28 matches found
PT-2026-40059
Name of the Vulnerable Software and Affected Versions PySyft Syft Datasite/Server versions prior to 0.9.6 Description Insufficient validation and sandboxing of user-submitted code allow remote code execution. Low-privileged users can submit Python functions via @sy.syft function for remote...
CVE-2026-41264
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the specific flaw exists within the run method of the CSVAgents class. The issue results from the lack of proper sandboxing when evaluating an LLM generated python script. An attacker can...
CVE-2026-41265
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the specific flaw exists within the run method of the AirtableAgents class. The issue results from the lack of proper sandboxing when evaluating an LLM generated python script. Using prompt...
CVE-2026-41265
CVE-2026-41265 affects Flowise with the Airtable_Agents class, where the run method evaluates an LLM-generated Python script without proper sandboxing. This allows prompt-injection via chatflows to coax the LLM into returning a malicious Python script that executes attacker-controlled commands on...
CVE-2025-13426
CVE-2025-13426 affects Google Apigee’s JavaCallout policy. A crafted JavaCallout could inject a malicious object into the MessageContext to execute arbitrary Java code and system commands at runtime, enabling unauthorized data access and lateral movement. Public disclosures in the initial documen...
GO-2025-4147 Minder does not sandbox http.send in Rego programs in github.com/mindersec/minder
Minder does not sandbox http.send in Rego programs in github.com/mindersec/minder...
Apple多款产品 安全漏洞
Apple iOS and others are products of Apple Inc. Apple iOS is an operating system developed for mobile devices. apple macOS is a specialized operating system developed for Mac computers. apple iPadOS is an operating system for iPad tablets. A security vulnerability exists in several Apple products...
Linux Distros Unpatched Vulnerability : CVE-2021-23166
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to read and write local files on...
Linux Distros Unpatched Vulnerability : CVE-2020-29396
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A sandboxing issue in Odoo Community 11.0 through 13.0 and Odoo Enterprise 11.0 through 13.0, when running with Python 3.6 or later, allows remote authenticated...
HimitZH HOJ Security Breach
HimitZH HOJ is an online review system for HimitZH individual developers. A security vulnerability exists in HimitZH HOJ version 4.6-9a65e3f, which stems from an unknown handler in the component Topic Handler, resulting in a sandboxing issue...
DEBIAN-CVE-2021-23186
A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to access and modify database contents of other tenants, in a multi-tenant system...
CVE-2021-44547
A sandboxing issue in Odoo Community 15.0 and Odoo Enterprise 15.0 allows authenticated administrators to executed arbitrary code, leading to privilege escalation...
DEBIAN-CVE-2021-44476
A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to read local files on the server, including sensitive configuration files...
UBUNTU-CVE-2021-44547
A sandboxing issue in Odoo Community 15.0 and Odoo Enterprise 15.0 allows authenticated administrators to executed arbitrary code, leading to privilege escalation...
PT-2023-12047 · Odoo · Odoo Community +1
Name of the Vulnerable Software and Affected Versions: Odoo Community versions 15.0 and earlier Odoo Enterprise versions 15.0 and earlier Description: A sandboxing issue allows authenticated administrators to access and modify database contents of other tenants in a multi-tenant system...
PT-2023-12043 · Odoo · Odoo Community +1
Name of the Vulnerable Software and Affected Versions: Odoo Community versions 15.0 and earlier Odoo Enterprise versions 15.0 and earlier Description: A sandboxing issue allows authenticated administrators to read and write local files on the server. Recommendations: For Odoo Community versions...
PT-2023-12548 · Odoo · Odoo Community +1
Name of the Vulnerable Software and Affected Versions: Odoo Community versions 15.0 and earlier Odoo Enterprise versions 15.0 and earlier Description: A sandboxing issue allows authenticated administrators to read local files on the server, including sensitive configuration files. Recommendations...
postgresql: Autovacuum, REINDEX, and others omit "security restricted operation" sandbox
A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pgamcheck commands activated relevant protections too late or no...
postgresql: Autovacuum, REINDEX, and others omit "security restricted operation" sandbox
A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pgamcheck commands activated relevant protections too late or no...
Mozilla Firefox 安全特征问题漏洞
Mozilla Firefox is an open source Web browser from the Mozilla Foundation. Mozilla Firefox is vulnerable to a security feature problem in which iframe sandboxing rules are not properly applied to XSLT style sheets and an attacker can use the vulnerability to bypass implemented security restrictio...