Exploit for Improper Input Validation in Paloaltonetworks Pan-Os

CVE-2024-3400 Simple Python code to check for arbitrary upload...

CVE-2024-31988 XWiki Platform CSRF remote code execution through the realtime HTML Converter API

XWiki Platform is a generic wiki platform. Starting in version 13.9-rc-1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, when the realtime editor is installed in XWiki, it allows arbitrary remote code execution with the interaction of an admin user with programming right. More precisely, b...

CVE-2024-31988

CVE-2024-31988 affects XWiki Platform where the realtime editor can lead to arbitrary remote code execution when an admin with programming rights visits a crafted URL or views an image containing that URL (e.g., in a comment). Affected versions are 13.9-rc-1 and earlier, specifically before 14.10...

black Security breach

Black is a Python code formatting program. A security vulnerability exists in versions prior to black 24.3.0 that stems from the lineswithleadingtabsexpanded function in the strings.py file being vulnerable to a denial-of-service attack, which can be exploited to cause a denial of service by...

GHSA-V8VJ-CV27-HJV8 LangChain Experimental vulnerable to arbitrary code execution

langchainexperimental aka LangChain Experimental before 0.0.52, part of LangChain before 0.1.8, allows an attacker to bypass the CVE-2023-44467 fix and execute arbitrary code via the import, subclasses, builtins, globals, getattribute, bases, mro, or base attribute in Python code. These are not...

LangChain Experimental vulnerable to arbitrary code execution

langchainexperimental aka LangChain Experimental before 0.0.52, part of LangChain before 0.1.8, allows an attacker to bypass the CVE-2023-44467 fix and execute arbitrary code via the import, subclasses, builtins, globals, getattribute, bases, mro, or base attribute in Python code. These are not...

Internet Bug Bounty: Proxy-Authorization header is not cleared in cross-domain redirect in undici

Proxy-Authorization header not cleared on cross-origin redirect in Undici. Impacted versions = v6.0.0 = v6.6.0. Patched in v5.28.3 and v6.6.1. No known workarounds...

CVE-2024-27444

langchainexperimental aka LangChain Experimental in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-44467 fix and execute arbitrary code via the import, subclasses, builtins, globals, getattribute, bases, mro, or base attribute in Python code. These are not prohibited by...

Code Injection

pandasai is vulnerable to Code Injection. The vulnerability due improper prompt sanitization within the syntheticdataframe function located in the GenerateSDFPipeline component. It allows an attacker to execute arbitrary Python code by the SDFCodeExecutor...

Code execution in pandasai

GenerateSDFPipeline in syntheticdataframe in PandasAI aka pandas-ai through 1.5.17 allows attackers to trigger the generation of arbitrary Python code that is executed by SDFCodeExecutor. An attacker can create a dataframe that provides an English language specification of this Python code. NOTE:...

GHSA-5G73-69P4-7GVX Code execution in pandasai

GenerateSDFPipeline in syntheticdataframe in PandasAI aka pandas-ai through 1.5.17 allows attackers to trigger the generation of arbitrary Python code that is executed by SDFCodeExecutor. An attacker can create a dataframe that provides an English language specification of this Python code. NOTE:...

CVE-2024-23752

GenerateSDFPipeline in syntheticdataframe in PandasAI aka pandas-ai through 1.5.17 allows attackers to trigger the generation of arbitrary Python code that is executed by SDFCodeExecutor. An attacker can create a dataframe that provides an English language specification of this Python code. NOTE:...

CVE-2024-23752

GenerateSDFPipeline in syntheticdataframe in PandasAI aka pandas-ai through 1.5.17 allows attackers to trigger the generation of arbitrary Python code that is executed by SDFCodeExecutor. An attacker can create a dataframe that provides an English language specification of this Python code. NOTE:...

PandasAI Security Vulnerabilities

PandasAI is a Python library that integrates generative AI functionality into pandas to make dataframes conversational. A security vulnerability exists in PandasAI 1.5.17 and earlier versions, which stems from a vulnerability that allows an attacker to trigger the generation of arbitrary Python...

CVE-2024-23752

Summary: CVE-2024-23752 affects PandasAI (pandas-ai) up to v1.5.17. The vulnerability resides in GenerateSDFPipeline within synthetic_dataframe, where an English-language specification can cause SDFCodeExecutor to run arbitrary Python code. This leads to possible arbitrary code execution with hig...

CVE-2024-23752

GenerateSDFPipeline in syntheticdataframe in PandasAI aka pandas-ai through 1.5.17 allows attackers to trigger the generation of arbitrary Python code that is executed by SDFCodeExecutor. An attacker can create a dataframe that provides an English language specification of this Python code. NOTE:...

CVE-2023-48699 fastbots Eval Injection vulnerability

fastbots is a library for fast bot and scraper development using selenium and the Page Object Model POM design. Prior to version 0.1.5, an attacker could modify the locators.ini locator file with python code that without proper validation it's executed and it could lead to rce. The vulnerability ...

GHSA-VCCG-F4GP-45X9 Eval Injection in fastbots

Impact An attacker could modify the locators.ini locator file with python code that without proper validation it's executed and it could lead to rce. The vulnerability is in the function def locatorself, locatorname: str in page.py. The vulnerable code that load and execute directly from the file...

Eval Injection in fastbots

Impact An attacker could modify the locators.ini locator file with python code that without proper validation it's executed and it could lead to rce. The vulnerability is in the function def locatorself, locatorname: str in page.py. The vulnerable code that load and execute directly from the file...

Elementor Website Builder < 3.12.2 SQL injection Exploit

Elementor Website Builder versions prior to 3.12.2 suffer from a remote SQL injection vulnerability. EXPLOIT Elementor Website Builder Replace URL page. On the Replace URL page, enter any random string as the "New URL" and the following malicious payload as the "Old URL": code :...