Lucene search
+L

17 matches found

OSV
OSV
added 2026/07/07 4:2 p.m.6 views

PYSEC-2026-1926 Skops may allow MethodNode to access unexpected object fields through dot notation, leading to arbitrary code execution at load time

Summary An inconsistency in MethodNode can be exploited to access unexpected object fields through dot notation. This can be used to achieve arbitrary code execution at load time. While this issue may seem similar to https://github.com/skops-dev/skops/security/advisories/GHSA-m7f4-hrc6-fwg3, it i...

8.7CVSS6.6AI score0.00138EPSS
Exploits0References10
OSV
OSV
added 2026/07/06 8:42 p.m.11 views

GHSA-Q9P7-WQXG-MRHC Langroid: Sandbox Escape to Remote Code Execution via Incomplete `eval()` Mitigation in TableChatAgent

Advisory Details Title: Sandbox Escape to Remote Code Execution via Incomplete eval Mitigation in TableChatAgent Description: Summary Langroid is vulnerable to a critical Sandbox Escape leading to Remote Code Execution RCE in its TableChatAgent and VectorStore capabilities. When these agents...

10CVSS6.3AI score0.00912EPSS
Exploits0References2
PyPA
PyPA
added 2026/06/29 11:50 a.m.7 views

PraisonAI vulnerable to sandbox escape via `print.__self__` builtins module leak in `execute_code` (subprocess mode)

Summaryexecutecode in praisonaiagents/tools/pythontools.py v1.6.37, subprocess sandbox mode can be fully bypassed using print.self to retrieve the real Python builtins module, from which import can be extracted via vars and runtime string construction. This achieves arbitrary OS command execution...

9.9CVSS6.6AI score0.0012EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2026/06/29 11:50 a.m.6 views

PraisonAI vulnerable to sandbox escape via `print.__self__` builtins module leak in `execute_code` (subprocess mode)

Summaryexecutecode in praisonaiagents/tools/pythontools.py v1.6.37, subprocess sandbox mode can be fully bypassed using print.self to retrieve the real Python builtins module, from which import can be extracted via vars and runtime string construction. This achieves arbitrary OS command execution...

9.9CVSS6.6AI score0.0012EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/06/25 5:29 a.m.5 views

MAL-2026-6440 Malicious code in tokenization-util (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 81f8a194aa79844110dede95f5f8c798d05c04c08f1a4f5d8822124b17c65fa6 The package advertises plain math/formatter helpers but index.js contains a heavily obfuscated payload concealed inside the calculateTokenPrice...

6.1AI score
Exploits0References4
Snyk
Snyk
added 2026/05/29 10:30 p.m.8 views

Protection Mechanism Failure

Overview praisonaiagents is a Praison AI agents for completing complex tasks with Self Reflection Agents Affected versions of this package are vulnerable to Protection Mechanism Failure in the executecode function. An attacker can achieve arbitrary command execution on the host system by leveragi...

9.9CVSS5.9AI score0.0012EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/29 10:30 p.m.8 views

Protection Mechanism Failure

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

9.9CVSS5.9AI score0.0012EPSS
Exploits0References3
OSV
OSV
added 2026/05/29 10:30 p.m.15 views

GHSA-4MR5-G6F9-CFRH PraisonAI vulnerable to sandbox escape via `print.__self__` builtins module leak in `execute_code` (subprocess mode)

Summary executecode in praisonaiagents/tools/pythontools.py v1.6.37, subprocess sandbox mode can be fully bypassed using print.self to retrieve the real Python builtins module, from which import can be extracted via vars and runtime string construction. This achieves arbitrary OS command executio...

9.9CVSS6.3AI score0.0012EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/29 10:30 p.m.30 views

PraisonAI vulnerable to sandbox escape via `print.__self__` builtins module leak in `execute_code` (subprocess mode)

Summary executecode in praisonaiagents/tools/pythontools.py v1.6.37, subprocess sandbox mode can be fully bypassed using print.self to retrieve the real Python builtins module, from which import can be extracted via vars and runtime string construction. This achieves arbitrary OS command executio...

