Lucene search
+L

159 matches found

Snyk
Snyk
added 2026/05/08 4:22 p.m.12 views

Improper Isolation or Compartmentalization

Overview org.webjars.npm:vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Improper Isolation or Compartmentalization through the setupSandboxScript bootstrap in lib/vm.js and lib/setup-sandbox.js. An attacke...

6.9CVSS5.9AI score0.00248EPSS
Exploits1References2
EUVD
EUVD
added 2026/05/05 6:57 p.m.16 views

EUVD-2026-27015

PPTAgent: Arbitrary Code Execution via Python eval of LLM-Generated Code with Builtins in Scope...

8.6CVSS5.8AI score0.00144EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/05 6:57 p.m.8 views

PPTAgent: Arbitrary Code Execution via Python eval() of LLM-Generated Code with Builtins in Scope

Summary This vulnerability has been fixed in https://github.com/icip-cas/PPTAgent/commit/418491a9a1c02d9d93194b5973bb58df35cf9d00. CodeExecutor.executeactions pptagent/apis.py:126-205 processes LLM-generated slide editing actions using Python's eval: python pptagent/apis.py:184-186 partialfunc =...

8.6CVSS6AI score0.00144EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/05/05 6:57 p.m.5 views

GHSA-89G2-XW5C-V95P PPTAgent: Arbitrary Code Execution via Python eval() of LLM-Generated Code with Builtins in Scope

Summary This vulnerability has been fixed in https://github.com/icip-cas/PPTAgent/commit/418491a9a1c02d9d93194b5973bb58df35cf9d00. CodeExecutor.executeactions pptagent/apis.py:126-205 processes LLM-generated slide editing actions using Python's eval: python pptagent/apis.py:184-186 partialfunc =...

8.6CVSS6AI score0.00144EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/05/05 2:20 a.m.8 views

CVE-2026-7687

A vulnerability was determined in langflow-ai langflow up to 1.8.4. Affected by this issue is the function CodeParser.parsecallabledetails of the file src/lfx/src/lfx/custom/codeparser/codeparser.py of the component Full Builtins Module Handler. Executing a manipulation can lead to command...

6.5CVSS6.3AI score0.01666EPSS
Exploits0References1
NVD
NVD
added 2026/05/04 5:16 p.m.12 views

CVE-2026-42079

PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, PPTAgent is vulnerable to arbitrary code execution via Python eval of LLM-generated code with builtins in scope. This issue has been patched via commit 418491a...

8.6CVSS0.00144EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/04 4:57 p.m.7 views

CVE-2026-42079 PPTAgent: Arbitrary Code Execution via Python eval() of LLM-Generated Code with Builtins in Scope

PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, PPTAgent is vulnerable to arbitrary code execution via Python eval of LLM-generated code with builtins in scope. This issue has been patched via commit 418491a...

8.6CVSS6.3AI score0.00144EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/04 4:57 p.m.5 views

CVE-2026-42079

PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, PPTAgent is vulnerable to arbitrary code execution via Python eval of LLM-generated code with builtins in scope. This issue has been patched via commit 418491a...

8.6CVSS6.3AI score0.00144EPSS
Exploits0References3
CVE
CVE
added 2026/05/04 4:57 p.m.15 views

CVE-2026-42079

PPTAgent (the PPTAgent framework) is affected by CVE-2026-42079 due to an arbitrary code execution flaw: Python eval() executes LLM-generated code with builtins in scope. This vulnerability existed prior to commit 418491a and has been patched in that commit. The issue is triggered locally (attack...

8.6CVSS6.3AI score0.00144EPSS
Exploits0References2
OSV
OSV
added 2026/05/04 4:57 p.m.3 views

CVE-2026-42079 PPTAgent: Arbitrary Code Execution via Python eval() of LLM-Generated Code with Builtins in Scope

PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, PPTAgent is vulnerable to arbitrary code execution via Python eval of LLM-generated code with builtins in scope. This issue has been patched via commit 418491a...

8.6CVSS6.5AI score0.00144EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/04 4:57 p.m.31 views

CVE-2026-42079 PPTAgent: Arbitrary Code Execution via Python eval() of LLM-Generated Code with Builtins in Scope

PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, PPTAgent is vulnerable to arbitrary code execution via Python eval of LLM-generated code with builtins in scope. This issue has been patched via commit 418491a...

