EUVD-2026-14246

A vulnerability was detected in vanna-ai vanna up to 2.0.2. Affected by this vulnerability is the function ask of the file vanna\legacy\base\base.py. Performing a manipulation results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and may be used. T...

CVE-2026-4513

A vulnerability was detected in vanna-ai vanna up to 2.0.2. Affected by this vulnerability is the function ask of the file vanna\legacy\base\base.py. Performing a manipulation results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and may be used. T...

CVE-2026-4513

A vulnerability was detected in vanna-ai vanna up to 2.0.2. Affected by this vulnerability is the function ask of the file vanna\legacy\base\base.py. Performing a manipulation results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and may be used. T...

CVE-2026-4513 vanna-ai vanna base.py ask sql injection

A vulnerability was detected in vanna-ai vanna up to 2.0.2. Affected by this vulnerability is the function ask of the file vanna\legacy\base\base.py. Performing a manipulation results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and may be used. T...

MoneyPrinterTurbo 访问控制错误漏洞

MoneyPrinterTurbo is a software by Harry's personal developer that generates short HD videos using AI macromodels. An access control error vulnerability exists in MoneyPrinterTurbo version 1.2.6 and earlier, which stems from a lack of authentication in the function verifytoken in the file...

CVE-2023-44467

langchainexperimental aka LangChain Experimental in LangChain before 0.0.306 allows an attacker to bypass the CVE-2023-36258 fix and execute arbitrary code via import in Python code, which is not prohibited by palchain/base.py...

CVE-2023-44467

langchainexperimental aka LangChain Experimental in LangChain before 0.0.306 allows an attacker to bypass the CVE-2023-36258 fix and execute arbitrary code via import in Python code, which is not prohibited by palchain/base.py...

Remote Code Execution (RCE)

GitPython is vulnerable to Remote Code Execution RCE. The vulnerability exists because the clone function of base.py does not properly sanitize the non-multi options, which allows an attacker to inject an OS command into the clone command. NOTE: this issue exists because of an incomplete fix for...

SQL Injection

langchain is vulnerable to SQL Injection attacks. A specifically crafted attack statement through the call function in sqldatabase/base.py allows a malicious user to inject and execute arbitrary SQL queries on the target system via the SQLDatabaseChain component...

Arbitrary Code Execution

jcvi is vulnerable to configuration injection. The vulnerability is due to improper checks in the path parameter of apps/base.py, which allows an attacker to inject arbitrary configurations, possibly resulting in arbitrary code execution...

Cross-Site Request Forgery (CSRF)

nsupdate is vulnerable to cross-site request forgery. The vulnerability exists in CSRFCOOKIEHTTPONLY cookie in base.py due to lack of proper security HTTP headers which allows an attacker to gain access to sensitive information in the system...

CVE-2019-25091

A vulnerability classified as problematic has been found in nsupdate.info. This affects an unknown part of the file src/nsupdate/settings/base.py of the component CSRF Cookie Handler. The manipulation of the argument CSRFCOOKIEHTTPONLY leads to cookie without 'httponly' flag. It is possible to...

Remote Code Execution (RCE)

GitPython is vulnerable to Remote Code Execution RCE. The vulnerability exists because the clonefrom function in base.py makes external calls to git without sufficient sanitization of input arguments, allowing an attacker to inject and execute a maliciously crafted remote URL into the clone comma...

Command Injection

celery is vulnerable to Command Injection. The vulnerability exists due to lack of input sanitization which allows an attacker to inject and execute malicious commands via base.py...

PYSEC-2018-7

webhooks/base.py in Anymail aka django-anymail before 1.2.1 is prone to a timing attack vulnerability on the WEBHOOKAUTHORIZATION secret, which allows remote attackers to post arbitrary e-mail tracking events...

CVE-2018-6596

webhooks/base.py in Anymail aka django-anymail before 1.2.1 is prone to a timing attack vulnerability on the WEBHOOKAUTHORIZATION secret, which allows remote attackers to post arbitrary e-mail tracking events...

Code injection

webhooks/base.py in Anymail aka django-anymail before 1.2.1 is prone to a timing attack vulnerability on the WEBHOOKAUTHORIZATION secret, which allows remote attackers to post arbitrary e-mail tracking events...