MCP Atlassian has SSRF via unvalidated X-Atlassian-Jira-Url

TaskWeaver has Protection Mechanism Failure and Server-Side Request Forgery

OpenClaw: Lower-trust background runtime output is injected into trusted

LangChain vulnerable to unsafe deserialization of attacker-controlled objects through

PraisonAI: Unauthenticated Information Disclosure of Agent Instructions via /api/agents in

Cursor is a code editor built for programming with AI

wireshark-mcp vulnerable to arbitrary file write via export_objects

PPTAgent: Arbitrary Code Execution via Python eval() of LLM-Generated

OpenClaw's gateway config mutation guard allowed unsafe model-driven

OpenClaw: Webchat audio embedding could read local files without local

OpenClaw: Agent gateway config mutations could change protected operator settings

OpenClaw: Isolated cron awareness events were recorded as trusted system

Gemini CLI: Remote Code Execution via workspace trust and tool

Claude Code is an agentic coding tool. Prior to version

SSH/SCP option injection allowing local RCE in @aiondadotcom/mcp-ssh

PraisonAIAgents: SSRF via unvalidated URL in `web_crawl` httpx fallback

PraisonAI: Hardcoded `approval_mode="auto"` in Chainlit UI Overrides Administrator

PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128

openclaw-claude-bridge: sandbox is not effective - `--allowed-tools ""` does

PraisonAI Has SSRF in FileTools.download_file() via Unvalidated URL