Lucene search
+L

163 matches found

CVE
CVE
added 2026/07/05 12:45 p.m.18 views

CVE-2026-14749

The CVE-2026-14749 entry concerns mjperpinosa stumasy up to commit 327d1b0f2915ba79d7ef8ebb74553e987609d9be. Vulnerability: the eval call in file application/pages/imba_calculator/calculate.php is affected; manipulating the argument mathematical_sentence enables code injection. Impact is remote, ...

7.5CVSS6.8AI score0.00322EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/07/05 12:45 p.m.8 views

CVE-2026-14749

A vulnerability was identified in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be. Impacted is the function eval of the file application/pages/imbacalculator/calculate.php. The manipulation of the argument mathematicalsentence leads to code injection. The attack is possible to ...

7.5CVSS6.8AI score0.00322EPSS
Exploits0References6
OSV
OSV
added 2026/06/22 10:38 p.m.11 views

MAL-2026-6274 Malicious code in web3-token-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0c826bf782895b60580b94e3a28a2c4562d3742420ce81e9895ad8568da57890 The package advertises itself as a Web3 fee utility but its main export is a dropper. index.js line 140 base64-decodes a platform-specific command...

5.8AI score
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/06/05 7:12 p.m.10 views

CVE-2026-44717

MCP Calculate Server is a mathematical calculation service based on MCP protocol and SymPy library. Prior to 0.1.1, the use of eval to evaluate mathematical expressions without proper input sanitization leads to remote code execution. This vulnerability is fixed in 0.1.1...

9.8CVSS5.9AI score0.00478EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/03 10:23 p.m.12 views

Use of Weak Hash

Overview mlrun is a Tracking and config of machine learning runs Affected versions of this package are vulnerable to Use of Weak Hash in the calculatedataframehash function. An attacker can cause hash collisions between DataFrame artifact hashes. Remediation A fix was pushed into the master branc...

3.6CVSS5.5AI score0.00075EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/03 8:0 p.m.18 views

CVE-2026-10766

A vulnerability has been found in mlrun up to 1.12.0-rc3. This impacts the function mlrun.utils.helpers.calculatedataframehash of the file mlrun/utils/helpers.py of the component DataFrame Hash Handler. The manipulation leads to use of weak hash. The attack can only be performed from a local...

3.6CVSS4.7AI score0.00075EPSS
Exploits0References7
CVE
CVE
added 2026/06/03 8:0 p.m.27 views

CVE-2026-10766

The vulnerability CVE-2026-10766 affects mlrun up to 1.12.0-rc3, specifically the function mlrun.utils.helpers.calculate_dataframe_hash in DataFrame Hash Handler. The issue arises from a manipulation that leads to the use of a weak hash. Exploitation is possible only from a local environment, wit...

3.6CVSS4.7AI score0.00075EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/06/03 8:0 p.m.10 views

CVE-2026-10766 mlrun DataFrame Hash helpers.py mlrun.utils.helpers.calculate_dataframe_hash weak hash

A vulnerability has been found in mlrun up to 1.12.0-rc3. This impacts the function mlrun.utils.helpers.calculatedataframehash of the file mlrun/utils/helpers.py of the component DataFrame Hash Handler. The manipulation leads to use of weak hash. The attack can only be performed from a local...

3.6CVSS4.7AI score0.00075EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/03 8:0 p.m.13 views

EUVD-2026-34177

A vulnerability has been found in mlrun up to 1.12.0-rc3. This impacts the function mlrun.utils.helpers.calculatedataframehash of the file mlrun/utils/helpers.py of the component DataFrame Hash Handler. The manipulation leads to use of weak hash. The attack can only be performed from a local...