8.6CVSS0.00144EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.8 views

PT-2026-36857

Name of the Vulnerable Software and Affected Versions PPTAgent versions prior to commit 418491a Description An agentic framework for reflective PowerPoint generation allows arbitrary code execution. This occurs because the software uses the Python eval function to process code generated by a Larg...

8.6CVSS6.1AI score0.00144EPSS
Exploits0References14
Vulnrichment
Vulnrichment
added 2026/05/03 8:45 a.m.5 views

CVE-2026-7687 langflow-ai langflow Full Builtins code_parser.py CodeParser.parse_callable_details command injection

A vulnerability was determined in langflow-ai langflow up to 1.8.4. Affected by this issue is the function CodeParser.parsecallabledetails of the file src/lfx/src/lfx/custom/codeparser/codeparser.py of the component Full Builtins Module Handler. Executing a manipulation can lead to command...

6.5CVSS6.3AI score0.01666EPSS
Exploits0References4
CVE
CVE
added 2026/05/03 8:45 a.m.27 views

CVE-2026-7687

LangFlow (langflow) up to version 1.8.4 is affected by a command-injection vulnerability in CodeParser.parse_callable_details (file src/lfx/src/lfx/custom/code_parser/code_parser.py, component Full Builtins Module Handler). The issue can be triggered remotely and an exploit has been publicly disc...

6.5CVSS6.3AI score0.01666EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/03 8:45 a.m.114 views

CVE-2026-7687 langflow-ai langflow Full Builtins code_parser.py CodeParser.parse_callable_details command injection

A vulnerability was determined in langflow-ai langflow up to 1.8.4. Affected by this issue is the function CodeParser.parsecallabledetails of the file src/lfx/src/lfx/custom/codeparser/codeparser.py of the component Full Builtins Module Handler. Executing a manipulation can lead to command...

6.5CVSS0.01666EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/03 12:0 a.m.11 views

Langflow 注入漏洞

Langflow is an open-source visualization framework developed by Langflow for building multi-agent and RAG applications. Versions of Langflow 1.8.4 and earlier have a injection vulnerability, which stems from a function in the component Full Builtins Module Handler: CodeParser.parsecallabledetails...

6.5CVSS6.6AI score0.01666EPSS
Exploits0References2
OSV
OSV
added 2026/04/16 1:9 a.m.11 views

GHSA-VP22-38M5-R39R PySpector has a Plugin Code Execution Bypass via Incomplete Static Analysis in PluginSecurity.validate_plugin_code

Summary The plugin security validator in PySpector uses AST-based static analysis to prevent dangerous code from being loaded as plugins. The blocklist implemented in PluginSecurity.validateplugincode is incomplete and can be bypassed using several Python constructs that are not checked. An...

6.9CVSS6.6AI score0.00185EPSS
Exploits1References5
Debian CVE
Debian CVE
added 2026/04/13 9:50 p.m.7 views

CVE-2026-33947

jq is a command-line JSON processor. In versions 1.8.1 and below, functions jvsetpath, jvgetpath, and delpathssorted in jq's src/jvaux.c use unbounded recursion whose depth is controlled by the length of a caller-supplied path array, with no depth limit enforced. An attacker can supply a JSON...

6.2CVSS5.6AI score0.00234EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2026/04/13 9:50 p.m.5 views

CVE-2026-33947

jq is a command-line JSON processor. In versions 1.8.1 and below, functions jvsetpath, jvgetpath, and delpathssorted in jq's src/jvaux.c use unbounded recursion whose depth is controlled by the length of a caller-supplied path array, with no depth limit enforced. An attacker can supply a JSON...

6.2CVSS5.8AI score0.00234EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/04/10 1:22 a.m.4 views

CVE-2026-39888

PraisonAI is a multi-agent teams system. Prior to 1.5.115, executecode in praisonaiagents.tools.pythontools defaults to sandboxmode="sandbox", which runs user code in a subprocess wrapped with a restricted builtins dict and an AST-based blocklist. The AST blocklist embedded inside the subprocess...

9.9CVSS6AI score0.00541EPSS
Exploits0References1
Rows per page
Query Builder