EUVD-2026-22209

PraisonAI is a multi-agent teams system. In versions below 4.5.139 of PraisonAI and 1.5.140 of praisonaiagents, the workflow engine is vulnerable to arbitrary command and code execution through untrusted YAML files. When praisonai workflow run loads a YAML file with type: job, the...

CVE-2026-40288 PraisonAI: Critical RCE via `type: job` workflow YAML

PraisonAI is a multi-agent teams system. In versions below 4.5.139 of PraisonAI and 1.5.140 of praisonaiagents, the workflow engine is vulnerable to arbitrary command and code execution through untrusted YAML files. When praisonai workflow run loads a YAML file with type: job, the...

PraisonAI has critical RCE via `type: job` workflow YAML

praisonai workflow run loads untrusted YAML and if type: job executes steps through JobWorkflowExecutor in jobworkflow.py. This supports: - run: → shell command execution via subprocess.run - script: → inline Python execution via exec - python: → arbitrary Python script execution A malicious YAML...

DSpace 5.x / 6.x Full Repository Extractor

This Python script is an automated extraction tool targeting a DSpace-based repository. It leverages an open Solr search query to enumerate repository item handles, then audits each item to discover and download associated bitstream files typically PDFs. The script also attempts sequence-based...

MAL-2026-2430 Malicious code in k8s-node-health (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 9358111fecbdb3180b8f4c0c6543abff3024c59deaf488cf3a34089820e96172 During import, the code download and starts remote executable that later connects to a C2 server, likely establishing a reverse tunnel. After executing the...

Terrapack TkWebCoreNG File Upload Endpoint Audit Tool

This Python script is a simple security audit tool designed to test the file upload interface of applications using TkWebCoreNG. It does not actual exploit anything...

DNS Rebinding Detection Sensor

This Python script implements a lightweight DNS Rebinding detection sensor designed to identify suspicious DNS resolution behavior in real time...

DNS Monitoring System with HTTP Dashboard

This Python script implements a small Security Operations Center Mini SOC that focuses on DNS traffic monitoring...

Exploit for Deserialization of Untrusted Data in Nextgen Mirth_Connect

Mirth Connect PoC Script Simple Python script for security re...

Exploit for Out-of-bounds Write in Fortinet Fortiproxy

Usages: python3 ex...

GHSA-HVWJ-8W5G-28RG SGLangs `replay_request_dump.py` contains an insecure pickle.load() without validation and proper deserialization

SGLangs replayrequestdump.py contains an insecure pickle.load without validation and proper deserialization. An attacker can take advantage of this by providing a malicious .pkl file, which will execute the attackers code on the device running the script...

CVE-2026-3989

SGLangs’ replay_request_dump.py is affected by CVE-2026-3989 due to an insecure pickle.load() without validation in the deserialization process. The vulnerability arises when a malicious .pkl file is provided, allowing attacker-controlled code execution on the device running the script. The descr...

WebDAV Advanced Penetration Testing Script

This Python-based WebDAV penetration testing script tests methods available, attempts directory listing with PROPFIND, file upload with PUT, and more...

GHSA-389R-RCCM-H3H5 eml_parser: Path Traversal in Official Example Script Leads to Arbitrary File Write

Summary The official example script examples/recursivelyextractattachments.py contains a path traversal vulnerability that allows arbitrary file write outside the intended output directory. Attachment filenames extracted from parsed emails are directly used to construct output file paths without...

Adobe SDK 1.7.1 2410 Robust DNG File Generator / Stress Tester

This Python script generates a structurally valid DNG Digital Negative file containing an embedded JPEG XL JXL codestream...

Adobe SDK 1.7.1 2410 Overflow Analysis / Fuzzing Model

This Python script implements a comprehensive framework to model, detect, and analyze integer overflows in 32-bit arithmetic, particularly in the context of image memory allocation. The framework combines formal methods, stepwise arithmetic, symbolic execution, SMT-style constraint solving,...

📄 libvips 8.19.0 VIPS Image Extraction Crash / Auditor

This Python script performs a comprehensive security and stability audit of the vips image processing binary. It tests the extractarea function using extreme int32 and uint32 values as well as normal ranges to detect crashes, memory corruption, or buffer overflows. The audit automates setup,...

CVE-2026-27509 Unitree Go2 Missing DDS Authentication Enables Adjacent RCE

Unitree Go2 firmware versions V1.1.7 through V1.1.9, and V1.1.11 EDU do not implement DDS authentication or authorization for the Eclipse CycloneDDS topic rt/api/programmingactuator/request handled by actuatormanager.py. A network-adjacent, unauthenticated attacker can join DDS domain 0 and publi...

RTSP Unauthenticated Stream Exposure Checker

This Python script uses the OpenCV library cv2 to test whether an IP camera exposes its RTSP stream without authentication. It attempts to connect to the default RTSP endpoint rtsp://:554/default and checks if the stream can be opened and a video frame retrieved successfully. If the connection...

Splunk Enterprise 9.3.0 < 9.3.9, 9.4.0 < 9.4.8, 10.0.0 < 10.0.3 (SVD-2026-0208)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2026-0208 advisory. - In Splunk Enterprise for Windows versions below 10.2.0, 10.0.3, 9.4.8, and 9.3.9, a lowprivileged Windows user that can creat...