Manu

2 exploits Active since Dec 2007

CVE-2026-35002 WRITEUP CRITICAL WRITEUP

Agno < 2.3.24 field_type Eval Injection Arbitrary Code Execution

Agno versions prior to 2.3.24 contain an arbitrary code execution vulnerability in the model execution component that allows attackers to execute arbitrary Python code by manipulating the field_type parameter passed to eval(). Attackers can influence the field_type value in a FunctionCall to achieve remote code execution.

CVSS 9.8

View Code

CVE-2007-6301 EXPLOITDB text WORKING POC

OpenNewsletter <2.5 - XSS

Cross-site scripting (XSS) vulnerability in compose.php in OpenNewsletter 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the type parameter.

View Code