PraisonAI Has Sandbox Escape via shell=True and Bypassable Blocklist

PraisonAI: Shell Injection in run_python() via Unescaped $() Substitution

PraisonAI: Python Sandbox Escape via str Subclass startswith() Override in

OpenClaw has Sandbox Media Root Bypass via Unnormalized `mediaUrl` / `fileUrl

@mobilenext/mobile-mcp alllows arbitrary file write via Path Traversal in mobile

CAI find_file Agent Tool has Command Injection Vulnerability Through

LangChain Core has Path Traversal vulnerabilites in legacy `load_prompt

Text Prompter – Unlimited chatgpt text prompts for openai tasks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'text_prompter' shortcode in all versions

banks has Critical Remote Code Execution (RCE) via Jinja2 SSTI

llama-cpp-python is the Python bindings for llama.cpp. `llama

Flowise: Parameter Override Bypass Remote Command Execution

files, which leads to a server side template injection vulnerability within langchaingo, allowing an attacker to insert a statement into a prompt to read the "etc/passwd" file

vLLM Vulnerable to Remote DoS via Special-Token Placeholders

LiteLLM: Server-Side Template Injection in /prompts/test endpoint

Open WebUI Affected by an External Model Server (Direct Connections

Langroid has WAF Bypass Leading to RCE in TableChatAgent