966 matches found
langchain-experimental vulnerable to Arbitrary Code Execution
Versions of the package langchain-experimental from 0.0.15 and before 0.0.21 are vulnerable to Arbitrary Code Execution when retrieving values from the database, the code will attempt to call 'eval' on all values. An attacker can exploit this vulnerability and execute arbitrary python code if the...
CVE-2024-21513
Versions of the package langchain-experimental from 0.0.15 and before 0.0.21 are vulnerable to Arbitrary Code Execution when retrieving values from the database, the code will attempt to call 'eval' on all values. An attacker can exploit this vulnerability and execute arbitrary python code if the...
CVE-2024-21513
langchain-experimental versions 0.0.15 and earlier than 0.0.21 are vulnerable to Arbitrary Code Execution via eval() on database-retrieved values when using VectorSQLDatabaseChain. The vulnerability requires an attacker to influence the input prompt and can enable Python code execution on the ser...
Remote Code Execution
nltk is vulnerable to Remote Code Execution. The vulnerability is due to models containing pickled Python code, which could allow an attacker to execute arbitrary code. An attacker would need to preform a man-in-the-middle attack to modify the packaged pickles such as the averagedperceptrontagger...
GHSA-CGVX-9447-VCCH ntlk unsafe deserialization vulnerability
NLTK through 3.8.1 allows remote code execution if untrusted packages have pickled Python code, and the integrated data package download functionality is used. This affects, for example, averagedperceptrontagger and punkt...
CVE-2024-39705
NLTK through 3.8.1 allows remote code execution if untrusted packages have pickled Python code, and the integrated data package download functionality is used. This affects, for example, averagedperceptrontagger and punkt...
PYSEC-2024-167
NLTK through 3.8.1 allows remote code execution if untrusted packages have pickled Python code, and the integrated data package download functionality is used. This affects, for example, averagedperceptrontagger and punkt...
CVE-2024-39705
NLTK through 3.8.1 allows remote code execution if untrusted packages have pickled Python code, and the integrated data package download functionality is used. This affects, for example, averagedperceptrontagger and punkt...
CVE-2024-39705
NLTK through 3.8.1 allows remote code execution if untrusted packages have pickled Python code, and the integrated data package download functionality is used. This affects, for example, averagedperceptrontagger and punkt...
CVE-2024-39705
NLTK through 3.8.1 allows remote code execution if untrusted packages have pickled Python code, and the integrated data package download functionality is used. This affects, for example, averagedperceptrontagger and punkt...
CVE-2024-39705
NLTK through 3.8.1 allows remote code execution if untrusted packages have pickled Python code, and the integrated data package download functionality is used. This affects, for example, averagedperceptrontagger and punkt...
CVE-2024-39705
CVE-2024-39705 affects the Natural Language Toolkit (NLTK) up to version 3.8.1, enabling remote code execution when untrusted packages contain pickled Python code and the data package download feature is used. Affected in-core components cited include averaged_perceptron_tagger and punkt. Remedia...
CVE-2024-39705
NLTK through 3.8.1 allows remote code execution if untrusted packages have pickled Python code, and the integrated data package download functionality is used. This affects, for example, averagedperceptrontagger and punkt...
Exploit for Insufficient Verification of Data Authenticity in Rarlab Winrar
💥 WinRAR Vulnerability Description CVE-2023-38831 There...
Prompt Injection
Vanna is vulnerable to Prompt Injection. The vulnerability is due to improper input validation in the Vanna library's "ask" method, when allowing external input with "visualize" set to True, which allows a user to execute arbitrary python code...
Exploit for Injection in Vm2_Project Vm2
CVE-2023-30547 vm2 is a sandbox that can run untrusted code wi...
GHSA-7735-W2JP-GVG6 Vanna prompt injection code execution
The Vanna library uses a prompt function to present the user with visualized results, it is possible to alter the prompt using prompt injection and run arbitrary Python code instead of the intended visualization code. Specifically - allowing external input to the library’s “ask” method with...
CVE-2024-5565 Prompt Injection in "ask" API with visualization leads to RCE
The Vanna library uses a prompt function to present the user with visualized results, it is possible to alter the prompt using prompt injection and run arbitrary Python code instead of the intended visualization code. Specifically - allowing external input to the library’s “ask” method with...
CVE-2024-5565 Prompt Injection in "ask" API with visualization leads to RCE
The Vanna library uses a prompt function to present the user with visualized results, it is possible to alter the prompt using prompt injection and run arbitrary Python code instead of the intended visualization code. Specifically - allowing external input to the library’s “ask” method with...
Remote Code Execution (RCE)
zodb3 is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper handling of certain Zope Enterprise Objects ZEO database sharing, allowing remote attackers to execute arbitrary Python code via vectors involving the ZEO network protocol...