154 matches found
CVE-2026-44717
MCP Calculate Server is a mathematical calculation service based on MCP protocol and SymPy library. Prior to 0.1.1, the use of eval to evaluate mathematical expressions without proper input sanitization leads to remote code execution. This vulnerability is fixed in 0.1.1...
Use of Weak Hash
Overview mlrun is a Tracking and config of machine learning runs Affected versions of this package are vulnerable to Use of Weak Hash in the calculatedataframehash function. An attacker can cause hash collisions between DataFrame artifact hashes. Remediation A fix was pushed into the master branc...
CVE-2026-10766
The vulnerability CVE-2026-10766 affects mlrun up to 1.12.0-rc3, specifically the function mlrun.utils.helpers.calculate_dataframe_hash in DataFrame Hash Handler. The issue arises from a manipulation that leads to the use of a weak hash. Exploitation is possible only from a local environment, wit...
CVE-2026-10766
A vulnerability has been found in mlrun up to 1.12.0-rc3. This impacts the function mlrun.utils.helpers.calculatedataframehash of the file mlrun/utils/helpers.py of the component DataFrame Hash Handler. The manipulation leads to use of weak hash. The attack can only be performed from a local...
CVE-2026-10766 mlrun DataFrame Hash helpers.py mlrun.utils.helpers.calculate_dataframe_hash weak hash
A vulnerability has been found in mlrun up to 1.12.0-rc3. This impacts the function mlrun.utils.helpers.calculatedataframehash of the file mlrun/utils/helpers.py of the component DataFrame Hash Handler. The manipulation leads to use of weak hash. The attack can only be performed from a local...
EUVD-2026-34177
A vulnerability has been found in mlrun up to 1.12.0-rc3. This impacts the function mlrun.utils.helpers.calculatedataframehash of the file mlrun/utils/helpers.py of the component DataFrame Hash Handler. The manipulation leads to use of weak hash. The attack can only be performed from a local...
Astra Linux - уязвимость в faad2
There is a stack-based buffer overflow in the third instance of the calculategain function in libfaad/sbrhfadj.c in Freeware Advanced Audio Decoder 2 FAAD2 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impacts, as the SM array is mishandled...
Astra Linux - уязвимость в linux-5.10, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fixed an out-of-bounds shift in CalculateVMAndRowBytes REASON When PTEBufferSizeInRequests is zero, UBSAN reports the following warning because dmllog2 returns an unexpected negative value: The shift exponent...
CVE-2026-44717
MCP Calculate Server is a mathematical calculation service based on MCP protocol and SymPy library. Prior to 0.1.1, the use of eval to evaluate mathematical expressions without proper input sanitization leads to remote code execution. This vulnerability is fixed in 0.1.1...
CVE-2026-44717 MCP Calculate Server: Prompt Injection to RCE
MCP Calculate Server is a mathematical calculation service based on MCP protocol and SymPy library. Prior to 0.1.1, the use of eval to evaluate mathematical expressions without proper input sanitization leads to remote code execution. This vulnerability is fixed in 0.1.1...
CVE-2026-44717 MCP Calculate Server: Prompt Injection to RCE
MCP Calculate Server is a mathematical calculation service based on MCP protocol and SymPy library. Prior to 0.1.1, the use of eval to evaluate mathematical expressions without proper input sanitization leads to remote code execution. This vulnerability is fixed in 0.1.1...
CVE-2026-44717
The MCP Calculate Server (based on MCP and SymPy) is vulnerable prior to version 0.1.1 due to use of eval() for evaluating expressions without input sanitization, enabling remote code execution. The issue is fixed in 0.1.1. The CVSS3.1 vector indicates a network-facing, high-impact (CRITICAL) RCE...
EUVD-2026-30574
MCP Calculate Server is a mathematical calculation service based on MCP protocol and SymPy library. Prior to 0.1.1, the use of eval to evaluate mathematical expressions without proper input sanitization leads to remote code execution. This vulnerability is fixed in 0.1.1...
CVE-2026-44717
MCP Calculate Server is a mathematical calculation service based on MCP protocol and SymPy library. Prior to 0.1.1, the use of eval to evaluate mathematical expressions without proper input sanitization leads to remote code execution. This vulnerability is fixed in 0.1.1...
MCP Calculate Server 代码注入漏洞
MCP Calculate Server is a mathematical calculation service tool developed by 611711Dark, based on the MCP protocol. Versions of MCP Calculate Server prior to 0.1.1 contained a code injection vulnerability. This vulnerability arose from the use of eval to evaluate mathematical expressions without...
CVE-2026-5939
A crafted XFA PDF can trigger a use-after-free condition during calculate event processing, causing the application to crash and resulting in an arbitrary code execution...
CVE-2026-5939
A crafted XFA PDF can trigger a use-after-free condition during calculate event processing, causing the application to crash and resulting in an arbitrary code execution...
CVE-2026-5939
A crafted XFA PDF can trigger a use-after-free condition during calculate event processing, causing the application to crash and resulting in an arbitrary code execution...
CVE-2026-5939
CVE-2026-5939 describes a use-after-free (UAF) vulnerability in Foxit PDF Editor/Reader triggered by a crafted XFA PDF during the calculate event. The issue affects the application when processing XFA calculate logic, potentially crashing the program and enabling arbitrary code execution. The lin...
EUVD-2026-25825
A crafted XFA PDF can trigger a use-after-free condition during calculate event processing, causing the application to crash and resulting in an arbitrary code execution...