CVSS: 9.0EPSS: 0%CPEs: -EXPL: 0CVE-2025-1040 – Server-Side Template Injection (SSTI) in significant-gravitas/autogpt
https://notcve.org/view.php?id=CVE-2025-1040
20 Mar 2025 — AutoGPT versions 0.3.4 and earlier are vulnerable to a Server-Side Template Injection (SSTI) that could lead to Remote Code Execution (RCE). The vulnerability arises from the improper handling of user-supplied format strings in the `AgentOutputBlock` implementation, where malicious input is passed to the Jinja2 templating engine without adequate security measures. • https://github.com/significant-gravitas/autogpt/commit/6dba31e0215549604bdcc1aed24e3a1714e75ee2 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-12450 – RCE, Full Read SSRF, and Arbitrary File Read in infiniflow/ragflow
https://notcve.org/view.php?id=CVE-2024-12450
20 Mar 2025 — Furthermore, the use of an outdated Chromium headless version with --no-sandbox mode enabled makes the application susceptible to Remote Code Execution (RCE) via known Chromium v8 vulnerabilities. • https://github.com/infiniflow/ragflow/commit/3faae0b2c2f8a26233ee1442ba04874b3406f6e9 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.7EPSS: 0%CPEs: -EXPL: 0CVE-2024-7034 – Remote Code Execution due to Arbitrary File Write in open-webui/open-webui
https://notcve.org/view.php?id=CVE-2024-7034
20 Mar 2025 — This can lead to unauthorized modifications of system binaries, configuration files, or sensitive data, potentially enabling remote command execution. • https://huntr.com/bounties/711beada-10fe-4567-9278-80a689da8613 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-10954 – Prompt Injection Leading to RCE in binary-husky/gpt_academic Plugin `manim`
https://notcve.org/view.php?id=CVE-2024-10954
20 Mar 2025 — The root cause is the execution of untrusted code generated by the LLM without a proper sandbox. This allows an attacker to perform remote code execution (RCE) on the app backend server by injecting malicious code through the prompt. • https://huntr.com/bounties/72d034e3-6ca2-495d-98a7-ac9565588c09 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-11958 – SQL Injection in run-llama/llama_index
https://notcve.org/view.php?id=CVE-2024-11958
20 Mar 2025 — A SQL injection vulnerability exists in the `duckdb_retriever` component of the run-llama/llama_index repository, specifically in the latest version. The vulnerability arises from the construction of SQL queries without using prepared statements, allowing an attacker to inject arbitrary SQL code. This can lead to remote code execution (RCE) by installing the shellfs extension and executing malicious commands. • https://github.com/run-llama/llama_index/commit/35bd221e948e40458052d30c6ef2779bc965b6d0 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-12389 – Path Traversal in binary-husky/gpt_academic
https://notcve.org/view.php?id=CVE-2024-12389
20 Mar 2025 — An attacker can exploit this vulnerability to perform arbitrary file writes, which can lead to remote code execution. • https://huntr.com/bounties/37afb1c9-bba9-47ee-8617-a5f715271654 • CWE-29: Path Traversal: '\..\filename' •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-11041 – Remote Code Execution in vllm-project/vllm
https://notcve.org/view.php?id=CVE-2024-11041
20 Mar 2025 — The function uses pickle.loads to parse received sockets directly, leading to a remote code execution vulnerability. An attacker can exploit this by sending a malicious payload to the MessageQueue, causing the victim's machine to execute arbitrary code. • https://huntr.com/bounties/00136195-11e0-4ad0-98d5-72db066e867f • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-10950 – Code Injection in binary-husky/gpt_academic
https://notcve.org/view.php?id=CVE-2024-10950
20 Mar 2025 — In binary-husky/gpt_academic version <= 3.83, the plugin `CodeInterpreter` is vulnerable to code injection caused by prompt injection. The root cause is the execution of user-provided prompts that generate untrusted code without a sandbox, allowing the execution of parts of the LLM-generated code. This vulnerability can be exploited by an attacker to achieve remote code execution (RCE) on the application backend serve... • https://huntr.com/bounties/9abb1617-0c1d-42c7-a647-d9d2b39c6866 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-12390 – Remote Code Execution in binary-husky/gpt_academic
https://notcve.org/view.php?id=CVE-2024-12390
20 Mar 2025 — A vulnerability in binary-husky/gpt_academic version git 310122f allows for remote code execution. ... This can lead to remote code execution by writing to sensitive files such as SSH keys, crontab files, or the application's own code. • https://huntr.com/bounties/1add2b26-460d-4aa5-8fda-ab045d153177 • CWE-475: Undefined Behavior for Input to API •
CVSS: 9.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-9439 – Remote Code Execution in transformeroptimus/superagi
https://notcve.org/view.php?id=CVE-2024-9439
20 Mar 2025 — SuperAGI is vulnerable to remote code execution in the latest version. • https://huntr.com/bounties/d710884f-b5ab-4b31-a2e6-e4b38488def1 • CWE-94: Improper Control of Generation of Code ('Code Injection') •