CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

153 matches found

Github Security Blog•added 6 days ago•18 views

PraisonAI's unauthenticated A2A official example can reach real LLM-driven `eval()` tool execution

Summary The first-party PraisonAI A2A server example combines three behaviors into a remotely exploitable Critical chain: 1. The example exposes an A2A server without configuring authtoken. 2. The same example binds the server to 0.0.0.0. 3. The example registers a calculateexpression tool...

6.3AI score

Exploits0References2Affected Software1

EUVD•added 6 days ago•6 views

EUVD-2026-30803

amazon-redshift-python-driver vulnerable to Remote Code Execution via eval Injection...

9.8CVSS5.8AI score0.00076EPSS

Exploits1References4

CVE•added 2026/05/19 12:0 a.m.•7 views

CVE-2026-36827

The vulnerability CVE-2026-36827 affects Panabit PAP-XM320 (up to v7.7). The web management interface calls /usr/sbin/pappiw with user-controlled inputs and uses unsafe eval for argument processing, enabling command injection. An authenticated remote attacker with access to the management UI coul...

5.4CVSS6AI score0.0016EPSS

Exploits0References2

EUVD•added 2026/05/19 12:0 a.m.•5 views

EUVD-2026-30951

A command injection vulnerability exists in Panabit PAP-XM320 up to and including V7.7. The web management interface invokes the backend helper /usr/sbin/pappiw and passes user-controlled parameters to it. The helper performs unsafe argument processing using eval, which allows command injection...

5.4CVSS6AI score0.0016EPSS

Exploits0References2

Vulnrichment•added 2026/05/19 12:0 a.m.•5 views

CVE-2026-36827

6AI score0.0016EPSS

Exploits0References2

NVD•added 2026/05/18 9:16 p.m.•11 views

CVE-2026-8838

Unsafe use of Python's eval on server-received data in the vectorin function in amazon-redshift-python-driver before 2.1.14 allows a rogue server or man-in-the-middle actor to execute arbitrary code on the client. To remediate this issue, users should upgrade to version 2.1.14...

9.8CVSS0.00076EPSS

Exploits1References3

ATTACKERKB•added 2026/05/18 8:15 p.m.•5 views

CVE-2026-8838

9.8CVSS6.2AI score0.00076EPSS

Exploits1References4

CNNVD•added 2026/05/18 12:0 a.m.•4 views

Amazon Redshift Python Connector 代码注入漏洞

The Amazon Redshift Python Connector is a Python-compatible connector for Amazon Redshift developed by Amazon, Inc. Versions of the Amazon Redshift Python Connector prior to version 2.1.14 contained a code injection vulnerability. This vulnerability stemmed from the unsafe use of the Python eval...

9.8CVSS6.1AI score0.00076EPSS

Exploits1References1

Positive Technologies•added 2026/05/18 12:0 a.m.•5 views

PT-2026-41734

Name of the Vulnerable Software and Affected Versions amazon-redshift-python-driver versions prior to 2.1.14 Description Unsafe use of Python's eval function on data received from a server within the vector in function allows a rogue server or man-in-the-middle actor to execute arbitrary code on...

9.8CVSS6.2AI score0.00076EPSS

Exploits1References11

RedhatCVE•added 2026/05/13 2:22 p.m.•3 views

CVE-2026-31225

The superduper project thru v0.10.0 contains a critical remote code execution vulnerability in its query parsing component. The parseoppart function in query.py uses the unsafe eval function to dynamically evaluate user-supplied query operands without proper sanitization or restriction. Although...

8.8CVSS6.5AI score0.00214EPSS

Exploits0References1

EUVD•added 2026/05/12 6:30 p.m.•5 views

EUVD-2026-29553

The Adversarial Robustness Toolbox ART thru 1.20.1 contains a command-line argument injection vulnerability in its Kubeflow component robustnessevaluationfgsmpytorch.py. The script uses the unsafe eval function to parse string values provided via the --clipvalues and --inputshape command-line...

6.3AI score0.00102EPSS

Exploits0References3

OSV•added 2026/05/12 6:30 p.m.•1 views

GHSA-2799-6G5R-MMC7 Superduper: Remote code execution via unsafe eval in superduper query parsing

8.8CVSS6.5AI score0.00214EPSS

Exploits0References3

Github Security Blog•added 2026/05/12 6:30 p.m.•3 views

Superduper: Remote code execution via unsafe eval in superduper query parsing

8.8CVSS6.5AI score0.00214EPSS

Exploits0References3Affected Software1

NVD•added 2026/05/12 6:16 p.m.•5 views

CVE-2026-31230

9.8CVSS0.00102EPSS

Exploits0References2

NVD•added 2026/05/12 4:16 p.m.•4 views

CVE-2026-31225

8.8CVSS0.00214EPSS

Exploits0References2

NVD•added 2026/05/12 4:16 p.m.•9 views

CVE-2026-31228

The Adversarial Robustness Toolbox ART thru 1.20.1 contains a remote code execution vulnerability in its Kubeflow component. The robustness evaluation function for PyTorch models uses the unsafe eval function to dynamically evaluate user-supplied strings for the LossFn and Optimizer parameters...

9.8CVSS0.00378EPSS

Exploits0References2

Positive Technologies•added 2026/05/12 12:0 a.m.•4 views

PT-2026-40066

6.5AI score0.00378EPSS

Exploits0References3

Cvelist•added 2026/05/12 12:0 a.m.•27 views

CVE-2026-31230

0.00102EPSS

Exploits0References2

CNNVD•added 2026/05/12 12:0 a.m.•4 views

Adversarial Robustness Toolbox 安全漏洞

Adversarial Robustness Toolbox is an open-source machine learning security defense and evaluation tool developed by Trusted-AI. Versions of Adversarial Robustness Toolbox 1.20.1 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the robustnessevaluationfgsmpytorch....

9.8CVSS6.1AI score0.00102EPSS

Exploits0References1

Positive Technologies•added 2026/05/12 12:0 a.m.•5 views

PT-2026-40064

The superduper project thru v0.10.0 contains a critical remote code execution vulnerability in its query parsing component. The parse op part function in query.py uses the unsafe eval function to dynamically evaluate user-supplied query operands without proper sanitization or restriction. Althoug...

6.5AI score0.00214EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by