CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Veracode•added 2026/03/21 5:24 a.m.•6 views

Code Injection

SimpleEval is vulnerable to code injection. The vulnerability is due to objects leaking dangerous modules through to direct access inside the sandbox, where dangerous functions or modules could be accessed by passing them as callbacks to other safe functions to call...

9.8CVSS8.4AI score0.0046EPSS

Exploits0References3Affected Software1

OSV•added 2026/03/18 5:29 p.m.•2 views

OPENSUSE-SU-2026:20393-1 Security update for python-simpleeval

This update for python-simpleeval fixes the following issues: Changes in python-simpleeval: - CVE-2026-32640: Objects including modules can leak dangerous modules through to direct access inside the sandbox bsc1259685...

9.8CVSS5.9AI score0.0046EPSS

SUSE CVE•added 2026/03/16 5:32 p.m.•2 views

SUSE CVE-2026-32640

SimpleEval is a library for adding evaluatable expressions into python projects. Prior to 1.0.5, objects including modules can leak dangerous modules through to direct access inside the sandbox. If the objects you've passed in as names to SimpleEval have modules or other disallowed / dangerous...

PyPA•added 2026/03/16 2:19 p.m.•9 views

Exploits0References3

PYSEC-2026-132

9.8CVSS7.3AI score0.0046EPSS

Exploits0References2Affected Software1

OSV•added 2026/03/16 2:19 p.m.•6 views

PYSEC-2026-132

9.8CVSS7.3AI score0.0046EPSS

OSV•added 2026/03/16 2:19 p.m.•3 views

DEBIAN-CVE-2026-32640

9.8CVSS8.4AI score0.0046EPSS

NVD•added 2026/03/16 2:19 p.m.•2 views

CVE-2026-32640

9.8CVSS0.0046EPSS

OSV•added 2026/03/16 2:19 p.m.•4 views

UBUNTU-CVE-2026-32640

CNNVD•added 2026/03/16 12:0 a.m.•6 views

Exploits0References4

simpleeval 安全漏洞

SimpleEval is a Python expression security evaluation library developed by Daniel. Versions of SimpleEval prior to 1.0.5 contained security vulnerabilities. These vulnerabilities stemmed from the possibility of objects directly accessing dangerous modules within the sandbox through attributes. If...

9.8CVSS7.3AI score0.0046EPSS

Cvelist•added 2026/03/13 9:3 p.m.•29 views

CVE-2026-32640 (SimpleEval) Objects (including modules) can leak dangerous modules through to direct access inside the sandbox.

8.7CVSS0.0046EPSS

Vulnrichment•added 2026/03/13 9:3 p.m.•2 views

CVE-2026-32640 (SimpleEval) Objects (including modules) can leak dangerous modules through to direct access inside the sandbox.

OSV•added 2026/03/13 9:3 p.m.•1 views

CVE-2026-32640 (SimpleEval) Objects (including modules) can leak dangerous modules through to direct access inside the sandbox.

ATTACKERKB•added 2026/03/13 9:3 p.m.•1 views

Exploits0References3

CVE-2026-32640

Exploits0References2Affected Software1

CVE•added 2026/03/13 9:3 p.m.•36 views

CVE-2026-32640

CVE-2026-32640 affects the Python library SimpleEval, prior to version 1.0.5. According to the connected advisories, SimpleEval did not fully restrict module references and callback handling inside its sandbox, enabling sandbox bypass and potentially arbitrary code execution. The issue is fixed i...

Exploits0References2Affected Software1

Debian CVE•added 2026/03/13 9:3 p.m.•4 views

CVE-2026-32640

9.8CVSS8.4AI score0.0046EPSS

Exploits0

EUVD•added 2026/03/13 8:56 p.m.•2 views

EUVD-2026-12142

SimpleEval: Objects including modules can leak dangerous modules through to direct access inside the sandbox...

Github Security Blog•added 2026/03/13 8:56 p.m.•8 views

SimpleEval: Objects (including modules) can leak dangerous modules through to direct access inside the sandbox

Impact If the objects passed in as names to SimpleEval have modules or other disallowed / dangerous objects available as attrs. Additionally, dangerous functions or modules could be accessed by passing them as callbacks to other safe functions to call. Examples found by @ByamB4: Any module where...