3.6CVSS4.7AI score0.00075EPSS
Exploits0References7
OSV
OSV
added 2026/06/03 8:0 p.m.3 views

CVE-2026-10766 mlrun DataFrame Hash helpers.py mlrun.utils.helpers.calculate_dataframe_hash weak hash

A vulnerability has been found in mlrun up to 1.12.0-rc3. This impacts the function mlrun.utils.helpers.calculatedataframehash of the file mlrun/utils/helpers.py of the component DataFrame Hash Handler. The manipulation leads to use of weak hash. The attack can only be performed from a local...

2CVSS4.5AI score0.00075EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/06/03 12:0 a.m.13 views

MLRun 安全漏洞

MLRun is an AI orchestration platform developed by MLRun OpenSource. Versions of MLRun 1.12.0-rc3 and earlier contain security vulnerabilities. These vulnerabilities stem from a function in the DataFrame Hash Handler component located in the file mlrun/utils/helpers.py, specifically the...

3.6CVSS4.8AI score0.00075EPSS
Exploits0References7
Snyk
Snyk
added 2026/05/29 10:31 p.m.6 views

Missing Authentication for Critical Function

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

9.8CVSS6.1AI score0.00084EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fixed an out-of-bounds shift in CalculateVMAndRowBytes. REASON When PTEBufferSizeInRequests is zero, UBSAN reports the following warning because dmllog2 returns an unexpected negative value: The shift exponent...

7.8CVSS6.2AI score0.00174EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in faad2

There is a stack-based buffer overflow in the third instance of the calculategain function in libfaad/sbrhfadj.c in Freeware Advanced Audio Decoder 2 FAAD2 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impacts, as the SM array is mishandled...

7.8CVSS7.9AI score0.01281EPSS
Exploits1References2
NVD
NVD
added 2026/05/15 5:16 p.m.16 views

CVE-2026-44717

MCP Calculate Server is a mathematical calculation service based on MCP protocol and SymPy library. Prior to 0.1.1, the use of eval to evaluate mathematical expressions without proper input sanitization leads to remote code execution. This vulnerability is fixed in 0.1.1...

9.8CVSS0.00478EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/15 4:58 p.m.5 views

CVE-2026-44717

MCP Calculate Server is a mathematical calculation service based on MCP protocol and SymPy library. Prior to 0.1.1, the use of eval to evaluate mathematical expressions without proper input sanitization leads to remote code execution. This vulnerability is fixed in 0.1.1...

9.8CVSS6.2AI score0.00478EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/15 4:58 p.m.45 views

CVE-2026-44717 MCP Calculate Server: Prompt Injection to RCE

MCP Calculate Server is a mathematical calculation service based on MCP protocol and SymPy library. Prior to 0.1.1, the use of eval to evaluate mathematical expressions without proper input sanitization leads to remote code execution. This vulnerability is fixed in 0.1.1...

9.8CVSS0.00478EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/15 4:58 p.m.11 views

EUVD-2026-30574

MCP Calculate Server is a mathematical calculation service based on MCP protocol and SymPy library. Prior to 0.1.1, the use of eval to evaluate mathematical expressions without proper input sanitization leads to remote code execution. This vulnerability is fixed in 0.1.1...

9.8CVSS6.2AI score0.00478EPSS
Exploits0References1
CVE
CVE
added 2026/05/15 4:58 p.m.29 views

CVE-2026-44717

The MCP Calculate Server (based on MCP and SymPy) is vulnerable prior to version 0.1.1 due to use of eval() for evaluating expressions without input sanitization, enabling remote code execution. The issue is fixed in 0.1.1. The CVSS3.1 vector indicates a network-facing, high-impact (CRITICAL) RCE...

9.8CVSS6.2AI score0.00478EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/15 4:58 p.m.10 views

CVE-2026-44717 MCP Calculate Server: Prompt Injection to RCE

MCP Calculate Server is a mathematical calculation service based on MCP protocol and SymPy library. Prior to 0.1.1, the use of eval to evaluate mathematical expressions without proper input sanitization leads to remote code execution. This vulnerability is fixed in 0.1.1...

9.8CVSS6.2AI score0.00478EPSS
Exploits0References1
Rows per page
Query Builder