging Face Smolagents XPath injection vulnerability in the search_item_ctrl_f function

Hugging Face Smolagents version 1.20.0 contains an XPath injection vulnerability in the searchitemctrlf function located in src/smolagents/visionwebbrowser.py. The function constructs an XPath query by directly concatenating user-supplied input into the XPath expression without proper sanitizatio...

5.4CVSS7AI score0.0005EPSS

Exploits2References4Affected Software1

CVE•added 2025/10/22 1:13 p.m.•11 views

CVE-2025-11844

Hugging Face Smolagents 1.20.0 has an XPath injection in search_item_ctrl_f (vision_web_browser.py) where user input is concatenated into XPath queries without sanitization, allowing attackers to modify query logic, bypass filters, and access unintended DOM elements, potentially disrupting AI web...

5.4CVSS5.7AI score0.0005EPSS

Exploits2References2Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by