Lucene search
+L

365 matches found

Cvelist
Cvelist
added 2026/03/27 5:41 p.m.33 views

CVE-2026-4965 letta-ai letta Incomplete Fix CVE-2025-6101 ast_parsers.py resolve_type eval injection

A vulnerability was detected in letta-ai letta 0.16.4. This issue affects the function resolvetype of the file letta/functions/astparsers.py of the component Incomplete Fix CVE-2025-6101. Performing a manipulation results in improper neutralization of directives in dynamically evaluated code. The...

7.5CVSS0.00604EPSS
Exploits1References4
OSV
OSV
added 2026/03/27 5:41 p.m.6 views

CVE-2026-4965 letta-ai letta Incomplete Fix CVE-2025-6101 ast_parsers.py resolve_type eval injection

A vulnerability was detected in letta-ai letta 0.16.4. This issue affects the function resolvetype of the file letta/functions/astparsers.py of the component Incomplete Fix CVE-2025-6101. Performing a manipulation results in improper neutralization of directives in dynamically evaluated code. The...

6.9CVSS6.7AI score0.00604EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.6 views

Letta-ai letta 安全漏洞

Letta-ai letta is an open-source stateful proxy framework developed by Letta-ai, featuring memory management, reasoning capabilities, and context handling. Version 0.16.4 of letta-ai letta contains a security vulnerability. This vulnerability arises from incorrect operations on functions in the...

9.8CVSS7.1AI score0.00604EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.10 views

PT-2026-28691

Name of the Vulnerable Software and Affected Versions letta-ai letta version 0.16.4 Description A flaw exists in the resolve type function within the letta/functions/ast parsers.py file. This issue involves improper neutralization of directives in dynamically evaluated code, potentially allowing...

7.5CVSS5.9AI score0.00604EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.6 views

PT-2026-28569

Name of the Vulnerable Software and Affected Versions Handlebars versions 4.0.0 through 4.7.8 Description Handlebars allows Remote Code Execution RCE through a crafted Abstract Syntax Tree AST object. The Handlebars.compile function accepts either a template string or a pre-parsed AST. When an AS...

9.8CVSS6.3AI score0.0178EPSS
Exploits2References280
NVD
NVD
added 2026/03/11 7:16 a.m.6 views

CVE-2026-3534

The Astra theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ast-page-background-meta and ast-content-background-meta post meta fields in all versions up to, and including, 4.12.3. This is due to insufficient input sanitization on meta registration and missing output escapin...

6.4CVSS0.00199EPSS
Exploits0References6
OSV
OSV
added 2026/03/06 11:59 p.m.6 views

GHSA-8W32-6MRW-Q5WV WeKnora Vulnerable to Remote Code Execution via SQL Injection Bypass in AI Database Query Tool

Summary A critical Remote Code Execution RCE vulnerability exists in the application's database query functionality. The validation system fails to recursively inspect child nodes within PostgreSQL array expressions and row expressions, allowing attackers to bypass SQL injection protections. By...

10CVSS6.5AI score0.00539EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/03/01 12:0 a.m.15 views

PT-2026-22503

A security vulnerability has been detected in ChaiScript up to 6.1.0. This impacts the function chaiscript::eval::AST Node Impl::eval/chaiscript::eval::Function Push Pop of the file include/chaiscript/language/chaiscript eval.hpp. The manipulation leads to uncontrolled recursion. An attack has to...

4.8CVSS5.3AI score0.00162EPSS
Exploits0References7
OSV
OSV
added 2026/02/26 10:7 p.m.5 views

GHSA-23C5-XMQV-RM74 minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions

Summary Nested extglobs produce regexps with nested unbounded quantifiers e.g. ?:?:a|b, which exhibit catastrophic backtracking in V8. With a 12-byte pattern a|b and an 18-byte non-matching input, minimatch stalls for over 7 seconds. Adding a single nesting level or a few input characters pushes...

7.5CVSS5.9AI score0.00472EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/02/24 9:41 p.m.11 views

Fickling: OBJ opcode call invisibility bypasses all safety checks

Assessment The interpreter so it behaves closer to CPython when dealing with OBJ, NEWOBJ, and NEWOBJEX opcodes https://github.com/trailofbits/fickling/commit/ff423dade2bb1f72b2b48586c022fac40cbd9a4a. Original report Summary All 5 of fickling's safety interfaces -- islikelysafe, checksafety, CLI...

