| CVE-2026-6604 |
high |
7.3 |
7.3 |
|
|
|
1mo ago |
AgentScope vulnerable to Server-Side Request Forgery |
| CVE-2026-6606 |
high |
7.3 |
7.3 |
|
|
|
1mo ago |
AgentScope vulnerable to Server-Side Request Forgery |
| CVE-2026-6605 |
high |
7.3 |
7.3 |
|
|
|
1mo ago |
AgentScope vulnerable to Server-Side Request Forgery |
| CVE-2026-6603 |
high |
7.3 |
7.3 |
|
|
|
1mo ago |
AgentScope Vulnerable to Remote Code Injection |
| CVE-2024-8502 |
unknown |
— |
— |
|
|
|
1y ago |
AgentScope Deserialization Vulnerability |
| CVE-2024-8524 |
unknown |
— |
— |
|
|
|
1y ago |
A directory traversal vulnerability exists in modelscope/agentscope version 0.0.4. An attacker can exploit this vulnerability to read any local JSON file by sending a crafted POST request to the /rea… |
| CVE-2024-8537 |
unknown |
— |
— |
|
|
|
1y ago |
AgentScope path traversal vulnerability |
| CVE-2024-8487 |
unknown |
— |
— |
|
|
|
1y ago |
A Cross-Origin Resource Sharing (CORS) vulnerability exists in modelscope/agentscope version v0.0.4. The CORS configuration on the agentscope server does not properly restrict access to only trusted … |
| CVE-2024-8551 |
unknown |
— |
— |
|
|
|
1y ago |
AgentScope path traversal vulnerability in save-workflow |
| CVE-2024-8556 |
unknown |
— |
— |
|
|
|
1y ago |
AgentScope stored cross-site scripting (XSS) vulnerability |
| CVE-2024-8501 |
unknown |
— |
— |
|
|
|
1y ago |
An arbitrary file download vulnerability exists in the rpc_agent_client component of modelscope/agentscope version v0.0.4. This vulnerability allows any user to download any file from the rpc_agent's… |
| CVE-2024-8438 |
unknown |
— |
— |
|
|
|
1y ago |
A path traversal vulnerability exists in modelscope/agentscope version v.0.0.4. The API endpoint `/api/file` does not properly sanitize the `path` parameter, allowing an attacker to read arbitrary fi… |
| CVE-2024-8550 |
unknown |
— |
— |
|
|
|
1y ago |
A Local File Inclusion (LFI) vulnerability exists in the /load-workflow endpoint of modelscope/agentscope version v0.0.4. This vulnerability allows an attacker to read arbitrary files from the server… |
| CVE-2024-48050 |
unknown |
— |
— |
|
|
|
2y ago |
In agentscope <=v0.0.4, the file agentscope\web\workstation\workflow_utils.py has the function is_callable_expression. Within this function, the line result = eval(s) poses a security risk as it can … |