152 matches found
CVE-2026-42079
PPTAgent (the PPTAgent framework) is affected by CVE-2026-42079 due to an arbitrary code execution flaw: Python eval() executes LLM-generated code with builtins in scope. This vulnerability existed prior to commit 418491a and has been patched in that commit. The issue is triggered locally (attack...
CVE-2026-42079 PPTAgent: Arbitrary Code Execution via Python eval() of LLM-Generated Code with Builtins in Scope
PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, PPTAgent is vulnerable to arbitrary code execution via Python eval of LLM-generated code with builtins in scope. This issue has been patched via commit 418491a...
CVE-2026-42079 PPTAgent: Arbitrary Code Execution via Python eval() of LLM-Generated Code with Builtins in Scope
PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, PPTAgent is vulnerable to arbitrary code execution via Python eval of LLM-generated code with builtins in scope. This issue has been patched via commit 418491a...
CVE-2026-42079
PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, PPTAgent is vulnerable to arbitrary code execution via Python eval of LLM-generated code with builtins in scope. This issue has been patched via commit 418491a...
PT-2026-36857
Name of the Vulnerable Software and Affected Versions PPTAgent versions prior to commit 418491a Description An agentic framework for reflective PowerPoint generation allows arbitrary code execution. This occurs because the software uses the Python eval function to process code generated by a Larg...
CVE-2026-7687
LangFlow (langflow) up to version 1.8.4 is affected by a command-injection vulnerability in CodeParser.parse_callable_details (file src/lfx/src/lfx/custom/code_parser/code_parser.py, component Full Builtins Module Handler). The issue can be triggered remotely and an exploit has been publicly disc...
CVE-2026-7687 langflow-ai langflow Full Builtins code_parser.py CodeParser.parse_callable_details command injection
A vulnerability was determined in langflow-ai langflow up to 1.8.4. Affected by this issue is the function CodeParser.parsecallabledetails of the file src/lfx/src/lfx/custom/codeparser/codeparser.py of the component Full Builtins Module Handler. Executing a manipulation can lead to command...
CVE-2026-7687 langflow-ai langflow Full Builtins code_parser.py CodeParser.parse_callable_details command injection
A vulnerability was determined in langflow-ai langflow up to 1.8.4. Affected by this issue is the function CodeParser.parsecallabledetails of the file src/lfx/src/lfx/custom/codeparser/codeparser.py of the component Full Builtins Module Handler. Executing a manipulation can lead to command...
Langflow 注入漏洞
Langflow is an open-source visualization framework developed by Langflow for building multi-agent and RAG applications. Versions of Langflow 1.8.4 and earlier have a injection vulnerability, which stems from a function in the component Full Builtins Module Handler: CodeParser.parsecallabledetails...
GHSA-VP22-38M5-R39R PySpector has a Plugin Code Execution Bypass via Incomplete Static Analysis in PluginSecurity.validate_plugin_code
Summary The plugin security validator in PySpector uses AST-based static analysis to prevent dangerous code from being loaded as plugins. The blocklist implemented in PluginSecurity.validateplugincode is incomplete and can be bypassed using several Python constructs that are not checked. An...
CVE-2026-33947
jq is a command-line JSON processor. In versions 1.8.1 and below, functions jvsetpath, jvgetpath, and delpathssorted in jq's src/jvaux.c use unbounded recursion whose depth is controlled by the length of a caller-supplied path array, with no depth limit enforced. An attacker can supply a JSON...
CVE-2026-33947
jq is a command-line JSON processor. In versions 1.8.1 and below, functions jvsetpath, jvgetpath, and delpathssorted in jq's src/jvaux.c use unbounded recursion whose depth is controlled by the length of a caller-supplied path array, with no depth limit enforced. An attacker can supply a JSON...
CVE-2026-39888
PraisonAI is a multi-agent teams system. Prior to 1.5.115, executecode in praisonaiagents.tools.pythontools defaults to sandboxmode="sandbox", which runs user code in a subprocess wrapped with a restricted builtins dict and an AST-based blocklist. The AST blocklist embedded inside the subprocess...
CVE-2026-39888
PraisonAI is a multi-agent teams system. Prior to 1.5.115, executecode in praisonaiagents.tools.pythontools defaults to sandboxmode="sandbox", which runs user code in a subprocess wrapped with a restricted builtins dict and an AST-based blocklist. The AST blocklist embedded inside the subprocess...
PraisonAI has sandbox escape via exception frame traversal in `execute_code` (subprocess mode)
Summary executecode in praisonaiagents.tools.pythontools defaults to sandboxmode="sandbox", which runs user code in a subprocess wrapped with a restricted builtins dict and an AST-based blocklist. The AST blocklist embedded inside the subprocess wrapper blockedattrs, line 143 of pythontools.py...
Security Bulletin: Expr Built-in Functions Recursion DoS Vulnerability (Fixed in v1.17.7) affects watsonx.data
Summary Expr prior to v1.17.7 is vulnerable to a Denial-of-Service DoS due to unbounded recursion in certain built-in functions, which can cause stack overflow and application crashes when processing deeply nested or cyclic data. Fixed in v1.17.7. This can affect watsonx.data. Vulnerability Detai...
Lupa has a Sandbox escape and RCE due to incomplete attribute_filter enforcement in getattr / setattr
Summary The attributefilter in the Lupa library is intended to restrict access to sensitive Python attributes when exposing objects to Lua. However, the filter is not consistently applied when attributes are accessed through built-in functions like getattr and setattr. This allows an attacker to...
Security update for python-deepdiff
This update for python-deepdiff fixes the following issues: CVE-2026-33155: Fixed denial of service via builtins.bytes, builtins.list, builtins.range bsc1260064. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
SUSE-SU-2026:1094-1 Security update for python-deepdiff
This update for python-deepdiff fixes the following issues: - CVE-2026-33155: Fixed denial of service via builtins.bytes, builtins.list, builtins.range bsc1260064...
Scriban: Built-in operations bypass LoopLimit and delay cancellation, enabling Denial of Service
Summary Scriban's LoopLimit only applies to script loop statements, not to expensive iteration performed inside operators and builtins. An attacker can submit a single expression such as 1..1000000 | array.size and force large amounts of CPU work even when LoopLimit is set to a very small value...