120234 matches found
Arbitrary Code Execution
Lupa is vulnerable to Arbitrary Code Execution. The vulnerability is due to inconsistent enforcement of attributefilter when attributes are accessed via built-in functions like getattr and setattr, allowing attackers to bypass restrictions and potentially achieve arbitrary code execution...
CVE-2026-5055
NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target system in order to...
CVE-2026-4158
KeePassXC OpenSSL Configuration Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of KeePassXC. An attacker must first obtain the ability to execute low-privileged code on the targe...
CVE-2026-4158
KeePassXC OpenSSL Configuration Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of KeePassXC. An attacker must first obtain the ability to execute low-privileged code on the targe...
CVE-2026-4158
KeePassXC OpenSSL Configuration Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of KeePassXC. An attacker must first obtain the ability to execute low-privileged code on the targe...
CVE-2026-5055 NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target system in order to...
CVE-2026-5055
NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target system in order to...
Adobe Acrobat Reader 安全漏洞
Adobe Acrobat Reader is a PDF viewer developed by Adobe Inc. in the United States. This software is used for printing, signing, and annotating PDF documents. Versions of Adobe Acrobat Reader such as 24.001.30356, 26.001.21367, and earlier versions have security vulnerabilities. These...
Labcenter Electronics Proteus 缓冲区错误漏洞
Labcenter Electronics Proteus is an electronic engineering software developed by the British company Labcenter, used for circuit design and embedded system simulation. Labcenter Electronics Proteus has a buffer error vulnerability, which stems from insufficient validation of the data provided by...
Adobe Reader < 26.001.21411 Vulnerability (APSB26-43) (macOS)
The version of Adobe Reader installed on the remote macOS host is a version prior to 26.001.21411. It is, therefore, affected by a vulnerability. - Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes...
Adobe Acrobat < 24.001.30362 / 26.001.21411 Vulnerability (APSB26-43)
The version of Adobe Acrobat installed on the remote Windows host is a version prior to 24.001.30362 or 26.001.21411. It is, therefore, affected by a vulnerability. - Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Controlled Modification of Object...
[SECURITY] [DLA 4526-1] firefox-esr security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-4526-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort April 11, 2026 https://wiki.debian.org/LTS -...
GHSA-JVFF-X2QM-6286 mathjs Allows Improperly Controlled Modification of Dynamically-Determined Object Attributes
Impact This security vulnerability allowed executing arbitrary JavaScript via the expression parser of mathjs. You can be affected when you have an application where users can evaluate arbitrary expressions using the mathjs expression parser. Patches The issue was introduced in mathjs v13.1.0, an...
CVE-2026-35205
A flaw was found in Helm, a package manager for Kubernetes. A remote attacker could exploit this vulnerability by providing a malicious plugin that lacks a provenance file. Even when signature verification is enabled, Helm would incorrectly install this unverified plugin, bypassing critical...
GHSA-G985-WJH9-QXXC PraisonAI Vulnerable to RCE via Automatic tools.py Import
PraisonAI automatically imports ./tools.py from the current working directory when launching certain components. This includes call.py, toolresolver.py, and CLI tool-loading paths. A malicious tools.py placed in the process working directory is executed immediately, allowing arbitrary Python code...
PraisonAI Vulnerable to Implicit Execution of Arbitrary Code via Automatic `tools.py` Loading
PraisonAI automatically loads a file named tools.py from the current working directory to discover and register custom agent tools. This loading process uses importlib.util.specfromfilelocation and immediately executes module-level code via spec.loader.execmodule without explicit user consent,...
PraisonAI Vulnerable to Code Injection and Protection Mechanism Failure
PraisonAI's AST-based Python sandbox can be bypassed using type.getattribute trampoline, allowing arbitrary code execution when running untrusted agent code. Description The executecodedirect function in praisonaiagents/tools/pythontools.py uses AST filtering to block dangerous Python attributes...
GHSA-3C4R-6P77-XWR7 PraisonAI Vulnerable to Code Injection and Protection Mechanism Failure
PraisonAI's AST-based Python sandbox can be bypassed using type.getattribute trampoline, allowing arbitrary code execution when running untrusted agent code. Description The executecodedirect function in praisonaiagents/tools/pythontools.py uses AST filtering to block dangerous Python attributes...
Arbitrary Code Injection
Overview praisonaiagents is a Praison AI agents for completing complex tasks with Self Reflection Agents Affected versions of this package are vulnerable to Arbitrary Code Injection in the executecodedirect function when the AST-based filtering mechanism fails to block dangerous attribute access...
CVE-2026-40200
A flaw was found in musl libc. This stack-based memory corruption vulnerability occurs when the qsort function processes extremely large arrays due to incorrectly implemented double-word primitives. A local attacker could exploit this by providing a specially crafted, very large array, potentiall...