CVE-2026-34936

PraisonAI is a multi-agent teams system. Prior to version 4.5.90, passthrough and apassthrough in praisonai accept a caller-controlled apibase parameter that is concatenated with endpoint and passed directly to httpx.Client.request when the litellm primary path raises AttributeError. No URL schem...

Fedora 43 : 389-ds-base / python3-docs / python3.14 (2026-27ce708600)

The remote Fedora 43 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-27ce708600 advisory. - New minor version of the Python interpreter, bringing also security fixes. - 389-ds-base: Fix system index configuration issues - 389-ds-base: Fix...

CVE-2023-40457

The BGP daemon in Extreme Networks ExtremeXOS aka EXOS 30.7.1.1 allows an attacker who is not on a directly connected network to cause a denial of service BGP session reset because of BGP attribute error mishandling for attribute 21 and 25. NOTE: the vendor disputes this because it is "evaluating...

CVE-2023-54125

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Return error for inconsistent extended attributes ntfsreadea is called when we want to read extended attributes. There are some sanity checks for the validity of the EAs. However, it fails to return a proper error code...

Linux Distros Unpatched Vulnerability : CVE-2025-38181

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - calipso: Fix null-ptr-deref in calipsoreqset,delattr. syzkaller reported a null-ptr-deref in sockomalloc while allocating a CALIPSO option. 0 The NULL is of...

Exposed Dangerous Method or Function

Overview asteval is a Safe, minimalistic evaluator of python expression using ast module Affected versions of this package are vulnerable to Exposed Dangerous Method or Function through the onformattedvalue function. An attacker can manipulate the value of the string used in the dangerous call...

GHSA-3WWR-3G9F-9GC7 ASTEVAL Allows Maliciously Crafted Format Strings to Lead to Sandbox Escape

Summary If an attacker can control the input to the asteval library, they can bypass asteval's restrictions and execute arbitrary Python code in the context of the application using the library. Details The vulnerability is rooted in how asteval performs handling of FormattedValue AST nodes. In...

CVE-2023-40457

The BGP daemon in Extreme Networks ExtremeXOS aka EXOS 30.7.1.1 allows an attacker who is not on a directly connected network to cause a denial of service BGP session reset because of BGP attribute error mishandling for attribute 21 and 25. NOTE: the vendor disputes this because it is "evaluating...

CVE-2023-40457

The BGP daemon in Extreme Networks ExtremeXOS aka EXOS 30.7.1.1 allows an attacker who is not on a directly connected network to cause a denial of service BGP session reset because of BGP attribute error mishandling for attribute 21 and 25. NOTE: the vendor disputes this because it is "evaluating...

PYSEC-2024-186

RestrictedPython is a restricted execution environment for Python to run untrusted code. A user can gain access to protected and potentially sensible information indirectly via AttributeError.obj and the string module. The problem will be fixed in version 7.3. As a workaround, If the application...

DEBIAN-CVE-2024-47532

RestrictedPython is a restricted execution environment for Python to run untrusted code. A user can gain access to protected and potentially sensible information indirectly via AttributeError.obj and the string module. The problem will be fixed in version 7.3. As a workaround, If the application...

Facebook Hermes 安全漏洞

Facebook Hermes is a JavaScript engine from Facebook Inc. in the United States. The engine is targeted at React Native applications to improve the performance of mobile client apps, but is not applicable to server-side infrastructures such as browsers & Node.js. Facebook Hermes...