Force1ess - Security Researcher - Exploit Intelligence Platform

CVE-2026-42078 WRITEUP MEDIUM WRITEUP

PPTAgent: Arbitrary File Write + Directory Creation via markdown_table_to_image

PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, PPTAgent is vulnerable to arbitrary file write and directory creation via markdown_table_to_image. This issue has been patched via commit 418491a.

CVSS 4.6

View Code

CVE-2026-42079 WRITEUP HIGH WRITEUP

PPTAgent: Arbitrary Code Execution via Python eval() of LLM-Generated Code with Builtins in Scope

PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, PPTAgent is vulnerable to arbitrary code execution via Python eval() of LLM-generated code with builtins in scope. This issue has been patched via commit 418491a.

CVSS 8.6

View Code

CVE-2026-42080 WRITEUP MEDIUM WRITEUP

PPTAgent: Arbitrary File Write via `save_generated_slides`

PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, there is an arbitrary file write vulnerability via `save_generated_slides`. This issue has been patched via commit 418491a.

CVSS 4.6

View Code