163 matches found
CVE-2026-14749
The CVE-2026-14749 entry concerns mjperpinosa stumasy up to commit 327d1b0f2915ba79d7ef8ebb74553e987609d9be. Vulnerability: the eval call in file application/pages/imba_calculator/calculate.php is affected; manipulating the argument mathematical_sentence enables code injection. Impact is remote, ...
CVE-2026-14749
A vulnerability was identified in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be. Impacted is the function eval of the file application/pages/imbacalculator/calculate.php. The manipulation of the argument mathematicalsentence leads to code injection. The attack is possible to ...
MAL-2026-6274 Malicious code in web3-token-helper (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0c826bf782895b60580b94e3a28a2c4562d3742420ce81e9895ad8568da57890 The package advertises itself as a Web3 fee utility but its main export is a dropper. index.js line 140 base64-decodes a platform-specific command...
CVE-2026-44717
MCP Calculate Server is a mathematical calculation service based on MCP protocol and SymPy library. Prior to 0.1.1, the use of eval to evaluate mathematical expressions without proper input sanitization leads to remote code execution. This vulnerability is fixed in 0.1.1...
Use of Weak Hash
Overview mlrun is a Tracking and config of machine learning runs Affected versions of this package are vulnerable to Use of Weak Hash in the calculatedataframehash function. An attacker can cause hash collisions between DataFrame artifact hashes. Remediation A fix was pushed into the master branc...
CVE-2026-10766
A vulnerability has been found in mlrun up to 1.12.0-rc3. This impacts the function mlrun.utils.helpers.calculatedataframehash of the file mlrun/utils/helpers.py of the component DataFrame Hash Handler. The manipulation leads to use of weak hash. The attack can only be performed from a local...
CVE-2026-10766
The vulnerability CVE-2026-10766 affects mlrun up to 1.12.0-rc3, specifically the function mlrun.utils.helpers.calculate_dataframe_hash in DataFrame Hash Handler. The issue arises from a manipulation that leads to the use of a weak hash. Exploitation is possible only from a local environment, wit...
CVE-2026-10766 mlrun DataFrame Hash helpers.py mlrun.utils.helpers.calculate_dataframe_hash weak hash
A vulnerability has been found in mlrun up to 1.12.0-rc3. This impacts the function mlrun.utils.helpers.calculatedataframehash of the file mlrun/utils/helpers.py of the component DataFrame Hash Handler. The manipulation leads to use of weak hash. The attack can only be performed from a local...
EUVD-2026-34177
A vulnerability has been found in mlrun up to 1.12.0-rc3. This impacts the function mlrun.utils.helpers.calculatedataframehash of the file mlrun/utils/helpers.py of the component DataFrame Hash Handler. The manipulation leads to use of weak hash. The attack can only be performed from a local...
CVE-2026-10766 mlrun DataFrame Hash helpers.py mlrun.utils.helpers.calculate_dataframe_hash weak hash
A vulnerability has been found in mlrun up to 1.12.0-rc3. This impacts the function mlrun.utils.helpers.calculatedataframehash of the file mlrun/utils/helpers.py of the component DataFrame Hash Handler. The manipulation leads to use of weak hash. The attack can only be performed from a local...
MLRun 安全漏洞
MLRun is an AI orchestration platform developed by MLRun OpenSource. Versions of MLRun 1.12.0-rc3 and earlier contain security vulnerabilities. These vulnerabilities stem from a function in the DataFrame Hash Handler component located in the file mlrun/utils/helpers.py, specifically the...
Missing Authentication for Critical Function
Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fixed an out-of-bounds shift in CalculateVMAndRowBytes. REASON When PTEBufferSizeInRequests is zero, UBSAN reports the following warning because dmllog2 returns an unexpected negative value: The shift exponent...
Astra Linux – Vulnerability in faad2
There is a stack-based buffer overflow in the third instance of the calculategain function in libfaad/sbrhfadj.c in Freeware Advanced Audio Decoder 2 FAAD2 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impacts, as the SM array is mishandled...
CVE-2026-44717
MCP Calculate Server is a mathematical calculation service based on MCP protocol and SymPy library. Prior to 0.1.1, the use of eval to evaluate mathematical expressions without proper input sanitization leads to remote code execution. This vulnerability is fixed in 0.1.1...
CVE-2026-44717
MCP Calculate Server is a mathematical calculation service based on MCP protocol and SymPy library. Prior to 0.1.1, the use of eval to evaluate mathematical expressions without proper input sanitization leads to remote code execution. This vulnerability is fixed in 0.1.1...
CVE-2026-44717 MCP Calculate Server: Prompt Injection to RCE
MCP Calculate Server is a mathematical calculation service based on MCP protocol and SymPy library. Prior to 0.1.1, the use of eval to evaluate mathematical expressions without proper input sanitization leads to remote code execution. This vulnerability is fixed in 0.1.1...
EUVD-2026-30574
MCP Calculate Server is a mathematical calculation service based on MCP protocol and SymPy library. Prior to 0.1.1, the use of eval to evaluate mathematical expressions without proper input sanitization leads to remote code execution. This vulnerability is fixed in 0.1.1...
CVE-2026-44717
The MCP Calculate Server (based on MCP and SymPy) is vulnerable prior to version 0.1.1 due to use of eval() for evaluating expressions without input sanitization, enabling remote code execution. The issue is fixed in 0.1.1. The CVSS3.1 vector indicates a network-facing, high-impact (CRITICAL) RCE...
CVE-2026-44717 MCP Calculate Server: Prompt Injection to RCE
MCP Calculate Server is a mathematical calculation service based on MCP protocol and SymPy library. Prior to 0.1.1, the use of eval to evaluate mathematical expressions without proper input sanitization leads to remote code execution. This vulnerability is fixed in 0.1.1...