966 matches found
CVE-2025-51482
Remote Code Execution in letta.server.restapi.routers.v1.tools.runtoolfromsource in letta-ai Letta 0.7.12 allows remote attackers to execute arbitrary Python code and system commands via crafted payloads to the /v1/tools/run endpoint, bypassing intended sandbox restrictions...
CVE-2025-51482
Remote Code Execution in letta.server.restapi.routers.v1.tools.runtoolfromsource in letta-ai Letta 0.7.12 allows remote attackers to execute arbitrary Python code and system commands via crafted payloads to the /v1/tools/run endpoint, bypassing intended sandbox restrictions...
CVE-2025-51482
Remote Code Execution in letta.server.restapi.routers.v1.tools.runtoolfromsource in letta-ai Letta 0.7.12 allows remote attackers to execute arbitrary Python code and system commands via crafted payloads to the /v1/tools/run endpoint, bypassing intended sandbox restrictions...
CVE-2025-51472
Code Injection in AgentTemplate.evalagentconfig in TransformerOptimus SuperAGI 0.0.14 allows remote attackers to execute arbitrary Python code via malicious values in agent template configurations such as the goal, constraints, or instruction field, which are evaluated using eval without validati...
CVE-2025-51464
Cross-site Scripting XSS in aimhubio Aim 3.28.0 allows remote attackers to execute arbitrary JavaScript in victims browsers via malicious Python code submitted to the /api/reports endpoint, which is interpreted and executed by Pyodide when the report is viewed. No sanitisation or sandbox...
CVE-2025-51464
Cross-site Scripting XSS in aimhubio Aim 3.28.0 allows remote attackers to execute arbitrary JavaScript in victims browsers via malicious Python code submitted to the /api/reports endpoint, which is interpreted and executed by Pyodide when the report is viewed. No sanitisation or sandbox...
CVE-2024-39289
A code execution vulnerability has been discovered in the Robot Operating System ROS 'rosparam' tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability stems from the use of the eval function to process unsanitized, user-supplied parameter values via special converters fo...
DEBIAN-CVE-2025-3753
A code execution vulnerability has been identified in the Robot Operating System ROS 'rosbag' tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability arises from the use of the eval function to process unsanitized, user-supplied input in the 'rosbag filter' command. This...
CVE-2024-39835
A code injection vulnerability has been identified in the Robot Operating System ROS 'roslaunch' command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability arises from the use of the eval method to process user-supplied, unsanitized parameter values within the...
CVE-2024-39289
A code execution vulnerability has been discovered in the Robot Operating System ROS 'rosparam' tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability stems from the use of the eval function to process unsanitized, user-supplied parameter values via special converters fo...
DEBIAN-CVE-2024-41921
A code injection vulnerability has been discovered in the Robot Operating System ROS 'rostopic' command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability lies in the 'echo' verb, which allows a user to introspect a ROS topic and accepts a user-provided Python...
UBUNTU-CVE-2024-39835
A code injection vulnerability has been identified in the Robot Operating System ROS 'roslaunch' command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability arises from the use of the eval method to process user-supplied, unsanitized parameter values within the...
CVE-2024-39289 Unsafe use of eval() method in rosparam tool
A code execution vulnerability has been discovered in the Robot Operating System ROS 'rosparam' tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability stems from the use of the eval function to process unsanitized, user-supplied parameter values via special converters fo...
Robot Operating System 代码注入漏洞
Robot Operating System is a meta-operating system for ROS 2 open source robots. A security vulnerability exists in Robot Operating System that stems from the rosparam tool's use of the eval function to process uncleaned user input, which could lead to the execution of arbitrary Python code...
PT-2025-29950 · Unknown +1 · Robot Operating System +1
Name of the Vulnerable Software and Affected Versions: Robot Operating System ROS versions prior to Noetic Ninjemys Description: A code execution issue exists in the 'rosparam' tool due to the use of the eval function with unsanitized, user-supplied parameter values. This occurs when processing...
Robot Operating System 安全漏洞
Robot Operating System is a meta-operating system for ROS 2 open source robots. A security vulnerability exists in Robot Operating System that stems from the rosbag tool's use of the eval function to process uncleaned user input, which could lead to the execution of arbitrary Python code...
50M_CTF_Writeup
It is an offensive tool for CTF Capture The Flag challenges. The repository contains a writeup for a $50 million CTF challenge, which includes a binary image that needs to be decoded to reveal a hidden message. The binary image is encoded with a repeating sequence of binary digits, which can be...
NVIDIA Megatron-LM 代码注入漏洞
NVIDIA Megatron-LM is a PyTorch-based distributed training framework from NVIDIA that specializes in training large Transformer language models. NVIDIA Megatron-LM suffers from a code injection vulnerability that stems from a python component that could allow an attacker to perform code injection...
PT-2026-25992
Name of the Vulnerable Software and Affected Versions Langflow versions prior to 1.9.0 Description Langflow is a visual framework used to build and deploy AI-powered agents and workflows. A critical issue exists in the "POST /api/v1/build public tmp/flow id/flow" endpoint, which allows the...
CVE-2024-42835
langflow v1.0.12 was discovered to contain a remote code execution RCE vulnerability via the PythonCodeTool component...