1329 matches found
PYSEC-2026-477 PraisonAI has critical RCE via `type: job` workflow YAML
praisonai workflow run loads untrusted YAML and if type: job executes steps through JobWorkflowExecutor in jobworkflow.py. This supports: - run: β shell command execution via subprocess.run - script: β inline Python execution via exec - python: β arbitrary Python script execution A malicious YAML...
PYSEC-2026-488 PraisonAI has critical RCE via `type: job` workflow YAML
praisonai workflow run loads untrusted YAML and if type: job executes steps through JobWorkflowExecutor in jobworkflow.py. This supports: - run: β shell command execution via subprocess.run - script: β inline Python execution via exec - python: β arbitrary Python script execution A malicious YAML...
SQLi.py
No d...
Exploit for Uncontrolled Resource Consumption in Solarwinds Serv-U
SolarWinds Serv-U Unauthenticated DoS: Safe Detection Script...
injection_exploit
Injection Exploit SQLi 6 engines + SSTI 11 engines β GET/...
CVE-2026-41265
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the specific flaw exists within the run method of the AirtableAgents class. The issue results from the lack of proper sandboxing when evaluating an LLM generated python script. Using prompt...
DMonitor 1.0.3 Outbound Connection / Port Configuration Auditor
This Python script is an outbound connection and port configuration auditor for DMonitor version 1.0.3...
Malicious code in ethers-signing-key (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b6735be7311be4f6b4f609762cfb77504fe141bc9d8d5b5c0a75d521119aa2fa The package's npm postinstall hook executes a one-liner that uses childprocess.exec to curl/wget an unpinned Python script from a personal user's...
MAL-2026-3761 Malicious code in ethers-signing-key (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b6735be7311be4f6b4f609762cfb77504fe141bc9d8d5b5c0a75d521119aa2fa The package's npm postinstall hook executes a one-liner that uses childprocess.exec to curl/wget an unpinned Python script from a personal user's...
Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass Exploitation
Google on Monday disclosed that it identified an unknown threat actor using a zero-day exploit that it said was likely developed with an artificial intelligence AI system, marking the first time the technology has been put to use in the wild in a malicious context for vulnerability discovery and...
Apache mod_http2 Double-Free Detector
This is a python script that assist with detecting whether or not a server is vulnerable to the Apache modhttp2 double-free vulnerability...
ex-kernel
EXPLOIT KERNEL LINUX Installation gu...
exploit-db-skill
Exploit-DB Skill Cross-Platform Small cross-platform helper...
Windows Persistence via UserInitMprLogonScript Registry Key
This Python script demonstrates a Windows persistence technique based on modifying the HKCU\Environment\UserInitMprLogonScript registry value, which allows execution of a program each time the user logs in...
Exploit for SQL Injection in Cmsmadesimple Cms_Made_Simple
-CVE-201...
π OpenClaw 2026.3.13 MEDIA Protocol File Disclosure
This Python script is a security exploitation tool targeting the OpenClaw system integrated with Discord. It attempts to exfiltrate sensitive files from a victim environment by abusing a MEDIA: prompt injection mechanism...
CVE-2026-41264
Flowise CVE-2026-41264 affects the Flowise CSV Agent node. The flaw is in the run method of the CSV_Agents class, where an LLM-generated Python script is evaluated without proper sandboxing, enabling prompt-injection to cause execution of attacker-controlled commands on the Flowise server. This a...
CVE-2026-41265
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the specific flaw exists within the run method of the AirtableAgents class. The issue results from the lack of proper sandboxing when evaluating an LLM generated python script. Using prompt...
Grav CMS Authenticated Scanner
This Python script is a safe, read-only scanner designed to detect whether a target running Grav CMS with its Admin plugin may be vulnerable to CVE-2025-50286, based purely on version analysis...
EspoCRM 9.3.3 API Security Audit Tool
This Python script is a lightweight, non-invasive security audit tool designed to test the API surface of EspoCRM version 9.3.3...