6AI score
Exploits0References3Affected Software1
OSV
OSV
added 2026/02/22 1:16 a.m.9 views

DEBIAN-CVE-2026-2903

A flaw has been found in skvadrik re2c up to 4.4. Impacted is the function checkandmergespecialrules of the file src/parse/ast.cc. This manipulation causes null pointer dereference. The attack can only be executed locally. The exploit has been published and may be used. Patch name:...

4.8CVSS4AI score0.00113EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/02/22 1:16 a.m.10 views

CVE-2026-2903

A flaw has been found in skvadrik re2c up to 4.4. Impacted is the function checkandmergespecialrules of the file src/parse/ast.cc. This manipulation causes null pointer dereference. The attack can only be executed locally. The exploit has been published and may be used. Patch name:...

4.8CVSS5.3AI score0.00113EPSS
Exploits0References7
OSV
OSV
added 2026/02/22 1:16 a.m.10 views

AZL-78273 CVE-2026-2903 affecting package re2c 3.1-4

A flaw has been found in skvadrik re2c up to 4.4. Impacted is the function checkandmergespecialrules of the file src/parse/ast.cc. This manipulation causes null pointer dereference. The attack can only be executed locally. The exploit has been published and may be used. Patch name:...

4.8CVSS5.2AI score0.00113EPSS
Exploits0References1
NVD
NVD
added 2026/02/06 10:16 p.m.28 views

CVE-2026-25533

Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to 2.10.1, the existing layers of security in enclave-vm are insufficient: The AST sanitization can be bypassed with dynamic property accesses, the hardening of the error objects does not cover the peculiar...

8.8CVSS0.0023EPSS
Exploits1References3
OSV
OSV
added 2026/02/06 9:16 p.m.10 views

CVE-2026-25533 Enclave has a sandbox escape via infinite recursion and error objects

Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to 2.10.1, the existing layers of security in enclave-vm are insufficient: The AST sanitization can be bypassed with dynamic property accesses, the hardening of the error objects does not cover the peculiar...

6.4CVSS5.7AI score0.0023EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/02/06 9:16 p.m.5 views

CVE-2026-25533

Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to 2.10.1, the existing layers of security in enclave-vm are insufficient: The AST sanitization can be bypassed with dynamic property accesses, the hardening of the error objects does not cover the peculiar...

6.4CVSS5.7AI score0.0023EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/05 12:0 a.m.11 views

PT-2026-6649

Name of the Vulnerable Software and Affected Versions enclave-vm versions prior to 2.10.1 @enclave-vm/core versions prior to 2.10.1 Description The security measures within enclave-vm are inadequate. The Abstract Syntax Tree AST sanitization can be circumvented using dynamic property accesses. Th...

6.4CVSS6AI score0.0023EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.8 views

PT-2026-6749

Name of the Vulnerable Software and Affected Versions Asterisk versions prior to 20.7-cert9 Asterisk versions prior to 20.18.2 Asterisk versions prior to 21.12.1 Asterisk versions prior to 22.8.2 Asterisk versions prior to 23.2.2 Description Asterisk is a private branch exchange and telephony...

7.8CVSS5.9AI score0.00112EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2025/12/25 12:55 a.m.5 views

SUSE CVE-2023-54091

In the Linux kernel, the following vulnerability has been resolved: drm/client: Fix memory leak in drmclienttargetcloned dmtmode is allocated and never freed in this function. It was found with the ast driver, but most drivers using generic fbdev setup are probably affected. This fixes the...

3.3CVSS6.5AI score0.00216EPSS
Exploits0References22
EUVD
EUVD
added 2025/12/24 3:30 p.m.5 views

EUVD-2023-60354

In the Linux kernel, the following vulnerability has been resolved: drm/client: Fix memory leak in drmclienttargetcloned dmtmode is allocated and never freed in this function. It was found with the ast driver, but most drivers using generic fbdev setup are probably affected. This fixes the...

6AI score0.00216EPSS
Exploits0References9
Rows per page
Query Builder