10 matches found
CVE-2026-4963
A weakness has been identified in huggingface smolagents 1.25.0.dev0. This affects the function evaluateaugassign/evaluatecall/evaluatewith of the file src/smolagents/localpythonexecutor.py of the component Incomplete Fix CVE-2025-9959. This manipulation causes code injection. It is possible to...
Out-of-bounds Write
Vyper is vulnerable to Out-of-bounds Write. The vulnerability is due to improper bounds validation due to the caching of the target location in an AugAssign statement, which prevents re-evaluating the bounds check when modifying a DynArray...
CVE-2025-27105
A flaw was found in Vyper, a Pythonic Smart Contract Language for the EVM. This vulnerability allows out-of-bounds writes via improper bounds checking when modifying a DynArray using an augmented assignment AugAssign. Mitigation Mitigation for this issue is either not available or the currently...
GHSA-4W26-8P97-F4JP AugAssign evaluation order causing OOB write within the object in Vyper
Vyper handles AugAssign statements by first caching the target location to avoid double evaluation. However, in the case when target is an access to a DynArray and the rhs modifies the array, the cached target will evaluate first, and the bounds check will not be re-evaluated during the write...
AugAssign evaluation order causing OOB write within the object in Vyper
Vyper handles AugAssign statements by first caching the target location to avoid double evaluation. However, in the case when target is an access to a DynArray and the rhs modifies the array, the cached target will evaluate first, and the bounds check will not be re-evaluated during the write...
PYSEC-2025-31
vyper is a Pythonic Smart Contract Language for the EVM. Vyper handles AugAssign statements by first caching the target location to avoid double evaluation. However, in the case when target is an access to a DynArray and the rhs modifies the array, the cached target will evaluate first, and the...
CVE-2025-27105
vyper is a Pythonic Smart Contract Language for the EVM. Vyper handles AugAssign statements by first caching the target location to avoid double evaluation. However, in the case when target is an access to a DynArray and the rhs modifies the array, the cached target will evaluate first, and the...
CVE-2025-27105
CVE-2025-27105 concerns vyper, a Pythonic smart contract language for the EVM. The issue arises in AugAssign handling when the target is an access to a dynamic array (DynArray); if the right-hand side modifies the array, the target is cached and the bounds check may not be re-evaluated during the...
CVE-2025-27105 AugAssign evaluation order causing OOB write within the object in Vyper
vyper is a Pythonic Smart Contract Language for the EVM. Vyper handles AugAssign statements by first caching the target location to avoid double evaluation. However, in the case when target is an access to a DynArray and the rhs modifies the array, the cached target will evaluate first, and the...
CVE-2025-27105 AugAssign evaluation order causing OOB write within the object in Vyper
vyper is a Pythonic Smart Contract Language for the EVM. Vyper handles AugAssign statements by first caching the target location to avoid double evaluation. However, in the case when target is an access to a DynArray and the rhs modifies the array, the cached target will evaluate first, and the...