14 matches found
EUVD-2025-7402
Malicious code in bioql PyPI...
CVE-2025-1497
A vulnerability, that could result in Remote Code Execution RCE, has been found in PlotAI. Lack of validation of LLM-generated output allows attacker to execute arbitrary Python code. Vendor commented out vulnerable line, further usage of the software requires uncommenting it and thus accepting t...
Arbitrary Command Injection
Overview plotai is a Create plots in Python with AI Affected versions of this package are vulnerable to Arbitrary Command Injection in executor.py due to lack of validation of LLM-generated output. An attacker can supply code which will then be executed with Python's exec function. Remediation...
GHSA-2HMP-5WQG-F24H PlotAI eval vulnerability
A vulnerability, that could result in Remote Code Execution RCE, has been found in PlotAI. Lack of validation of LLM-generated output allows attacker to execute arbitrary Python code. PlotAI commented out vulnerable line, further usage of the software requires uncommenting it and thus accepting t...
PlotAI eval vulnerability
A vulnerability, that could result in Remote Code Execution RCE, has been found in PlotAI. Lack of validation of LLM-generated output allows attacker to execute arbitrary Python code. PlotAI commented out vulnerable line, further usage of the software requires uncommenting it and thus accepting t...
PYSEC-2025-22
A vulnerability, that could result in Remote Code Execution RCE, has been found in PlotAI. Lack of validation of LLM-generated output allows attacker to execute arbitrary Python code.Vendor commented out vulnerable line, further usage of the software requires uncommenting it and thus accepting th...
CVE-2025-1497
A vulnerability, that could result in Remote Code Execution RCE, has been found in PlotAI. Lack of validation of LLM-generated output allows attacker to execute arbitrary Python code. Vendor commented out vulnerable line, further usage of the software requires uncommenting it and thus accepting t...
CVE-2025-1497
A vulnerability, that could result in Remote Code Execution RCE, has been found in PlotAI. Lack of validation of LLM-generated output allows attacker to execute arbitrary Python code. Vendor commented out vulnerable line, further usage of the software requires uncommenting it and thus accepting t...
PYSEC-2025-22
A vulnerability, that could result in Remote Code Execution RCE, has been found in PlotAI. Lack of validation of LLM-generated output allows attacker to execute arbitrary Python code. Vendor commented out vulnerable line, further usage of the software requires uncommenting it and thus accepting t...
CVE-2025-1497 Remote Code Execution in PlotAI
A vulnerability, that could result in Remote Code Execution RCE, has been found in PlotAI. Lack of validation of LLM-generated output allows attacker to execute arbitrary Python code. Vendor commented out vulnerable line, further usage of the software requires uncommenting it and thus accepting t...
CVE-2025-1497 Remote Code Execution in PlotAI
A vulnerability, that could result in Remote Code Execution RCE, has been found in PlotAI. Lack of validation of LLM-generated output allows attacker to execute arbitrary Python code. Vendor commented out vulnerable line, further usage of the software requires uncommenting it and thus accepting t...
CVE-2025-1497
PlotAI contains a vulnerability (CVE-2025-1497) where lack of validation of LLM-generated output can allow an attacker to execute arbitrary Python code (RCE). The issue affects PlotAI as described in multiple sources; the vendor has commented out the vulnerable line and states that further use re...
PT-2025-10588
Name of the Vulnerable Software and Affected Versions PlotAI affected versions not specified Description A vulnerability has been found that could result in Remote Code Execution RCE. The issue is due to the lack of validation of LLM-generated output, which allows an attacker to execute arbitrary...
PlotAI 命令注入漏洞
PlotAI is an open source plotting assistant for MLJAR. A security vulnerability exists in PlotAI 0.0.6 and earlier versions, which stems from a lack of validation of LLM-generated output and could lead to remote code execution...