Lucene search
+L

1002 matches found

nuclei
nuclei
added 3 days ago157 views

Wazuh - Unsafe Deserialization Remote Code Execution

A critical Remote Code Execution RCE vulnerability exists in Wazuh server versions = 4.4.0 and = 4.4.0 and 4.9.1. The vulnerability occurs due to unsafe deserialization in the wazuh-manager package, specifically in the DistributedAPI where parameters are serialized as JSON and deserialized using...

9.9CVSS7.4AI score0.93027EPSS
Exploits10References3
cve
cve
added 6 days ago27 views

CVE-2026-61447

PraxionAI before 1.6.78 exposes a remote code execution flaw in CodeAgent._execute_python() that executes LLM-generated Python code without AST validation, import restrictions, or sandboxing. This enables prompt-injection to exfiltrate environment secrets and run arbitrary code on the host. The v...

10CVSS6.7AI score0.00544EPSS
Exploits0References2
ptsecurity
ptsecurity
added 6 days ago9 views

PT-2026-57440

Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 1.6.78 Description A remote code execution issue exists in the CodeAgent. execute python function. The software executes Python code generated by a Large Language Model LLM without employing Abstract Syntax Tree AST...

10CVSS6.7AI score0.00544EPSS
Exploits0References10
nvd
nvd
added last week7 views

CVE-2026-61444

PraisonAI versions before 4.6.78 contain a code injection vulnerability in deploy/api.py where the agentsfile parameter is directly interpolated into an f-string without sanitization. Attackers can inject arbitrary Python code that executes when the generated server code runs via subprocess.Popen...

9.4CVSS0.00392EPSS
Exploits0References2
cve
cve
added last week12 views

CVE-2026-61444

PRAISONAi before 4.6.78 has a code‑injection vulnerability in deploy/api.py: the agents_file parameter is interpolated into an f-string without sanitization, allowing arbitrary Python code execution when the generated server code runs via subprocess.Popen(). Affected: PraisonAI

9.4CVSS6.2AI score0.00392EPSS
Exploits0References2
cve
cve
added 2026/07/08 7:14 p.m.7 views

CVE-2026-59821

LiteLLM is a proxy/AI Gateway for LLM API calls. A vulnerability exists in production create/update paths of Custom Code Guardrails before version 1.82.0-stable, where sandboxing/validation was not applied consistently with the test endpoint, allowing a privileged user to submit custom Python cod...

7.2CVSS6AI score0.00355EPSS
Exploits0References3Affected Software1
cvelist
cvelist
added 2026/07/08 7:14 p.m.31 views

CVE-2026-59821 LiteLLM: Custom Code Guardrails production endpoints bypass code safety checks

LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. Prior to 1.82.0-stable, LiteLLM's Custom Code Guardrails production create and update paths did not apply the same sandboxing and validation used by the test endpoint, allowing a privileged user with access to creat...

2.1CVSS0.00355EPSS
Exploits0References3
osv
osv
added 2026/07/08 7:14 p.m.2 views

CVE-2026-59821 LiteLLM: Custom Code Guardrails production endpoints bypass code safety checks

LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. Prior to 1.82.0-stable, LiteLLM's Custom Code Guardrails production create and update paths did not apply the same sandboxing and validation used by the test endpoint, allowing a privileged user with access to creat...

2.1CVSS6.2AI score0.00355EPSS
Exploits0References5
osv
osv
added 2026/07/07 9:17 p.m.3 views

DEBIAN-CVE-2026-53511

calibre is an e-book manager. Prior to 9.10.0, a malicious EPUB, OPF, or PDF file can execute arbitrary Python code when its metadata is read by calibre, including through Add books or Edit books, by embedding a custom column definition with a python: template in calibre:usermetadata that is pass...

8.5CVSS6.3AI score0.00197EPSS
Exploits0References1
thn
thn
added 2026/07/07 4:37 p.m.25 views

Rogue Agent Flaw Could Have Let Attackers Hijack Google Dialogflow CX Chatbots

A critical flaw in Google's Dialogflow CX could have let an attacker with edit rights on one Code Block-enabled agent compromise other Code Block-enabled agents in the same Google Cloud project. From there, they could read live conversations, steal the data users shared, and make the bots send...

6.7AI score
Exploits0
euvd
euvd
added 2026/07/01 12:34 a.m.11 views

EUVD-2026-40453

n8n before 2.25.7 and 2.26.x before 2.26.2 contains an abstract syntax tree AST security validator bypass in the Python Code node. An authenticated user with permission to create or modify workflows containing a Python Code node can bypass the validator and access the task executor module...

5.3CVSS5.8AI score0.00245EPSS
Exploits0References3
nvd
nvd
added 2026/06/30 11:17 p.m.7 views

CVE-2026-56777

n8n before 2.25.7 and 2.26.x before 2.26.2 contains an abstract syntax tree AST security validator bypass in the Python Code node. An authenticated user with permission to create or modify workflows containing a Python Code node can bypass the validator and access the task executor module...

5.3CVSS0.00245EPSS
Exploits0References2
cvelist
cvelist
added 2026/06/30 10:8 p.m.42 views

CVE-2026-56777 n8n - AST Validator Bypass in Python Code Node

n8n before 2.25.7 and 2.26.x before 2.26.2 contains an abstract syntax tree AST security validator bypass in the Python Code node. An authenticated user with permission to create or modify workflows containing a Python Code node can bypass the validator and access the task executor module...

5.3CVSS0.00245EPSS
Exploits0References2
osv
osv
added 2026/06/30 10:8 p.m.4 views

CVE-2026-56777 n8n - AST Validator Bypass in Python Code Node

n8n before 2.25.7 and 2.26.x before 2.26.2 contains an abstract syntax tree AST security validator bypass in the Python Code node. An authenticated user with permission to create or modify workflows containing a Python Code node can bypass the validator and access the task executor module...

5.3CVSS5.9AI score0.00245EPSS
Exploits0References4
cve
cve
added 2026/06/30 10:8 p.m.30 views

CVE-2026-56777

The CVE affects n8n self‑hosted instances running Python Task Runner with the Python Code node. Versions affected: before 2.25.7 and before 2.26.2. Issue: AST security validator bypass in Python Code node allows an authenticated user with workflow modification rights to bypass the validator and a...

5.3CVSS5.8AI score0.00245EPSS
Exploits0References2Affected Software1
nvd
nvd
added 2026/06/23 5:17 p.m.10 views

CVE-2026-49444

n8n is an open source workflow automation platform. Prior to 1.123.48, 2.21.8, and 2.22.4, an authenticated user with permission to create or modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner container. This vulnerabili...

8.5CVSS0.00356EPSS
Exploits0References1
cve
cve
added 2026/06/23 4:25 p.m.56 views

CVE-2026-48519

Langflow CVE-2026-48519 exposes unauthenticated RCE via the Shareable Playground. Affected: Langflow prior to 1.9.2. Vulnerable route: /api/v1/build_public_tmp permits executing any public flow; payloads can inject arbitrary Python code into data.nodes[X].data.node.template.code.value. Impact is ...

9.6CVSS6.3AI score0.00688EPSS
Exploits1References1Affected Software1
osv
osv
added 2026/06/23 4:25 p.m.4 views

CVE-2026-48519 Langflow: Unauthenticated RCE in Shareable Playgrounds

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, the "Shareable Playground" or "Public Flows" in code contains a critical RCE vulnerability. Shareable Playground feature works by enabling the execution of workflows by unauthenticated users, by accessi...

9.6CVSS6.4AI score0.00688EPSS
Exploits1References3
ibm
ibm
added 2026/06/23 4:8 p.m.4 views

Security Bulletin: Unauthenticated Server-Side RCE via PythonCodeStructuredTool in Public Flows

Summary Langflow OSS contains unauthenticated server-side RCE via PythonCodeStructuredTool executing attacker-controlled Python through exec at flow-build time. Sink in execself.toolcode, globals, localnamespace where toolcode is attacker-controlled template field. Two paths: A Authenticated POST...

10CVSS6AI score0.00314EPSS
Exploits0Affected Software1
cvelist
cvelist
added 2026/06/23 3:50 p.m.44 views

CVE-2026-49444 n8n: Python sandbox escape

n8n is an open source workflow automation platform. Prior to 1.123.48, 2.21.8, and 2.22.4, an authenticated user with permission to create or modify workflows containing a Python Code Node could escape the sandbox and achieve arbitrary code execution on the task runner container. This vulnerabili...

7.1CVSS0.00356EPSS
Exploits0References1
Rows per page
Query Builder