Lucene search
K

133 matches found

CVE
CVE
added 3 days ago7 views

CVE-2026-58449

txtai up to 9.10.0 is affected by an unauthenticated remote code execution via the /reindex API. The function body parameter is resolved through txtai.util.Resolver, which uses import and getattr on a user-supplied dotted path without an allowlist. If the API is exposed without a TOKEN and the in...

9.8CVSS6.5AI score0.00725EPSS
Exploits0References4
Cvelist
Cvelist
added 3 days ago30 views

CVE-2026-58449 txtai - Unauthenticated Remote Code Execution via Unsafe Reflection in API /reindex function Parameter

txtai through 9.10.0, fixed in commit 11b32da, exposes an API /reindex endpoint whose function body parameter is resolved through txtai.util.Resolver, which performs import and getattr on the caller-supplied dotted path with no allowlist. When the API is exposed with no TOKEN configured...

9.8CVSS0.00725EPSS
Exploits0References4
Snyk
Snyk
added 2026/06/15 8:16 p.m.10 views

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

Overview starlette is a The little ASGI library that shines. Affected versions of this package are vulnerable to Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' when dispatching HTTP requests to endpoint attributes via getattr. An attacker can invoke internal...

6.3CVSS5.5AI score0.00213EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/02 12:25 p.m.9 views

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

Overview org.apache.calcite:calcite-core is a Core Calcite APIs and engine. Affected versions of this package are vulnerable to Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' via user-controled models. An attacker can achieve arbitrary code execution by supplying...

6.9CVSS6.2AI score0.00436EPSS
Exploits0References2
NVD
NVD
added 2026/06/02 10:16 a.m.11 views

CVE-2026-46718

Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' vulnerability in Apache Calcite. This issue affects Apache Calcite: from 1.5.0 before 1.42. Users are recommended to upgrade to version 1.42, which fixes the issue...

6.5CVSS0.00436EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/02 9:17 a.m.11 views

EUVD-2026-33906

Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' vulnerability in Apache Calcite. This issue affects Apache Calcite: from 1.5.0 before 1.42. Users are recommended to upgrade to version 1.42, which fixes the issue...

6.5CVSS5.8AI score0.00436EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/02 9:17 a.m.7 views

CVE-2026-46718

Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' vulnerability in Apache Calcite. This issue affects Apache Calcite: from 1.5.0 before 1.42. Users are recommended to upgrade to version 1.42, which fixes the issue...

5.8AI score0.00436EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/02 9:17 a.m.11 views

CVE-2026-46718 Apache Calcite: A user-controled model can load arbitrary classes, leading to code execution

Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' vulnerability in Apache Calcite. This issue affects Apache Calcite: from 1.5.0 before 1.42. Users are recommended to upgrade to version 1.42, which fixes the issue...

5.8AI score0.00436EPSS
Exploits0References1
CVE
CVE
added 2026/06/02 9:17 a.m.47 views

CVE-2026-46718

Apache Calcite is affected by CVE-2026-46718: Unsafe Reflection via a user-controlled model can load arbitrary classes, enabling code execution. Affected: 1.5.0 up to

6.5CVSS5.8AI score0.00436EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/02 9:17 a.m.42 views

CVE-2026-46718 Apache Calcite: A user-controled model can load arbitrary classes, leading to code execution

Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' vulnerability in Apache Calcite. This issue affects Apache Calcite: from 1.5.0 before 1.42. Users are recommended to upgrade to version 1.42, which fixes the issue...

0.00436EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/27 10:45 p.m.5 views

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

Overview Affected versions of this package are vulnerable to Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' via the updateAlgorithm process. An attacker can execute arbitrary code on the server by supplying crafted JavaScript payloads that are evaluated without...

9.8CVSS6AI score0.00562EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/26 11:47 p.m.7 views

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

Overview Affected versions of this package are vulnerable to Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' via the REST API search and collection query endpoints. An attacker can execute arbitrary methods on model objects by supplying crafted queries, potentiall...

8.8CVSS6AI score0.0007EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/08 8:25 p.m.14 views

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

Overview Affected versions of this package are vulnerable to Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' via the processing of JDBC connection URL parameters. An attacker can execute arbitrary code by supplying a crafted connection URL that causes the loading...

9.2CVSS6.3AI score0.00573EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/08 4:32 p.m.8 views

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

Overview praisonaiagents is a Praison AI agents for completing complex tasks with Self Reflection Agents Affected versions of this package are vulnerable to Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' in the ToolExecutionMixin.executetool process. An attacker...

8.8CVSS6.1AI score0.00363EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/08 4:32 p.m.11 views

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

8.8CVSS6.1AI score0.00363EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/06 5:54 p.m.11 views

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' via the condition process. An attacker can execute arbitrary commands on the server by injecting malicious...

8.6CVSS6.1AI score0.00346EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/04 6:26 p.m.11 views

Unsafe Reflection

Overview Affected versions of this package are vulnerable to Unsafe Reflection that leads to arbitrary class instantiation, via the instantiateExtension method in the ExtensionLoader class. An attacker can trigger the static initializer of any class present on the classpath by supplying a model...

9.8CVSS6.1AI score0.00692EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/04 6:26 p.m.13 views

Unsafe Reflection

Overview org.apache.opennlp:opennlp-tools is an is a machine learning based toolkit for the processing of natural language text. Affected versions of this package are vulnerable to Unsafe Reflection that leads to arbitrary class instantiation, via the instantiateExtension method in the...

9.8CVSS6.1AI score0.00692EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/30 6:17 a.m.13 views

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

Overview org.jenkins-ci.plugins:matrix-auth is a The Jenkins Plugins Parent POM Project Affected versions of this package are vulnerable to Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' via the inheritanceStrategy deserialization path in...

7.1CVSS5.9AI score0.00246EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/16 9:25 p.m.4 views

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

Overview Affected versions of this package are vulnerable to Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' via unsafe method invocation during query value resolution. An attacker can cause destruction of data, assets, and user accounts by manipulating query...

8.1CVSS5.8AI score0.00304EPSS
Exploits0References2
Rows per page
Query Builder