Lucene search
K

1582 matches found

Cvelist
Cvelist
added 7 hours ago4 views

CVE-2026-61433 PraisonAI before 4.6.78 Code Injection via API deployment generator

PraisonAI before 4.6.78 fails to safely encode deployment configuration values when generating Python source code for API servers. Attackers can inject arbitrary Python expressions through the deploy.api.host and agentsfile configuration parameters that execute when the generated server starts or...

8.5CVSS
Exploits0References3
Cvelist
Cvelist
added yesterday20 views

CVE-2026-24226

NVIDIA TensorRT-LLM for Linux contains a vulnerability where an attacker could cause improper control of code generation. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure...

6.3CVSS
Exploits0References2
NVD
NVD
added 2 days ago8 views

CVE-2026-57811

Improper Control of Generation of Code 'Code Injection' vulnerability in Realtyna Realtyna Organic IDX plugin real-estate-listing-realtyna-wpl allows Remote Code Inclusion.This issue affects Realtyna Organic IDX plugin: from n/a through = 5.2.0...

10CVSS0.0032EPSS
Exploits0References1
NVD
NVD
added 2026/07/01 4:16 p.m.11 views

CVE-2026-24248

NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper control of code generation. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure...

7.8CVSS0.00175EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/01 2:57 p.m.34 views

CVE-2026-24248

NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper control of code generation. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure...

7.8CVSS0.00175EPSS
Exploits0References3
CVE
CVE
added 2026/07/01 2:57 p.m.16 views

CVE-2026-24248

NVIDIA Megatron Bridge for Linux contains CVE-2026-24248: an attacker could cause improper control of code generation, potentially leading to code execution, privilege escalation, data tampering, and information disclosure. Affected product: Megatron Bridge for Linux. Root cause: improper control...

7.8CVSS5.8AI score0.00175EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/01 2:57 p.m.7 views

CVE-2026-24248

NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper control of code generation. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure...

7.8CVSS5.8AI score0.00175EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.5 views

PT-2026-54718

Name of the Vulnerable Software and Affected Versions NVIDIA Megatron Bridge for Linux affected versions not specified Description An issue exists where an attacker could cause improper control of code generation. This could lead to code execution, escalation of privileges, data tampering, and...

7.8CVSS6AI score0.00175EPSS
Exploits0References5
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-271 Apache Airflow Hive Provider vulnerable to code injection

Apache Software Foundation's Apache Airflow Hive Provider before 6.0.0 is vulnerable to improper control of generation of code...

9.8CVSS7.3AI score0.02765EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/06/22 4:16 p.m.5 views

CVE-2026-54271

protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.3.2 and 2.5.0, a previous fix for unsafe name handling in pbjs static / static-module code generation was incomplete. Affected versions of protobufjs-cli could still emit unsafe JavaScript references when generating static outp...

8.2CVSS5.9AI score0.00228EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/22 4:16 p.m.2 views

CVE-2026-54271 protobufjs-cli: Code injection in pbjs static output from crafted JSON descriptor names

protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.3.2 and 2.5.0, a previous fix for unsafe name handling in pbjs static / static-module code generation was incomplete. Affected versions of protobufjs-cli could still emit unsafe JavaScript references when generating static outp...

8.2CVSS6AI score0.00228EPSS
Exploits0References3
Redos
Redos
added 2026/06/22 12:0 a.m.6 views

ROS-20260622-73-0022

The vulnerability in Thunderbird is related to incorrect code generation. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

9.8CVSS6.2AI score0.00446EPSS
Exploits0
Redos
Redos
added 2026/06/22 12:0 a.m.5 views

ROS-20260622-73-0020

The vulnerability in Firefox is related to incorrect code generation. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

9.8CVSS6.2AI score0.00446EPSS
Exploits0
NVD
NVD
added 2026/06/19 8:16 p.m.16 views

CVE-2026-48787

gin-vue-admin is an AI-assisted basic development platform. In version 2.9.1, an authenticated attacker with access to the code-generation feature and MCP management interface can exploit this vulnerability by injecting attacker-controlled Go source code through POST /autoCode/addFunc, and then...

8.7CVSS0.0047EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/19 7:46 p.m.28 views

CVE-2026-48787 gin-vue-admin vulnerable to RCE

gin-vue-admin is an AI-assisted basic development platform. In version 2.9.1, an authenticated attacker with access to the code-generation feature and MCP management interface can exploit this vulnerability by injecting attacker-controlled Go source code through POST /autoCode/addFunc, and then...

8.7CVSS0.0047EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/19 7:46 p.m.5 views

CVE-2026-48787

gin-vue-admin is an AI-assisted basic development platform. In version 2.9.1, an authenticated attacker with access to the code-generation feature and MCP management interface can exploit this vulnerability by injecting attacker-controlled Go source code through POST /autoCode/addFunc, and then...

8.7CVSS6.6AI score0.0047EPSS
Exploits0References2
OSV
OSV
added 2026/06/19 7:46 p.m.3 views

CVE-2026-48787 gin-vue-admin vulnerable to RCE

gin-vue-admin is an AI-assisted basic development platform. In version 2.9.1, an authenticated attacker with access to the code-generation feature and MCP management interface can exploit this vulnerability by injecting attacker-controlled Go source code through POST /autoCode/addFunc, and then...

8.7CVSS6.6AI score0.0047EPSS
Exploits0References3
CVE
CVE
added 2026/06/19 7:46 p.m.24 views

CVE-2026-48787

CVE-2026-48787 affects gin-vue-admin (AI-assisted basic development platform) in version 2.9.1. An authenticated attacker with access to the code-generation feature and MCP management interface can inject attacker-controlled Go source code via POST /autoCode/addFunc, then trigger a rebuild of the...

8.7CVSS6.6AI score0.0047EPSS
Exploits0References1
NVD
NVD
added 2026/06/19 2:16 p.m.14 views

CVE-2026-9143

There is an incorrect conversion between numeric types vulnerability in NI grpc-device due to missing range checks in CodeGen. This may silently discard high bits if a size value exceeded the target type's range. This affects NI grpc-device 2.17.0 and prior versions...

6.3CVSS0.0018EPSS
Exploits0References2
OSV
OSV
added 2026/06/19 2:16 p.m.1 views

CVE-2026-9143

There is an incorrect conversion between numeric types vulnerability in NI grpc-device due to missing range checks in CodeGen. This may silently discard high bits if a size value exceeded the target type's range. This affects NI grpc-device 2.17.0 and prior versions...

5.3CVSS5.9AI score
Exploits0References2
Rows per page
Query Builder