Lucene search
+L

365 matches found

thn
thn
added 2026/05/11 6:30 p.m.18 views

TeamPCP Compromises Checkmarx Jenkins AST Plugin Weeks After KICS Supply Chain Attack

Checkmarx has confirmed that a modified version of the Jenkins AST plugin was published to the Jenkins Marketplace. "If you are using Checkmarx Jenkins AST plugin, you need to ensure that you are using the version 2.0.13-829.vc72453fa1c16 that was published on December 17, 2025 or previously," th...

5.9AI score
Exploits0
osv
osv
added 2026/05/07 4:32 a.m.7 views

GHSA-WP5R-2GW5-M7Q7 vm2's Transformer Fast-Path Bypass Exposes Internal State Variable

Summary vm2's code transformer has a performance optimization that skips AST analysis when the code does not contain catch, import, or async keywords. This fast-path bypass allows sandboxed code to directly access the internal VM2INTERNALSTATEDONOTUSEORPROGRAMWILLFAIL variable, which exposes...

5.3CVSS5.8AI score0.00248EPSS
Exploits1References4
ptsecurity
ptsecurity
added 2026/05/07 12:0 a.m.17 views

PT-2026-38394

Name of the Vulnerable Software and Affected Versions vm2 versions prior to 3.11.0 Description A performance optimization in the code transformer skips AST Abstract Syntax Tree analysis when the code does not contain the keywords catch, import, or async. This fast-path bypass allows sandboxed cod...

5.8CVSS5.9AI score0.00248EPSS
Exploits1References7
packetstormnews
packetstormnews
added 2026/04/30 12:0 a.m.10 views

How Code Representation Shapes False-Positive Dynamics in Cross-Language LLM Vulnerability Detection

How code representation format shapes false positive behaviour in cross-language LLM vulnerability detection remains poorly understood. We systematically vary training intensity and code representation format, comparing raw source text with pruned Abstract Syntax Trees at both training time and...

5.9AI score
Exploits0
packetstormnews
packetstormnews
added 2026/04/29 12:0 a.m.11 views

VulStyle: A Multi-Modal Pre-Training for Code Stylometry-Augmented Vulnerability Detection

We present VulStyle, a multi-modal software vulnerability detection model that jointly encodes function-level source code, non-terminal Abstract Syntax Tree AST structure, and code stylometry CStyle features. Prior work in code representation primarily leverages token-level models or full AST...

5.2AI score
Exploits0
nessus
nessus
added 2026/04/26 12:0 a.m.5 views

Unity Linux 20.1060a Security Update: kernel (UTSA-2026-014324)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014324 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/client: Fix memory leak in drmclienttargetcloned dmtmode is allocated and never freed in this...

5.5AI score0.00216EPSS
Exploits0References4
ibm
ibm
added 2026/04/24 5:45 p.m.20 views

Security Bulletin: Multiple security vulnerabilities in IBM Business Automation Manager Open Editions

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed in IBM Business Automation Manager Open Editions 9.4.1 Vulnerability Details CVEID:CVE-2026-33916 DESCRIPTION: Handlebars provides the power necessary to let users build...

9.8CVSS7.1AI score0.0178EPSS
Exploits7Affected Software1
debiancve
debiancve
added 2026/04/24 2:27 a.m.7 views

CVE-2026-41305

PostCSS takes a CSS file and provides an API to analyze and modify its rules by transforming the rules into an Abstract Syntax Tree. Versions prior to 8.5.10 do not escape sequences when stringifying CSS ASTs. When user-submitted CSS is parsed and re-stringified for embedding in HTML tags, in CSS...

6.1CVSS5.3AI score0.00205EPSS
Exploits0
ptsecurity
ptsecurity
added 2026/04/24 12:0 a.m.17 views

PT-2026-34839

Name of the Vulnerable Software and Affected Versions PostCSS versions prior to 8.5.10 Description PostCSS transforms CSS files into an Abstract Syntax Tree AST to analyze and modify rules. The software fails to escape sequences when stringifying CSS ASTs. If user-submitted CSS is parsed and then...

6.1CVSS5.1AI score0.00205EPSS
Exploits0References12
snyk
snyk
added 2026/04/23 3:7 p.m.6 views

Incomplete List of Disallowed Inputs

Overview pyspector is an A high-performance, security-focused static analysis tool for Python, powered by Rust. Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs via the PluginSecurity.validateplugincode validation logic. An attacker can achieve arbitrary co...

