Lucene search
K

72 matches found

NVD
NVD
added 6 days ago6 views

CVE-2026-59214

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, Open WebUI runs client-side Python with Pyodide in a same-origin web worker, allowing stored chat payloads that use pyodide.http.pyfetch or the js module fetch and XMLHttpRequest APIs to issue...

9CVSS0.00285EPSS
Exploits0References1
CVE
CVE
added 6 days ago8 views

CVE-2026-59214

Open WebUI (self-hosted AI platform) is affected by a vulnerability described as a stored web worker XSS via Pyodide. Prior to version 0.10.0, the platform runs client-side Python with Pyodide inside a same-origin web worker, which could allow stored chat payloads using pyodide.http.pyfetch or th...

9CVSS6.1AI score0.00285EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-42616

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, Open WebUI runs client-side Python with Pyodide in a same-origin web worker, allowing stored chat payloads that use pyodide.http.pyfetch or the js module fetch and XMLHttpRequest APIs to issue...

7.3CVSS6.1AI score0.00285EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago32 views

CVE-2026-59214 Open WebUI: Stored web worker XSS via Pyodide

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, Open WebUI runs client-side Python with Pyodide in a same-origin web worker, allowing stored chat payloads that use pyodide.http.pyfetch or the js module fetch and XMLHttpRequest APIs to issue...

7.3CVSS0.00285EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2026/04/22 7:16 a.m.12 views

Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution, Container Escape

A critical security vulnerability has been disclosed in a Python-based sandbox called Terrarium that could result in arbitrary code execution. The vulnerability, tracked as CVE-2026-5752 , is rated 9.3 on the CVSS scoring system. "Sandbox escape vulnerability in Terrarium allows arbitrary code...

9.3CVSS6.5AI score0.00209EPSS
Exploits0
Snyk
Snyk
added 2026/04/21 8:19 p.m.5 views

Incomplete List of Disallowed Inputs

Overview flowise-components is a Flowiseai Components Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs via the run function of the CSVAgents class when evaluating LLM-generated Python scripts in a pyodide environment without sufficient sandboxing. An attack...

9.8CVSS6.3AI score0.01028EPSS
Exploits3References2
CERT
CERT
added 2026/04/21 12:0 a.m.12 views

Terrarium contains a vulnerability that allows arbitrary code execution

Overview Terrarium is a sandbox-based code execution platform that enables users to run and execute code in a controlled environment, providing a secure way to test and validate code. However, a vulnerability has been discovered in Terrarium that allows arbitrary code execution with root privileg...

9.3CVSS6.8AI score0.00209EPSS
Exploits0References4
OSV
OSV
added 2026/04/16 9:44 p.m.6 views

GHSA-9WC7-MJ3F-74XV Flowise: Code Injection in CSVAgent leads to Authenticated RCE

Summary The CSVAgent allows providing a custom Pandas CSV read code. Due to lack of sanitization, an attacker can provide the following payload: DataFrame'foo': 'bar!';import os;os.system'whoami' that will get interpolated and executed by the server. Details The code in question that introduces t...

9.4CVSS6.1AI score0.0145EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/04/16 9:44 p.m.12 views

Flowise: Code Injection in CSVAgent leads to Authenticated RCE

Summary The CSVAgent allows providing a custom Pandas CSV read code. Due to lack of sanitization, an attacker can provide the following payload: DataFrame'foo': 'bar!';import os;os.system'whoami' that will get interpolated and executed by the server. Details The code in question that introduces t...

9.4CVSS6.1AI score0.0145EPSS
Exploits1References3Affected Software2
Snyk
Snyk
added 2026/04/16 9:43 p.m.3 views

Arbitrary Code Injection

Overview flowise-components is a Flowiseai Components Affected versions of this package are vulnerable to Arbitrary Code Injection through the pythonCodeValidator and the Python execution paths in AirtableAgent.ts and CSVAgent.ts. An attacker can supply LLM-generated Python code that smuggles in...

8.8CVSS6.1AI score0.00603EPSS
Exploits1References2
OSV
OSV
added 2026/04/16 9:43 p.m.7 views

GHSA-F228-CHMX-V6J6 Flowise: Remote code execution vulnerability in AirtableAgent.ts caused by lack of input verification when using `Pandas`.

