4 matches found
GHSA-PXHG-7XR2-W7XG PPTAgent: Arbitrary File Write via `save_generated_slides`
Summary This vulnerability has been fixed in https://github.com/icip-cas/PPTAgent/commit/418491a9a1c02d9d93194b5973bb58df35cf9d00. The savegeneratedslides MCP tool accepts a pptxpath argument and writes the generated PPTX file to that path without any workspace restriction or path validation:...
PPTAgent: Arbitrary File Write via `save_generated_slides`
Summary This vulnerability has been fixed in https://github.com/icip-cas/PPTAgent/commit/418491a9a1c02d9d93194b5973bb58df35cf9d00. The savegeneratedslides MCP tool accepts a pptxpath argument and writes the generated PPTX file to that path without any workspace restriction or path validation:...
EUVD-2026-21164
PraisonAIAgents: Arbitrary File Read via readskillfile Missing Workspace Boundary and Approval Gate...
CVE-2026-40117
PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, readskillfile in skilltools.py allows reading arbitrary files from the filesystem by accepting an unrestricted skillpath parameter. Unlike filetools.readfile which enforces workspace boundary confinement, and unlike runskillscript...