Lucene search
K

71 matches found

OSV
OSV
added 2026/06/29 11:50 a.m.8 views

PYSEC-2026-319 Crawl4AI: AST Sandbox Escape via gi_frame.f_back Chain - Pre-Auth RCE in Docker API

Summary The safeevalexpression function in the computed fields feature uses an AST validator that only blocks attributes starting with underscore. Python generator and frame object attributes giframe, fback, fbuiltins do NOT start with underscore, enabling a complete sandbox escape to achieve...

9.8CVSS6.6AI score0.0045EPSS
Exploits2References7
Cvelist
Cvelist
added 2026/06/23 6:17 p.m.54 views

CVE-2026-53753 Crawl4AI: AST Sandbox Escape via gi_frame.f_back Chain - Pre-Auth RCE in Docker API

Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior to 0.8.7, the safeevalexpression function in the computed fields feature uses an AST validator that only blocks attributes starting with underscore. Python generator and frame object attributes giframe, fback, fbuiltins do NOT...

9.8CVSS0.0045EPSS
Exploits2References1
CVE
CVE
added 2026/06/23 6:17 p.m.73 views

CVE-2026-53753

CVE-2026-53753 affects Crawl4AI before version 0.8.7. The _safe_eval_expression() AST validator only blocks underscore-prefixed attributes, allowing access to generator/frame attributes (gi_frame, f_back, f_builtins) and enabling sandbox escape to achieve arbitrary code execution. The attack is u...

10CVSS6.2AI score0.0045EPSS
Exploits2References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:41 p.m.10 views

CVE-2025-67486

Dolibarr is an enterprise resource planning ERP and customer relationship management CRM software package. Versions 22.0.2 and earlier contains an authenticated remote code execution vulnerability in the user extrafields functionality. User-controlled input from the "computed value" field is pass...

8.6CVSS6.7AI score0.00881EPSS
Exploits1References1
NVD
NVD
added 2026/05/08 3:16 p.m.10 views

CVE-2025-67486

Dolibarr is an enterprise resource planning ERP and customer relationship management CRM software package. Versions 22.0.2 and earlier contains an authenticated remote code execution vulnerability in the user extrafields functionality. User-controlled input from the "computed value" field is pass...

8.6CVSS0.00881EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2026/05/08 3:16 p.m.13 views

CVE-2025-67486

Dolibarr is an enterprise resource planning ERP and customer relationship management CRM software package. Versions 22.0.2 and earlier contains an authenticated remote code execution vulnerability in the user extrafields functionality. User-controlled input from the "computed value" field is pass...

8.6CVSS6.7AI score0.00881EPSS
Exploits1References3
EUVD
EUVD
added 2026/05/08 2:21 p.m.7 views

EUVD-2025-209752

Dolibarr is an enterprise resource planning ERP and customer relationship management CRM software package. Versions 22.0.2 and earlier contains an authenticated remote code execution vulnerability in the user extrafields functionality. User-controlled input from the "computed value" field is pass...

8.6CVSS6.7AI score0.00881EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/04/22 11:25 a.m.7 views

CVE-2026-40892

A flaw was found in PJSIP, a multimedia communication library. This vulnerability, a stack buffer overflow, occurs in the pjsipauthcreatedigest2 function when processing pre-computed digest credentials. A remote attacker could exploit this by providing specially crafted credential data, leading t...

9.8CVSS6.6AI score0.00419EPSS
Exploits0References2
OSV
OSV
added 2026/04/21 9:16 p.m.4 views

DEBIAN-CVE-2026-40892

PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, a stack buffer overflow exists in pjsipauthcreatedigest2 in PJSIP when using pre-computed digest credentials PJSIPCREDDATADIGEST. The function copies credential data using credinfo-data.slen as the...

9.8CVSS5.6AI score0.00419EPSS
Exploits0References1
OSV
OSV
added 2026/04/21 9:16 p.m.8 views

ALPINE-CVE-2026-40892

PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, a stack buffer overflow exists in pjsipauthcreatedigest2 in PJSIP when using pre-computed digest credentials PJSIPCREDDATADIGEST. The function copies credential data using credinfo-data.slen as the...

9.8CVSS5.7AI score0.00419EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/21 7:55 p.m.6 views

EUVD-2026-24469

PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, a stack buffer overflow exists in pjsipauthcreatedigest2 in PJSIP when using pre-computed digest credentials PJSIPCREDDATADIGEST. The function copies credential data using credinfo-data.slen as the...

9.3CVSS6AI score0.00419EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/24 7:56 p.m.6 views

Cross-site Scripting (XSS)

Overview nicegui is a Create web-based user interfaces with Python. The nice way. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the runmethod function. An attacker can execute arbitrary JavaScript in the victim's browser by supplying crafted input as a method...

6.1CVSS5.9AI score0.00163EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/01/22 6:6 p.m.8 views

SurrealDB Affected by Confused Deputy Privilege Escalation through Future Fields and Functions

Unprivileged users for example, those with the database editor role can create or modify fields in records that contain functions or futures. Futures are values which are only computed when the value is queried. The query executes in the context of the querying user, rather than the user who...

6AI score
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2025/11/25 12:30 a.m.11 views

CVE-2025-65951 Inside Track / Entropy Derby Timelock Encryption Bypassed via Pre-Computed VDF Output Leakage

Inside Track / Entropy Derby is a research-grade horse-racing betting engine. Prior to commit 2d38d2f, the VDF-based timelock encryption system fails to enforce sequential delay against the betting operator. Bettors pre-compute the entire Wesolowski VDF and include vdfOutputHex in their encrypted...

8.7CVSS0.00107EPSS
Exploits0References2
Veracode
Veracode
added 2025/11/20 11:5 a.m.6 views

Remote Code Execution (RCE)

Dolibarr is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper handling of the computed field parameter in the User module configuration, which allows an attacker to inject malicious input and execute arbitrary code...

8.8CVSS7.6AI score0.00469EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2021-28985

Malicious code in bioql PyPI...

7.7CVSS7.6AI score0.00724EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2021-28984

Malicious code in bioql PyPI...

6.6CVSS5.4AI score0.00231EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-32047

Malicious code in bioql PyPI...

8.8CVSS6.4AI score0.00469EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/10/02 12:17 a.m.5 views

CVE-2025-56588

Dolibarr ERP & CRM v21.0.1 were discovered to contain a remote code execution RCE vulnerability in the User module configuration via the computed field parameter...

8.8CVSS8.5AI score0.00469EPSS
Exploits0References1
OSV
OSV
added 2025/10/01 9:31 p.m.3 views

GHSA-27HJ-48R9-X2VX Dolibarr vulnerable to RCE via the computed field parameter

Dolibarr ERP & CRM v21.0.1 were discovered to contain a remote code execution RCE vulnerability in the User module configuration via the computed field parameter...

8.8CVSS8.5AI score0.00469EPSS
Exploits0References5
Rows per page
Query Builder