Lucene search
K

69 matches found

NVD
NVD
added 5 days ago7 views

CVE-2026-61447

PraisonAI before 1.6.78 contains a remote code execution vulnerability in CodeAgent.executepython that executes LLM-generated Python code without AST validation, import restrictions, or sandbox enforcement. Attackers can influence LLM output through prompt injection to exfiltrate all environment...

10CVSS0.00544EPSS
Exploits0References2
NVD
NVD
added 2026/06/30 11:17 p.m.7 views

CVE-2026-56777

n8n before 2.25.7 and 2.26.x before 2.26.2 contains an abstract syntax tree AST security validator bypass in the Python Code node. An authenticated user with permission to create or modify workflows containing a Python Code node can bypass the validator and access the task executor module...

5.3CVSS0.00245EPSS
Exploits0References2
OSV
OSV
added 2026/06/30 10:8 p.m.4 views

CVE-2026-56777 n8n - AST Validator Bypass in Python Code Node

n8n before 2.25.7 and 2.26.x before 2.26.2 contains an abstract syntax tree AST security validator bypass in the Python Code node. An authenticated user with permission to create or modify workflows containing a Python Code node can bypass the validator and access the task executor module...

5.3CVSS5.9AI score0.00245EPSS
Exploits0References4
OSV
OSV
added 2026/06/24 2:17 p.m.4 views

CVE-2026-57281

Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier does not reject Groovy AST transformation annotations carrying an extensions member, allowing attackers able to run sandboxed Groovy scripts to execute code outside the sandbox if a suitable script is present on the classpath of the...

7.5CVSS6.1AI score0.00594EPSS
Exploits0References4
CVE
CVE
added 2026/06/23 6:17 p.m.87 views

CVE-2026-53753

CVE-2026-53753 affects Crawl4AI before version 0.8.7. The _safe_eval_expression() AST validator only blocks underscore-prefixed attributes, allowing access to generator/frame attributes (gi_frame, f_back, f_builtins) and enabling sandbox escape to achieve arbitrary code execution. The attack is u...

10CVSS6.2AI score0.0045EPSS
Exploits2References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.21 views

PT-2026-50164

Name of the Vulnerable Software and Affected Versions Crawl4AI versions prior to 0.8.7 Description The safe eval expression function in the computed fields feature uses an AST Abstract Syntax Tree validator that only blocks attributes starting with an underscore. Because Python generator and fram...

10CVSS6AI score0.0045EPSS
Exploits2References15
RedhatCVE
RedhatCVE
added 2026/06/05 7:13 p.m.9 views

CVE-2026-40158

PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI's AST-based Python sandbox can be bypassed using type.getattribute trampoline, allowing arbitrary code execution when running untrusted agent code. The executecodedirect function in praisonaiagents/tools/pythontools.py uses AST...

8.6CVSS6.2AI score0.0024EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/06/04 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-9358

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was determined in postcss-selector-parser up to 6.1.2/7.1.2. Affected is the function toString of the file src/selectors/container.js of the...

5.3CVSS5.6AI score0.00325EPSS
Exploits0References4
Snyk
Snyk
added 2026/05/24 7:39 a.m.27 views

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion via the toString function in the AST Serialization. An attacker can cause uncontrolled recursion by providing specially crafted input, potentially resulting in resource exhaustion and application unavailability...

6.9CVSS4.9AI score0.00325EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/05/18 9:0 p.m.21 views

@lint-md/cli (>=0.0.1 <=0.1.4), @lint-md/eslint-plugin (>=0.0.1 <=0.0.3) +4 more potentially affected by unknown CVE via ast-plugin (>=0.0.1 <=0.0.7)

ast-plugin NPM version =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.2, =0.1.0, =0.1.2 - yuque-lint =0.0.1 Source cves: unknown CVE Source advisory: SNYK:JS-ASTPLUGIN-16754893...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/05 12:0 a.m.9 views

Tailored Prompts, Targeted Protection: Vulnerability-Specific LLM Analysis for Smart Contracts

Smart contracts on blockchains are prone to diverse security vulnerabilities that can lead to significant financial losses due to their immutable nature. Existing detection approaches often lack flexibility across vulnerability types and rely heavily on manually crafted expert rules. In this pape...

