3 matches found
CVE-2025-65368
SparkyFitness v0.15.8.2 is vulnerable to Cross Site Scripting XSS via user input and LLM output...
SparkyFitness security vulnerability
SparkyFitness is a fitness and health management platform developed by CodeWithCJ. Version SparkyFitness v0.15.8.2 contains a security vulnerability, which stems from improper handling of user input and LLM outputs, potentially leading to cross-site scripting attacks...
Arbitrary Command Injection
Overview plotai is a Create plots in Python with AI Affected versions of this package are vulnerable to Arbitrary Command Injection in executor.py due to lack of validation of LLM-generated output. An attacker can supply code which will then be executed with Python's exec function. Remediation...