OpenClaw: Isolated cron awareness events were recorded as trusted system

Gemini CLI: Remote Code Execution via workspace trust and tool

Claude Code is an agentic coding tool. Prior to version

SSH/SCP option injection allowing local RCE in @aiondadotcom/mcp-ssh

PraisonAIAgents: SSRF via unvalidated URL in `web_crawl` httpx fallback

PraisonAI: Hardcoded `approval_mode="auto"` in Chainlit UI Overrides Administrator

PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128

openclaw-claude-bridge: sandbox is not effective - `--allowed-tools ""` does

PraisonAI Has SSRF in FileTools.download_file() via Unvalidated URL

PraisonAI Has Sandbox Escape via shell=True and Bypassable Blocklist

PraisonAI: Shell Injection in run_python() via Unescaped $() Substitution

PraisonAI: Python Sandbox Escape via str Subclass startswith() Override in

OpenClaw has Sandbox Media Root Bypass via Unnormalized `mediaUrl` / `fileUrl

@mobilenext/mobile-mcp alllows arbitrary file write via Path Traversal in mobile

CAI find_file Agent Tool has Command Injection Vulnerability Through

PraisonAI: Jobs API exposes agent-execution endpoints with no authentication

LangChain Core has Path Traversal vulnerabilites in legacy `load_prompt

PraisonAI: Arbitrary File Read via `@file:` Mention Path Traversal

Text Prompter – Unlimited chatgpt text prompts for openai tasks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'text_prompter' shortcode in all versions

llama-cpp-python is the Python bindings for llama.cpp. `llama