Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

OSV
OSVadded 2026/05/05 6:57 p.m.4 views

GHSA-89G2-XW5C-V95P PPTAgent: Arbitrary Code Execution via Python eval() of LLM-Generated Code with Builtins in Scope

Summary This vulnerability has been fixed in https://github.com/icip-cas/PPTAgent/commit/418491a9a1c02d9d93194b5973bb58df35cf9d00. CodeExecutor.executeactions pptagent/apis.py:126-205 processes LLM-generated slide editing actions using Python's eval: python pptagent/apis.py:184-186 partialfunc =...

8.6CVSS6AI score0.00144EPSS
Exploits0References4
Github Security Blog
Github Security Blogadded 2026/04/08 7:17 p.m.24 views

PraisonAI has sandbox escape via exception frame traversal in `execute_code` (subprocess mode)

Summary executecode in praisonaiagents.tools.pythontools defaults to sandboxmode="sandbox", which runs user code in a subprocess wrapped with a restricted builtins dict and an AST-based blocklist. The AST blocklist embedded inside the subprocess wrapper blockedattrs, line 143 of pythontools.py...

9.9CVSS6.6AI score0.00541EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVEadded 2025/11/19 12:11 a.m.13 views

CVE-2025-63604

A code injection vulnerability exists in baryhuang/mcp-server-aws-resources-python 0.1.0 that allows remote code execution through insufficient input validation in the executequery method. The vulnerability stems from the exposure of dangerous Python built-in functions import, getattr, hasattr in...

6.5CVSS8.7AI score0.00306EPSS
Exploits1References1
NVD
NVDadded 2025/11/18 4:15 p.m.3 views

CVE-2025-63604

A code injection vulnerability exists in baryhuang/mcp-server-aws-resources-python 0.1.0 that allows remote code execution through insufficient input validation in the executequery method. The vulnerability stems from the exposure of dangerous Python built-in functions import, getattr, hasattr in...

6.5CVSS0.00306EPSS
Exploits1References1
EUVD
EUVDadded 2025/11/18 12:0 a.m.5 views

EUVD-2025-198042

A command injection vulnerability exists in the MCP Data Science Server's reading-plus-ai/mcp-server-data-exploration 0.1.6 in the safeeval function src/mcpserverds/server.py:108. The function uses Python's exec to execute user-supplied scripts but fails to restrict the builtins dictionary in the...

6.5CVSS7.8AI score0.00778EPSS
Exploits1References2
CVE
CVEadded 2025/11/18 12:0 a.m.9 views

CVE-2025-63604

CVE-2025-63604 affects baryhuang/mcp-server-aws-resources-python 0.1.0. A code-injection flaw stems from insufficient input validation in the execute_query method, exposing dangerous built-ins (import , getattr, hasattr) in the execution namespace and using exec() to run user-supplied code. Attac...

6.5CVSS8.3AI score0.00306EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder