Lucene search
K

11 matches found

EUVD
EUVD
added 4 hours ago4 views

EUVD-2026-44640

PraisonAI before 4.6.78 fails to safely encode deployment configuration values when generating Python source code for API servers. Attackers can inject arbitrary Python expressions through the deploy.api.host and agentsfile configuration parameters that execute when the generated server starts or...

8.5CVSS6.3AI score
Exploits0References3
OSV
OSV
added 2026/06/30 6:44 p.m.3 views

CVE-2026-58138 Orkes Conductor 3.21.21 < 3.30.2 Unauthenticated RCE via GraalVM Script Evaluators

Orkes Conductor 3.21.21 before 3.30.2 contains an unauthenticated remote code execution vulnerability that allows remote attackers to execute arbitrary OS commands by submitting inline workflow definitions containing malicious JavaScript or Python expressions to the workflow API endpoint prior to...

9.3CVSS6.8AI score0.00938EPSS
Exploits1References8
ATTACKERKB
ATTACKERKB
added 2026/06/24 8:52 p.m.4 views

CVE-2026-33235

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions prior to 0.6.52, the Fill Text Template block is vulnerable to a Denial of Service DoS attack. While the backend implements a SandboxedEnvironment to prevent...

7.7CVSS5.8AI score0.0031EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/06/24 8:52 p.m.19 views

CVE-2026-33235 AutoGPT: Denial of Service (DoS) via Resource Exhaustion in text templating features

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions prior to 0.6.52, the Fill Text Template block is vulnerable to a Denial of Service DoS attack. While the backend implements a SandboxedEnvironment to prevent...

7.7CVSS0.0031EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.14 views

PT-2026-52089

Name of the Vulnerable Software and Affected Versions AutoGPT versions prior to 0.6.52 Description The Fill Text Template block is susceptible to a Denial of Service DoS attack. Although the backend utilizes a SandboxedEnvironment to block unauthorized attribute access, such as class , it does no...

7.7CVSS5.8AI score0.0031EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/02/26 12:0 a.m.10 views

NVDA Dev & Test Toolbox 安全漏洞

NVDA Dev & Test Toolbox is a debugging and testing tool developed by Cyrille Bougot as an individual contributor. Versions 2.0 to 8.0 of NVDA Dev & Test Toolbox contain security vulnerabilities. These vulnerabilities stem from the log reader’s handling of Python expressions in log files in an...

7.8CVSS6.1AI score0.002EPSS
Exploits0References3
CVE
CVE
added 2025/01/24 4:52 p.m.77 views

CVE-2025-24359

CVE-2025-24359 affects the Python package asteval prior to 1.0.6. The root cause is in the handling of FormattedValue AST nodes in on_formattedvalue, which uses the dangerous Str.format path (fmt.format(fstring =val)). This can allow an attacker who controls input to bypass restrictions and execu...

8.4CVSS8.7AI score0.00229EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2025/01/24 4:52 p.m.15 views

CVE-2025-24359

ASTEVAL is an evaluator of Python expressions and statements. Prior to version 1.0.6, if an attacker can control the input to the asteval library, they can bypass asteval's restrictions and execute arbitrary Python code in the context of the application using the library. The vulnerability is...

8.4CVSS5.9AI score0.00229EPSS
Exploits0
CNVD
CNVD
added 2020/02/26 12:0 a.m.4 views

Druva inSync Mac OS Client Code Instruction Improper Neutralization Vulnerability

Druva inSync Client is a lightweight application for managing data backups and allowing collaboration with other users.Druva inSync Mac OS Client is the Mac OS version. Druva inSync Mac OS Client 6.5.0 suffers from an improperly neutralized instruction vulnerability in dynamic evaluation code. A...

7.8CVSS7.2AI score0.00733EPSS
Exploits1References1
OSV
OSV
added 2020/02/25 9:15 p.m.3 views

CVE-2019-4000

Improper neutralization of directives in dynamically evaluated code in Druva inSync Mac OS Client 6.5.0 allows a local, authenticated attacker to execute arbitrary Python expressions with root privileges...

7.8CVSS7.4AI score0.00733EPSS
Exploits1References1
NVD
NVD
added 2020/02/25 9:15 p.m.20 views

CVE-2019-4000

Improper neutralization of directives in dynamically evaluated code in Druva inSync Mac OS Client 6.5.0 allows a local, authenticated attacker to execute arbitrary Python expressions with root privileges...

7.8CVSS7.8AI score0.00733EPSS
Exploits1References1
Rows per page
Query Builder