ROOT-APP-PYPI-CVE-2023-5752 CVE-2023-5752 in rootio-pip - Patched by Root

Root has patched CVE-2023-5752 in the rootio-pip package for Root:PyPI. Multiple fixed versions available...

MINI-CMQ7-XQVJ-5752

Bulletin has no description...

Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution, Container Escape

A critical security vulnerability has been disclosed in a Python-based sandbox called Terrarium that could result in arbitrary code execution. The vulnerability, tracked as CVE-2026-5752 , is rated 9.3 on the CVSS scoring system. "Sandbox escape vulnerability in Terrarium allows arbitrary code...

CVE-2026-5752

creationtimestamp| type| source ---|---|--- 2026-04-14 20:08:44+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mji6pbziwj23 2026-04-14 21:25:30+00:00| published-proof-of-concept| Telegram/qw6naPQmOSFEqbc3iRVVM5dhGETt1a49wBj6uReZM5MuI0 2026-04-15 03:00:28+00:00| seen|...

Exploit for Path Traversal in Druva Insync_Client

CVE-2020-5752: Druva inSync Local Privilege Escalation A C-ba...

Security Bulletin: Pip Vulnerability Prior to v23.3 Allows Arbitrary Mercurial Configuration Injection via VCS URLs, which affects IBM watsonx.data

Summary When installing a package from a Mercurial VCS URL ie "pip install hg+..." with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call ie "--config". Controlling the Mercurial configuration can modify how and whi...

NewStart CGSL MAIN 7.02 : python-pip Vulnerability (NS-SA-2025-0142)

The remote NewStart CGSL host, running version MAIN 7.02, has python-pip packages installed that are affected by a vulnerability: - When installing a package from a Mercurial VCS URL ie pip install hg+... with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary...

CBL Mariner 2.0 Security Update: python3 (CVE-2023-5752)

The version of python3 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-5752 advisory. - When installing a package from a Mercurial VCS URL ie pip install hg+... with pip prior to v23.3, the...

Azure Linux 3.0 Security Update: python3 (CVE-2023-5752)

The version of python3 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-5752 advisory. - When installing a package from a Mercurial VCS URL ie pip install hg+... with pip prior to v23.3, the...

CVE-2023-5752 affecting package python3 for versions less than 3.9.19-14

CVE-2023-5752 affecting package python3 for versions less than 3.9.19-14. A patched version of the package is available...

CVE-2025-5752

creationtimestamp| type| source ---|---|--- 2025-07-18 05:31:14+00:00| seen| Telegram/vrvYbcREaKreBgIE2rCrEm9VxCpF5J4SQ9bYzcBRjqEVpFk...

CVE-2025-5752 Vertical scroll image slideshow gallery <= 11.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via width Parameter

The Vertical scroll image slideshow gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘width’ parameter in all versions up to, and including, 11.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

WordPress Vertical scroll image slideshow gallery plugin <= 11.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via width Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via width Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin Vertical scroll image slideshow gallery versions = 11.1...

Security Bulletin: IBM Maximo Application Suite - Iot Component uses axios 1.7.9 and Python-3.8.17 which is vulnerable to CVE-2023-40217, CVE-2024-6232, CVE-2022-40897, CVE-2024-6345, CVE-2023-5752 and CVE-2025-27152

Summary IBM Maximo Application Suite - Iot Component uses axios 1.7.9 and Python-3.8.17 which is vulnerable to CVE-2023-40217, CVE-2024-6232, CVE-2022-40897, CVE-2024-6345, CVE-2023-5752 and CVE-2025-27152. This bulletin contains information regarding the vulnerability and its fixture...

Security Bulletin: IBM Security Verify Access is vulnerable to multiple Security Vulnerabilities

Summary The IBM Security Verify Access Appliance and IBM Security Verify Access Container has addressed multiple vulnerabilities in release 10.0.0.8. Vulnerability Details CVEID:CVE-2024-31883 DESCRIPTION: IBM Security Verify Access, under certain configurations, could allow an unauthenticated...

CVE-2024-5752

creationtimestamp| type| source ---|---|--- 2025-03-20 11:40:32+00:00| seen| https://bsky.app/profile/cyberalerts.bsky.social/post/3lksmhiwhhn2o 2025-03-20 15:18:13+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/8202...

CVE-2024-5752

A path traversal vulnerability exists in stitionai/devika, specifically in the project creation functionality. In the affected version beacf6edaa205a5a5370525407a6db45137873b3, the project name is not validated, allowing an attacker to create a project with a crafted name that traverses...

CVE-2024-5752

CVE-2024-5752: Path traversal in stitionai/devika . The vulnerability affects the project creation function of stitionai/devika, where the project name is not validated in version beacf6edaa205a5a5370525407a6db45137873b3, enabling crafted names that traverse directories. This can cause arbitrary ...

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to arbitrary configuration injection due to pip:22.3.1

Summary Pip is used by the DataStage on Cloud Pak for Data px-runtime microservice as part of package installation. Vulnerability Details CVEID:CVE-2023-5752 DESCRIPTION: When installing a package from a Mercurial VCS URL ie "pip install hg+..." with pip prior to v23.3, the specified Mercurial...

Linux Distros Unpatched Vulnerability : CVE-2023-5752

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When installing a package from a Mercurial VCS URL ie pip install hg+... with pip prior to v23.3, the specified Mercurial revision could be used to inject...