Description Summary “AirtableAgent” is an agent function provided by FlowiseAI that retrieves search results by accessing private datasets from airtable.com. “AirtableAgent” uses Python, along with Pyodide and Pandas, to get and return results. The user’s input is directly applied to the question...

8.3CVSS6.6AI score0.00603EPSS
Exploits1References3
GithubExploit
GithubExploit
added 2026/02/22 10:16 a.m.184 views

Exploit for Protection Mechanism Failure in N8N

N8Scape: CVE-2025-68668 Breakdown This is my personal writeup...

9.9CVSS6.9AI score0.12685EPSS
Exploits4
RedhatCVE
RedhatCVE
added 2026/02/10 1:23 p.m.8 views

CVE-2026-25905

The Python code being run by 'runPython' or 'runPythonAsync' is not isolated from the rest of the JS code, allowing any Python code to use the Pyodide APIs to modify the JS environment. This may result in an attacker hijacking the MCP server - for malicious purposes including MCP tool shadowing...

5.8CVSS5.6AI score0.00177EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/02/09 9:30 a.m.8 views

MCP Run Python has a Sandbox Escape & Server Takeover Vulnerability

Impact Critical Sandbox Escape & Server Takeover: A critical security vulnerability exists in mcp-run-python due to a lack of isolation between the Python runtime Pyodide and the host JavaScript environment. The runPython and runPythonAsync functions execute Python code using Pyodide without...

5.8CVSS6.1AI score0.00177EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/02/09 9:30 a.m.7 views

GHSA-PFV4-WMPH-5GC6 MCP Run Python has a Sandbox Escape & Server Takeover Vulnerability

Impact Critical Sandbox Escape & Server Takeover: A critical security vulnerability exists in mcp-run-python due to a lack of isolation between the Python runtime Pyodide and the host JavaScript environment. The runPython and runPythonAsync functions execute Python code using Pyodide without...

5.8CVSS6.3AI score0.00177EPSS
Exploits0References3
NVD
NVD
added 2026/02/09 9:16 a.m.54 views

CVE-2026-25905

The Python code being run by 'runPython' or 'runPythonAsync' is not isolated from the rest of the JS code, allowing any Python code to use the Pyodide APIs to modify the JS environment. This may result in an attacker hijacking the MCP server - for malicious purposes including MCP tool shadowing...

5.8CVSS0.00177EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/09 9:1 a.m.6 views

CVE-2026-25905 Lack of isolation in mcp-run-python leads to MCP server takeover

The Python code being run by 'runPython' or 'runPythonAsync' is not isolated from the rest of the JS code, allowing any Python code to use the Pyodide APIs to modify the JS environment. This may result in an attacker hijacking the MCP server - for malicious purposes including MCP tool shadowing...

5.8CVSS5.6AI score0.00177EPSS
Exploits0References1
CVE
CVE
added 2026/02/09 9:1 a.m.21 views

CVE-2026-25905

CVE-2026-25905 describes a lack of isolation between Python code executed by runPython/runPythonAsync and the surrounding JavaScript environment. This lets Python code access Pyodide APIs to modify the JS context, which could enable an attacker to hijack the MCP server and shadow MCP tooling. The...

5.8CVSS5.6AI score0.00177EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/09 9:1 a.m.35 views

CVE-2026-25905 Lack of isolation in mcp-run-python leads to MCP server takeover

The Python code being run by 'runPython' or 'runPythonAsync' is not isolated from the rest of the JS code, allowing any Python code to use the Pyodide APIs to modify the JS environment. This may result in an attacker hijacking the MCP server - for malicious purposes including MCP tool shadowing...

5.8CVSS0.00177EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/09 9:1 a.m.4 views

CVE-2026-25905

The Python code being run by 'runPython' or 'runPythonAsync' is not isolated from the rest of the JS code, allowing any Python code to use the Pyodide APIs to modify the JS environment. This may result in an attacker hijacking the MCP server - for malicious purposes including MCP tool shadowing...

5.8CVSS5.6AI score0.00177EPSS
Exploits0References2
Rows per page
Query Builder