5.8AI score
Exploits0
EUVD
EUVD
added 2026/04/24 2:27 a.m.16 views

EUVD-2026-25383

PostCSS takes a CSS file and provides an API to analyze and modify its rules by transforming the rules into an Abstract Syntax Tree. Versions prior to 8.5.10 do not escape sequences when stringifying CSS ASTs. When user-submitted CSS is parsed and re-stringified for embedding in HTML tags, in CSS...

6.1CVSS5.2AI score0.00205EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/24 2:27 a.m.5 views

CVE-2026-41305

PostCSS takes a CSS file and provides an API to analyze and modify its rules by transforming the rules into an Abstract Syntax Tree. Versions prior to 8.5.10 do not escape tags,...

6.1CVSS5.8AI score0.00205EPSS
Exploits0References3Affected Software1
Packet Storm News
Packet Storm News
added 2026/04/12 12:0 a.m.7 views

The Code Whisperer: LLM and Graph-Based AI for Smell and Vulnerability Resolution

Code smells and software vulnerabilities both increase maintenance cost, yet they are often handled by separate tools that miss structural context and produce noisy warnings. This paper presents The Code Whisperer, a hybrid framework that combines graph-based program analysis with large language...

5.9AI score
Exploits0
Veracode
Veracode
added 2026/04/08 2:5 p.m.16 views

Type Confusion

Handlebars is vulnerable to Type Confusion. The vulnerability is due to unsanitized handling of pre-parsed AST input in Handlebars.compile, which allows an attacker to inject malicious JavaScript via crafted AST nodes and execute arbitrary code...

9.8CVSS6AI score0.0178EPSS
Exploits2References9Affected Software1
Packet Storm News
Packet Storm News
added 2026/04/08 12:0 a.m.30 views

Aether Smart Contract Security Analysis Framework 5.0.2

Aether is a Python-based framework for analyzing Solidity smart contracts, generating vulnerability findings, producing Foundry-based proof-of-concept PoC tests, and validating exploits on mainnet forks. It combines Solidity AST parsing, taint analysis, control flow graph analysis, cross-contract...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/08 12:0 a.m.9 views

Aether Smart Contract Security Analysis Framework 6.0

Aether is a Python-based framework for analyzing Solidity smart contracts, generating vulnerability findings, producing Foundry-based proof-of-concept PoC tests, and validating exploits on mainnet forks. It combines Solidity AST parsing, taint analysis, control flow graph analysis, cross-contract...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/07 12:0 a.m.6 views

SkillSieve: A Hierarchical Triage Framework for Detecting Malicious AI Agent Skills

OpenClaw's ClawHub marketplace hosts over 13,000 community-contributed agent skills, and between 13% and 26% of them contain security vulnerabilities according to recent audits. Regex scanners miss obfuscated payloads; formal static analyzers cannot read the natural language instructions in...

5.9AI score
Exploits0
Snyk
Snyk
added 2026/04/05 12:30 p.m.6 views

Incomplete Filtering of Special Elements

Overview PyBlade is a PyBlade is a lightweight template engine for Python, initially designed for Django. Inspired by Laravel's Blade and Livewire, it simplifies dynamic template creation with developer-friendly @-based directives and component support, all while prioritizing security. Affected...

8.8CVSS6.9AI score0.00314EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/28 10:46 a.m.8 views

CVE-2026-33937

A flaw was found in Handlebars. An attacker can exploit this by supplying a crafted Abstract Syntax Tree AST object to the Handlebars.compile function. This allows the injection and execution of arbitrary JavaScript code due to improper sanitization of the value field in NumberLiteral AST nodes...

9.8CVSS6.3AI score0.0178EPSS
Exploits2References6
Rows per page
Query Builder