Lucene search
K

7 matches found

CVE
CVE
added yesterday10 views

CVE-2026-58138

Orkes Conductor 3.21.21 before 3.30.2 contains an unauthenticated remote code execution vulnerability that allows remote attackers to execute arbitrary OS commands by submitting inline workflow definitions containing malicious JavaScript or Python expressions to the workflow API endpoint prior to...

9.8CVSS6.6AI score
Exploits1References5
EUVD
EUVD
added yesterday4 views

EUVD-2026-40377

Orkes Conductor 3.21.21 before 3.30.2 contains an unauthenticated remote code execution vulnerability that allows remote attackers to execute arbitrary OS commands by submitting inline workflow definitions containing malicious JavaScript or Python expressions to the workflow API endpoint prior to...

9.8CVSS6.6AI score0.00594EPSS
Exploits1References5
OSV
OSV
added 2026/03/13 8:58 p.m.2 views

GHSA-5CXW-W2XG-2M8H fickling's `platform` module subprocess invocation evades `check_safety()` with `LIKELY_SAFE`

Our assessment We added platform to the blocklist of unsafe modules https://github.com/trailofbits/fickling/commit/351ed4d4242b447c0ffd550bb66b40695f3f9975. It was not possible to inject extra arguments to file without first monkey-patching platform.followsymlinks with the pickle, as it always...

6.9CVSS6AI score
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/12/04 12:0 a.m.1 views

CVE-2025-54306

An issue was discovered in the Thermo Fisher Torrent Suite Django application 5.18.1. A remote code execution vulnerability exists in the network configuration functionality, stemming from insufficient input validation when processing network configuration parameters through administrative...

8.2AI score0.00682EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 7:32 a.m.6 views

CVE-2024-40647

sentry-sdk is the official Python SDK for Sentry.io. A bug in Sentry's Python SDK 2.8.0 allows the environment variables to be passed to subprocesses despite the env= setting. In Python's subprocess calls, all environment variables are passed to subprocesses by default. However, if you specifical...

5.3CVSS6.6AI score0.00198EPSS
Exploits0
Snyk
Snyk
added 2024/11/01 6:30 a.m.1 views

Command Injection

Overview deepspeed is a DeepSpeed library Affected versions of this package are vulnerable to Command Injection when multiple instances where subprocess.run and subprocess.checkoutput, are called with unsanitized input and shell=True. An attacker would need to supply specially crafted input to...

9.8CVSS7.3AI score
Exploits0References3
Veracode
Veracode
added 2024/07/19 7:19 a.m.12 views

Information Leakage

Sentry-sdk is vulnerable to Information Leakage. The vulnerability is due to subprocess calls leaking environment variables when the Stdlib integration is enabled, which could allow an attacker to gain access to sensitive environment variables by exploiting the unintended passing of these variabl...

5.3CVSS7.1AI score0.00198EPSS
Exploits0References7Affected Software1
Rows per page
Query Builder