Flowise: Airtable_Agent Code Injection Remote Code Execution Vulnerability

PraisonAI Vulnerable to OS Command Injection

GraphCypherQAChain class of langchain-ai/langchain version 0.2.5 allows for SQL injection through prompt injection. This vulnerability can lead to unauthorized data manipulation, data exfiltration, denial of service

langchain-ai/langchainjs versions 0.2.5 and all versions with this class allows for prompt injection, leading to SQL injection. This vulnerability permits unauthorized data manipulation, data exfiltration, denial of service

PandasAI uses an interactive prompt function that is vulnerable to prompt injection and run arbitrary Python code that can lead to Remote Code Execution (RCE) instead of the intended explanation

from the lack of proper sandboxing when evaluating an LLM generated python script. Using prompt injection techniques, an unauthenticated attacker with the ability to send prompts to a chatflow using

Flowise: CSV Agent Prompt Injection Remote Code Execution Vulnerability

LangChain through 0.0.131, the LLMMathChain chain allows prompt injection attacks that can execute arbitrary code via the Python exec method

OpenClaw Agent Platform v2026.2.6 allows attackers to execute arbitrary code via a Request-Side prompt injection attack

function and markdown image processing. Attackers can influence tool calls through direct manipulation or prompt injection to trigger requests to internal services and re-upload responses as Feishu media

result, an attacker can execute arbitrary Python and OS commands on the server via prompt injection, leading to full Remote Code Execution (RCE). Version 1.8.0 fixes the issue

langchain-ai v0.3.51 was discovered to contain an indirect prompt injection vulnerability in the GmailToolkit component. This vulnerability allows attackers to execute arbitrary code and compromise the application

Cline Kanban Server has a Cross-Origin WebSocket Hijacking Vulnerability

Langchain SQL Injection vulnerability

Gemini CLI: Remote Code Execution via workspace trust and tool

PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128

PraisonAI: Python Sandbox Escape via str Subclass startswith() Override in

CAI find_file Agent Tool has Command Injection Vulnerability Through

llama-cpp-python is the Python bindings for llama.cpp. `llama

files, which leads to a server side template injection vulnerability within langchaingo, allowing an attacker to insert a statement into a prompt to read the "etc/passwd" file