6.3AI score0.0012EPSS
Exploits0References2Affected Software2
Github Security Blog
Github Security Blog
added 2026/04/07 3:48 p.m.9 views

Lupa has a Sandbox escape and RCE due to incomplete attribute_filter enforcement in getattr / setattr

Summary The attributefilter in the Lupa library is intended to restrict access to sensitive Python attributes when exposing objects to Lua. However, the filter is not consistently applied when attributes are accessed through built-in functions like getattr and setattr. This allows an attacker to...

10CVSS6.5AI score0.00613EPSS
Exploits1References3Affected Software1
GithubExploit
GithubExploit
added 2026/03/05 5:35 a.m.202 views

Exploit for Code Injection in Agentfront Enclave

RCE in ESM Environments — The require Problem When achievi...

10CVSS6.1AI score0.00588EPSS
Exploits4
OSV
OSV
added 2026/02/02 8:42 p.m.5 views

GHSA-X34R-63HX-W57F Langroid has WAF Bypass Leading to RCE in TableChatAgent

Affected Scope langroid = 0.59.31 Vulnerability Description CVE-2025-46724 fix bypass: TableChatAgent can call pandaseval tool to evaluate the expression. There is a WAF in langroid/utils/pandasutils.py introduced to block code injection CVE-2025-46724. However it can be bypassed due to literalok...

9.4CVSS6.1AI score0.00648EPSS
Exploits1References7
Github Security Blog
Github Security Blog
added 2026/02/02 8:42 p.m.14 views

Langroid has WAF Bypass Leading to RCE in TableChatAgent

Affected Scope langroid = 0.59.31 Vulnerability Description CVE-2025-46724 fix bypass: TableChatAgent can call pandaseval tool to evaluate the expression. There is a WAF in langroid/utils/pandasutils.py introduced to block code injection CVE-2025-46724. However it can be bypassed due to literalok...

9.8CVSS6.1AI score0.00741EPSS
Exploits2References7Affected Software1
CERT
CERT
added 2026/01/20 12:0 a.m.10 views

Server-Side Template Injection (SSTI) vulnerability exist in Genshi

Overview A Server-Side Template Injection SSTI vulnerability exists in the Genshi template engine due to unsafe evaluation of template expressions. Genshi processes template expressions using Python’s 'eval’ and ‘exec’ functions while allowing fallback access to Python built-in objects. If an...

9.8CVSS6.7AI score0.00726EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/21 10:35 p.m.11 views

CVE-2025-63603

A command injection vulnerability exists in the MCP Data Science Server's reading-plus-ai/mcp-server-data-exploration 0.1.6 in the safeeval function src/mcpserverds/server.py:108. The function uses Python's exec to execute user-supplied scripts but fails to restrict the builtins dictionary in the...

6.5CVSS8.3AI score0.0087EPSS
Exploits1References1
CVE
CVE
added 2025/11/18 12:0 a.m.16 views

CVE-2025-63603

MCP Data Science Server 0.1.6 (reading-plus-ai/mcp-server-data-exploration) contains a command injection in safe_eval() (src/mcp_server_ds/server.py:108) where exec() runs user scripts without restricting builtins in globals. This allows execution of arbitrary Python code with full system privile...

6.5CVSS8AI score0.0087EPSS
Exploits1References1Affected Software1
Snyk
Snyk
added 2025/02/01 6:45 a.m.4 views

Arbitrary Code Execution

Overview smolagents is a 🤗 smolagents: a barebones library for agents. Agents write python code to call tools or orchestrate other agents. Affected versions of this package are vulnerable to Arbitrary Code Execution due to allowing access to Python builtins in localpythonexecutor.py, and only...

8.6CVSS7.5AI score
Exploits0References3
Rows per page
Query Builder