Lucene search
K

23 matches found

EUVD
EUVD
added 2026/06/02 10:50 p.m.10 views

EUVD-2026-34050

alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5-2606, a sandbox escape vulnerability in the alf.io extension script engine allows an authenticated administrator to execute arbitrary operating system commands on the...

8CVSS6.1AI score0.00211EPSS
Exploits0References1
OSV
OSV
added 2026/04/10 7:25 p.m.2 views

GHSA-3C4R-6P77-XWR7 PraisonAI Vulnerable to Code Injection and Protection Mechanism Failure

PraisonAI's AST-based Python sandbox can be bypassed using type.getattribute trampoline, allowing arbitrary code execution when running untrusted agent code. Description The executecodedirect function in praisonaiagents/tools/pythontools.py uses AST filtering to block dangerous Python attributes...

8.6CVSS6.5AI score0.0024EPSS
Exploits1References4
NVD
NVD
added 2026/02/25 11:16 p.m.6 views

CVE-2026-27495

n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could exploit a vulnerability in the JavaScript Task Runner sandbox to execute arbitrary code outside the sandbox boundary. On...

9.9CVSS0.00596EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-22815

Malicious code in bioql PyPI...

10CVSS7.5AI score0.18654EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2021-29907

Malicious code in bioql PyPI...

9.9CVSS9.2AI score0.015EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.10 views

EUVD-2023-30711

Malicious code in bioql PyPI...

7.2CVSS7AI score0.00608EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-45924

Malicious code in bioql PyPI...

8.8CVSS8.3AI score0.0027EPSS
Exploits0References8
CNVD
CNVD
added 2025/09/18 12:0 a.m.2 views

Apple macOS Tahoe has an unspecified vulnerability

Apple macOS Tahoe is the 26th major release of Apple's macOS operating system, which was released on June 10, 2025, and features a new "Liquid Glass" visual design that significantly optimizes interface aesthetics, feature integration, and cross-device collaboration. The 26th major version of the...

7.8CVSS6.6AI score0.00321EPSS
Exploits0References1
OSV
OSV
added 2025/07/27 9:30 a.m.6 views

GHSA-6V92-R5MX-H5FX smolagents has Sandbox Escape Vulnerability in the local_python_executor.py Module

A sandbox escape vulnerability was identified in huggingface/smolagents version 1.14.0, allowing attackers to bypass the restricted execution environment and achieve remote code execution RCE. The vulnerability stems from the localpythonexecutor.py module, which inadequately restricts Python code...

9.9CVSS7.9AI score0.18654EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2025/07/27 9:30 a.m.11 views

smolagents has Sandbox Escape Vulnerability in the local_python_executor.py Module

A sandbox escape vulnerability was identified in huggingface/smolagents version 1.14.0, allowing attackers to bypass the restricted execution environment and achieve remote code execution RCE. The vulnerability stems from the localpythonexecutor.py module, which inadequately restricts Python code...

10CVSS7.9AI score0.18654EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2025/07/27 7:57 a.m.55 views

CVE-2025-5120

The CVE-2025-5120 vulnerability affects huggingface/smolagents prior to 1.17.0, due to flaws in the local_python_executor.py sandbox that inadequately restrict Python execution. This allows attackers to bypass the restricted execution environment and achieve remote code execution by exploiting wh...

10CVSS8AI score0.18654EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2025/07/27 7:57 a.m.64 views

CVE-2025-5120 Sandbox Escape Vulnerability in huggingface/smolagents

A sandbox escape vulnerability was identified in huggingface/smolagents version 1.14.0, allowing attackers to bypass the restricted execution environment and achieve remote code execution RCE. The vulnerability stems from the localpythonexecutor.py module, which inadequately restricts Python code...

7.6CVSS0.18654EPSS
Exploits1References2
NCSC
NCSC
added 2025/04/01 8:42 a.m.11 views

Vulnerabilities fixed in Apple iOS and iPadOS

Apple has fixed several vulnerabilities in iOS and iPadOS. The vulnerabilities include memory management issues, unauthorized access to sensitive user data, and the ability for applications to escape their sandbox environments. These vulnerabilities could lead to unauthorized access, data...

9.8CVSS8.2AI score0.18668EPSS
Exploits15References4
Amazon
Amazon
added 2024/12/19 12:0 a.m.10 views

Important: flatpak

Issue Overview: A sandbox escape vulnerability was found in Flatpak due to a symlink-following issue when mounting persistent directories. This flaw allows a local user or attacker to craft a symbolic link that can bypass the intended restrictions, enabling access to and modification of files...

10CVSS8.8AI score0.01283EPSS
Exploits1
Amazon
Amazon
added 2024/10/31 12:0 a.m.5 views

Important: flatpak

Issue Overview: A sandbox escape vulnerability was found in Flatpak due to a symlink-following issue when mounting persistent directories. This flaw allows a local user or attacker to craft a symbolic link that can bypass the intended restrictions, enabling access to and modification of files...

10CVSS7.2AI score0.01283EPSS
Exploits1
Amazon
Amazon
added 2024/10/14 12:0 a.m.6 views

Important: bubblewrap

Issue Overview: A sandbox escape vulnerability was found in Flatpak due to a symlink-following issue when mounting persistent directories. This flaw allows a local user or attacker to craft a symbolic link that can bypass the intended restrictions, enabling access to and modification of files...

10CVSS7.2AI score0.01283EPSS
Exploits1
OSV
OSV
added 2024/05/29 12:9 p.m.5 views

SUSE-SU-2024:1831-1 Security update for xdg-desktop-portal

This update for xdg-desktop-portal fixes the following issues: - CVE-2024-32462: Fixed sandbox escape via RequestBackground portal bsc1223110...

8.4CVSS8.5AI score0.00512EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2023/12/12 1:23 p.m.24 views

Important: Red Hat Security Advisory: tracker-miners security update

An update for tracker-miners is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this upda...

7.7CVSS7.1AI score0.00867EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/12/11 12:0 a.m.3 views

Apple iOS and iPadOS Security Vulnerabilities

Apple iOS and Apple iPadOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for iPad tablets. Apple iOS version 17.2 and iPadOS version 17.2 contain a security vulnerability that originates from an application that m...

6.3CVSS4.6AI score0.0061EPSS
Exploits1References9
The Hacker News
The Hacker News
added 2023/07/31 1:38 p.m.57 views

New P2PInfect Worm Targets Redis Servers with Undocumented Breach Methods

The P2PInfect peer-to-peer P2 worm has been observed employing previously undocumented initial access methods to breach susceptible Redis servers and rope them into a botnet. "The malware compromises exposed instances of the Redis data store by exploiting the replication feature," Cado Security...

10CVSS9.1AI score0.9967EPSS
Exploits9
Rows per page
Query Builder