Lucene search
K

12 matches found

NVD
NVD
added 2026/06/23 4:17 p.m.9 views

CVE-2026-54311

n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, an authenticated user with permission to create or modify workflows could pollute the sandbox used by the Merge node's SQL Query mode. Because the sandbox context was cached and reused across all workflow executions o...

7.7CVSS0.00316EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/23 9:58 p.m.2 views

CVE-2026-41357 OpenClaw < 2026.3.31 - Unsanitized Environment Variable Leakage in SSH Sandbox Backends

OpenClaw before 2026.3.31 contains an environment variable leakage vulnerability in SSH-based sandbox backends that pass unsanitized process.env to child processes. Attackers can exploit this by leveraging non-default SSH environment forwarding configurations to leak sensitive environment variabl...

3.3CVSS5.2AI score0.00152EPSS
Exploits0References3
Veracode
Veracode
added 2026/03/21 5:24 a.m.9 views

Code Injection

SimpleEval is vulnerable to code injection. The vulnerability is due to objects leaking dangerous modules through to direct access inside the sandbox, where dangerous functions or modules could be accessed by passing them as callbacks to other safe functions to call...

9.8CVSS8.4AI score0.00512EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2026/03/18 5:29 p.m.3 views

OPENSUSE-SU-2026:20393-1 Security update for python-simpleeval

This update for python-simpleeval fixes the following issues: Changes in python-simpleeval: - CVE-2026-32640: Objects including modules can leak dangerous modules through to direct access inside the sandbox bsc1259685...

9.8CVSS5.9AI score0.00512EPSS
Exploits0References2
OPENSUSE Linux
OPENSUSE Linux
added 2026/03/18 12:0 a.m.8 views

Security update for python-simpleeval (important)

openSUSE Security Update: Security update for python-simpleeval Announcement ID: openSUSE-SU-2026:0086-1 Rating: important References: 1259685 Cross-References: CVE-2026-32640 Affected Products: openSUSE Backports SLE-15-SP6 An update that fixes one vulnerability is now available. Description: Th...

9.8CVSS5.8AI score0.00512EPSS
Exploits0References1
OSV
OSV
added 2026/03/16 2:19 p.m.4 views

DEBIAN-CVE-2026-32640

SimpleEval is a library for adding evaluatable expressions into python projects. Prior to 1.0.5, objects including modules can leak dangerous modules through to direct access inside the sandbox. If the objects you've passed in as names to SimpleEval have modules or other disallowed / dangerous...

9.8CVSS8.4AI score0.00512EPSS
Exploits0References1
OSV
OSV
added 2026/03/16 2:19 p.m.10 views

PYSEC-2026-132

SimpleEval is a library for adding evaluatable expressions into python projects. Prior to 1.0.5, objects including modules can leak dangerous modules through to direct access inside the sandbox. If the objects you've passed in as names to SimpleEval have modules or other disallowed / dangerous...

9.8CVSS7.3AI score0.00512EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/13 9:3 p.m.2 views

CVE-2026-32640

SimpleEval is a library for adding evaluatable expressions into python projects. Prior to 1.0.5, objects including modules can leak dangerous modules through to direct access inside the sandbox. If the objects you've passed in as names to SimpleEval have modules or other disallowed / dangerous...

8.7CVSS5.8AI score0.00512EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/03/13 9:3 p.m.3 views

CVE-2026-32640 (SimpleEval) Objects (including modules) can leak dangerous modules through to direct access inside the sandbox.

SimpleEval is a library for adding evaluatable expressions into python projects. Prior to 1.0.5, objects including modules can leak dangerous modules through to direct access inside the sandbox. If the objects you've passed in as names to SimpleEval have modules or other disallowed / dangerous...

8.7CVSS5.8AI score0.00512EPSS
Exploits0References8
OSV
OSV
added 2026/03/13 8:56 p.m.6 views

GHSA-44VG-5WV2-H2HG SimpleEval: Objects (including modules) can leak dangerous modules through to direct access inside the sandbox

Impact If the objects passed in as names to SimpleEval have modules or other disallowed / dangerous objects available as attrs. Additionally, dangerous functions or modules could be accessed by passing them as callbacks to other safe functions to call. Examples found by @ByamB4: Any module where...

9.8CVSS5.9AI score0.00512EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/03/04 12:0 a.m.8 views

PT-2026-26384

Summary In OpenClaw, the sandboxed image tool did not honor tools.fs.workspaceOnly=true for mounted paths resolved by the sandbox FS bridge. This allowed reading out-of-workspace mounted images for example /agent/ and forwarding those bytes to vision model providers. Impact Sandbox boundary bypas...

6CVSS5.8AI score0.00315EPSS
Exploits0References7
CNNVD
CNNVD
added 2024/09/30 12:0 a.m.5 views

J’s Communication RevoWorks Cloud Client 安全漏洞

J's Communication RevoWorks Cloud Client is a software from J's Communication Japan for building sandboxed environments that are isolated from the customer's local environment. A security vulnerability exists in J's Communication RevoWorks Cloud Client version 3.0.91 and prior versions. An attack...

7.8CVSS7.2AI score0.00174EPSS
Exploits0References4
Rows per page
Query Builder