7.8CVSS6.4AI score0.00185EPSS
Exploits1References2
osv
osv
added 2026/04/10 7:25 p.m.3 views

GHSA-3C4R-6P77-XWR7 PraisonAI Vulnerable to Code Injection and Protection Mechanism Failure

PraisonAI's AST-based Python sandbox can be bypassed using type.getattribute trampoline, allowing arbitrary code execution when running untrusted agent code. Description The executecodedirect function in praisonaiagents/tools/pythontools.py uses AST filtering to block dangerous Python attributes...

8.6CVSS6.5AI score0.0024EPSS
Exploits1References4
nvd
nvd
added 2026/04/10 5:17 p.m.4 views

CVE-2026-40158

PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI's AST-based Python sandbox can be bypassed using type.getattribute trampoline, allowing arbitrary code execution when running untrusted agent code. The executecodedirect function in praisonaiagents/tools/pythontools.py uses AST...

8.6CVSS0.0024EPSS
Exploits1References1
ptsecurity
ptsecurity
added 2026/04/10 12:0 a.m.5 views

PT-2026-31995

Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 4.5.128 Description PraisonAI's AST-based Python sandbox can be bypassed using the type. getattribute trampoline, leading to arbitrary code execution when running untrusted agent code. The execute code direct functi...

8.6CVSS6.4AI score0.0024EPSS
Exploits1References13
github
github
added 2026/04/05 12:30 p.m.8 views

PyBlade: SSTI/RCE via Bypassed AST Validation in sandbox.py

A vulnerability has been found in AntaresMugisho PyBlade 0.1.8-alpha/0.1.9-alpha. The affected element is the function issafeast of the file sandbox.py of the component AST Validation. Such manipulation leads to improper neutralization of special elements used in a template engine. The attack may...

6.5CVSS6AI score0.00314EPSS
Exploits0References8Affected Software1
euvd
euvd
added 2026/04/05 12:30 p.m.4 views

EUVD-2026-19066

A vulnerability has been found in AntaresMugisho PyBlade 0.1.8-alpha/0.1.9-alpha. The affected element is the function issafeast of the file sandbox.py of the component AST Validation. Such manipulation leads to improper neutralization of special elements used in a template engine. The attack may...

6.5CVSS6AI score0.00314EPSS
Exploits0References7
osv
osv
added 2026/04/05 12:30 p.m.3 views

GHSA-23JG-5F8M-GW8C PyBlade: SSTI/RCE via Bypassed AST Validation in sandbox.py

A vulnerability has been found in AntaresMugisho PyBlade 0.1.8-alpha/0.1.9-alpha. The affected element is the function issafeast of the file sandbox.py of the component AST Validation. Such manipulation leads to improper neutralization of special elements used in a template engine. The attack may...

6.3CVSS5.2AI score0.00314EPSS
Exploits0References7
nvd
nvd
added 2026/04/05 11:16 a.m.5 views

CVE-2026-5559

A vulnerability has been found in AntaresMugisho PyBlade 0.1.8-alpha/0.1.9-alpha. The affected element is the function issafeast of the file sandbox.py of the component AST Validation. Such manipulation leads to improper neutralization of special elements used in a template engine. The attack may...

6.5CVSS0.00314EPSS
Exploits0References6
vulnrichment
vulnrichment
added 2026/04/05 10:15 a.m.2 views

CVE-2026-5559 AntaresMugisho PyBlade AST Validation sandbox.py _is_safe_ast special elements used in a template engine

A vulnerability has been found in AntaresMugisho PyBlade 0.1.8-alpha/0.1.9-alpha. The affected element is the function issafeast of the file sandbox.py of the component AST Validation. Such manipulation leads to improper neutralization of special elements used in a template engine. The attack may...

6.5CVSS6AI score0.00314EPSS
Exploits0References6
attackerkb
attackerkb
added 2026/04/05 10:15 a.m.5 views

CVE-2026-5559

A vulnerability has been found in AntaresMugisho PyBlade 0.1.8-alpha/0.1.9-alpha. The affected element is the function issafeast of the file sandbox.py of the component AST Validation. Such manipulation leads to improper neutralization of special elements used in a template engine. The attack may...

6.5CVSS6AI score0.00314EPSS
Exploits0References6
cve
cve
added 2026/04/05 10:15 a.m.18 views

CVE-2026-5559

AntaresMugisho PyBlade 0.1.8-alpha/0.1.9-alpha is affected by a vulnerability in sandbox.py:_is_safe_ast within the AST Validation component. The flaw enables improper neutralization of special elements in the template engine, with remote-exploitation potential. Exploit has been disclosed publicl...

6.5CVSS6AI score0.00314EPSS
Exploits0References6
Rows per page
Query Builder