CVE-2026-31236

The CVE-2026-31236 issue affects the llm CLI tool up to version 0.27.1. The vulnerability arises from the --functions argument, which accepts user-provided Python definitions and is executed with unsafe exec() without sanitization or sandboxing, enabling arbitrary code execution on a victim’s sys...

CVE-2026-31236

The llm CLI tool thru 0.27.1 contains a critical code injection vulnerability via its --functions command-line argument. This argument is intended to allow users to provide custom Python function definitions. However, the tool directly executes the provided code using the unsafe exec function...

EUVD-2024-33156

Malicious code in bioql PyPI...

EUVD-2023-0447

Malicious code in bioql PyPI...

EUVD-2025-15428

Malicious code in bioql PyPI...

EUVD-2025-16232

Malicious code in bioql PyPI...

EUVD-2024-49660

Malicious code in bioql PyPI...

CVE-2025-5151

A vulnerability classified as critical has been found in defog-ai introspect up to 0.1.4. This affects the function executeanalysiscodesafely of the file introspect/backend/tools/analysistools.py. The manipulation of the argument code leads to code injection. It is possible to launch the attack o...

CVE-2025-4767

A vulnerability was found in defog-ai introspect up to 0.1.4. It has been rated as critical. Affected by this issue is the function testcustomtool of the file introspect/backend/integrationroutes.py of the component Test Endpoint. The manipulation of the argument inputmodel leads to code injectio...

CVE-2025-4218 handrew browserpilot gpt_selenium_agent.py GPTSeleniumAgent code injection

A vulnerability was found in handrew browserpilot up to 0.2.51. It has been declared as critical. Affected by this vulnerability is the function GPTSeleniumAgent of the file browserpilot/browserpilot/agents/gptseleniumagent.py. The manipulation of the argument instructions leads to code injection...

CVE-2024-1117

A vulnerability was found in openBI up to 1.0.8. It has been declared as critical. Affected by this vulnerability is the function index of the file /application/index/controller/Screen.php. The manipulation of the argument fileurl leads to code injection. The attack can be launched remotely. The...

CVE-2024-10073 flairNLP flair Mode File Loader clustering.py ClusteringModel code injection

A vulnerability, which was classified as critical, was found in flairNLP flair 0.14.0. Affected is the function ClusteringModel of the file flair\models\clustering.py of the component Mode File Loader. The manipulation leads to code injection. It is possible to launch the attack remotely. The...

PT-2024-39282 · Composiohq · Composio

Name of the Vulnerable Software and Affected Versions: composiohq composio versions up to 0.5.6 Description: A critical vulnerability has been found in composiohq composio, affecting the Calculator function of the file python/composio/tools/local/mathematical/actions/calculator.py. This issue lea...

PHP Code Injection

phpWhois PHP Code Injection\nVulnerability Overview\nphpWhois and some of its forks in versions before 5.1.0 are prone to a\ncode injection vulnerability due to insufficient sanitization of returned\nWHOIS data. This allows attackers controlling the WHOIS information of a\nrequested domain to...