Lucene search
K

732 matches found

Veracode
Veracode
added 6 days ago7 views

Arbitrary Code Injection

Langroid is vulnerable to Arbitrary Code Injection. The vulnerability is due to improper sandboxing of Python eval that fails to remove builtins, which allows an attacker to execute arbitrary operating system commands through crafted LLM-generated tool messages...

10CVSS6.3AI score0.00912EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/07/06 8:42 p.m.5 views

Arbitrary Code Injection

Overview langroid is a Harness LLMs with Multi-Agent Programming Affected versions of this package are vulnerable to Arbitrary Code Injection in the eval process used by certain agent components when evaluating external input with fulleval=True. An attacker can execute arbitrary system commands b...

10CVSS6.2AI score0.00912EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/29 11:50 a.m.4 views

Arbitrary Code Injection

Overview mesop is a Build UIs in Python Affected versions of this package are vulnerable to Arbitrary Code Injection due to an explicit web endpoint inside the ai/ testing module infrastructure directly ingests untrusted Python code strings unconditionally without authentication measures, yieldin...

9.8CVSS6.1AI score0.05289EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/26 4:32 p.m.8 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the path parameter in output plugins when using the $tag placeholder. An attacker can overwrite arbitrary files or inject malicious content by sending specially crafted log entries containing path traversal...

9.8CVSS6.1AI score0.01107EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/19 9:15 p.m.5 views

Arbitrary Code Injection

Overview @tinacms/cli is a package used to set up your project with Tina Cloud configuration, and run a local version of the Tina Cloud content-api. Affected versions of this package are vulnerable to Arbitrary Code Injection through the addVariablesToCode/makeFieldsWithInternalCode process in...

7.8CVSS6.1AI score0.0017EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/19 2:39 p.m.3 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the toCedarExpr method, which does not escape special characters when converting values to source code. An attacker can inject arbitrary expressions by supplying specially crafted input, potentially altering...

8.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/06/18 5:25 p.m.6 views

Arbitrary Code Injection

Overview Crawl4AI is a 🚀🤖 Crawl4AI: Open-source LLM Friendly Web Crawler & scraper Affected versions of this package are vulnerable to Arbitrary Code Injection via the browserconfig.extraargs parameter in API requests. An attacker can execute arbitrary commands as the container's runtime user by...

10CVSS6.3AI score0.00523EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/15 8:13 p.m.13 views

Arbitrary Code Injection

Overview protobufjs-cli is a Translates between file formats and generates static code as well as TypeScript definitions. Affected versions of this package are vulnerable to Arbitrary Code Injection via the pbjs static code generation. An attacker can execute arbitrary code by providing crafted...

8.2CVSS6.2AI score0.00228EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/15 8:13 p.m.13 views

Arbitrary Code Injection

Overview protobufjs is a protocol buffer for JavaScript & TypeScript. Affected versions of this package are vulnerable to Arbitrary Code Injection via the pbjs static code generation. An attacker can execute arbitrary code by providing crafted schema names that are incorporated into generated...

8.2CVSS6.5AI score0.00228EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/09 3:50 a.m.19 views

EUVD-2026-35334

Spring MVC applications which accept user-supplied values in the cssClass, cssErrorClass, or cssStyle attributes of JSP form tags allow arbitrary HTML/JavaScript code injection, potentially resulting in a cross-site scripting XSS vulnerability. Affected versions: Spring Framework 7.0.0 through...

5.9CVSS5.4AI score0.0014EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/07 4:44 p.m.14 views

Arbitrary Code Injection

Overview dbgate-api is an Allows run DbGate data-manipulation scripts. Affected versions of this package are vulnerable to Arbitrary Code Injection in the loadReader function in runners.js. The functionName parameter can be injected with arbitrary JavaScript, which is executed with the privileges...

8.8CVSS5.6AI score0.0051EPSS
Exploits1References2
Snyk
Snyk
added 2026/06/04 9:14 a.m.12 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via insufficient validation of query parameters used in JSP file creation. An attacker can execute arbitrary code on the server by supplying crafted query parameters that cause a JSP file containing...

9.8CVSS8.3AI score0.5771EPSS
Exploits4References3
Snyk
Snyk
added 2026/05/29 7:32 p.m.11 views

Arbitrary Code Injection

Overview redshift-connector is a Redshift interface library Affected versions of this package are vulnerable to Arbitrary Code Injection due to the use of eval on untrusted data received from the server, in the vectorin function. An attacker can execute arbitrary code on the client system by...

9.8CVSS6.2AI score0.00808EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/28 8:51 p.m.9 views

Arbitrary Code Injection

Overview electerm is an open-sourced terminal/ssh/telnet/serialport/sftp client Affected versions of this package are vulnerable to Arbitrary Code Injection via the import process of bookmark data or during sync operations. An attacker can execute arbitrary code by injecting malicious fields into...

9.6CVSS6AI score0.00234EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/27 6:24 p.m.14 views

Arbitrary Code Injection

Overview liquidjs is an A simple, expressive, safe and Shopify compatible template engine in pure JavaScript. Affected versions of this package are vulnerable to Arbitrary Code Injection via the filters and tags registries in Liquid. An attacker can trigger arbitrary inherited Object.prototype...

10CVSS6AI score0.00089EPSS
Exploits0References2
Veracode
Veracode
added 2026/05/27 1:36 p.m.12 views

Arbitrary Code Injection

Contour is vulnerable to Arbitrary Code Injection. The vulnerability is due to insufficient sanitization of user-controlled values in cookieRewritePolicies.pathRewrite.value, where values are interpolated into Envoy HTTP Lua filter code using Go text/template, allowing attackers with HTTPProxy...

8.1CVSS6.1AI score0.00481EPSS
Exploits0References8Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.8 views

Unity Linux 20.1060e / 20.1070e Security Update: nodejs-underscore (UTSA-2026-016621)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016621 advisory. The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function,...

7.2CVSS6.8AI score0.04087EPSS
Exploits2References4
Snyk
Snyk
added 2026/05/20 9:41 a.m.6 views

Arbitrary Code Injection

Overview twig/twig is a flexible, fast, and secure template language for PHP. Affected versions of this package are vulnerable to Arbitrary Code Injection via template name handling in the % use % tag compilation path. An attacker can execute arbitrary PHP code by supplying a crafted template nam...

9.8CVSS6.1AI score0.00357EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/18 5:47 p.m.24 views

Arbitrary Code Injection

Overview @budibase/server is a Budibase Web Server Affected versions of this package are vulnerable to Arbitrary Code Injection via the calculation parameter in the V1 Views API, which is interpolated directly into a CouchDB reduce function without validation. An attacker can execute arbitrary...

8.5CVSS6.1AI score0.00263EPSS
Exploits0References2
Veracode
Veracode
added 2026/05/16 10:34 a.m.15 views

Arbitrary Code Injection

Froxlor is vulnerable to Arbitrary Code Injection. The vulnerability is due to improper escaping of single quotes in PhpHelper::parseArrayToString, which allows an attacker to inject arbitrary PHP code through the privilegeduser parameter that gets executed on subsequent requests...

9.1CVSS6AI score0.0048EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder