PT-2026-31679

A flaw has been found in FoundationAgents MetaGPT up to 0.8.1. This vulnerability affects the function ActionNode.xml fill of the file metagpt/actions/action node.py of the component XML Handler. Executing a manipulation can lead to improper neutralization of directives in dynamically evaluated...

Malicious code in @wame/ngx-frf-utilities (npm)

Malicious package due to JS obfuscation, dynamic code execution, OS/DNS access, suspicious install script, and untrustworthy project. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bfa63e93a0b5a6ead3de9d3680bb75a023c43b59c6db80e0072b6a239cb7d5da The package...

MAL-2026-2412 Malicious code in @wame/ngx-frf-utilities (npm)

Malicious package due to JS obfuscation, dynamic code execution, OS/DNS access, suspicious install script, and untrustworthy project. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bfa63e93a0b5a6ead3de9d3680bb75a023c43b59c6db80e0072b6a239cb7d5da The package...

MAL-2026-2415 Malicious code in oc-aa-module-client (npm)

Multiple pieces of evidence suggest malicious intent: hex obfuscation, dynamic code execution, suspicious email, and install script executing index.js. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0ff9a96329ad67bbc8f97ec7686f7f6a8f1b94bb76be3f8f48671cafde13fc...

MAL-2026-2406 Malicious code in @ceeferenderer/fe-renderer-sdk (npm)

Multiple evidences suggest malicious intent: code obfuscation, dynamic code execution, process access, install script, and suspicious email. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector feee20bafab758bb648bbe425a100a13e6d21799552a2b5566fe6029faef6ce4 Package...

EUVD-2022-45960

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2019-11201

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dolibarr ERP/CRM 9.0.1 provides a module named website that provides for creation of public websites with a WYSIWYG editor. It was identified that the editor al...

CVE-2025-55346 Unintended dynamic code execution leads to remote code execution by network attackers

User-controlled input flows to an unsafe implementation of a dynamic Function constructor, allowing network attackers to run arbitrary unsandboxed JS code in the context of the host, by sending a simple POST request...

CVE-2025-6101

CVE-2025-6101 affects the letta-ai letta project up to version 0.4.1. The vulnerable component is the function_message logic in the file letta/letta/interface.py, where manipulation of the arguments function_name/function_args enables improper neutralization of directives in dynamically evaluated...

CVE-2022-42902

In Linaro Automated Validation Architecture LAVA before 2022.10, there is dynamic code execution in lavaserver/lavatable.py. Due to improper input sanitization, an anonymous user can force the lava-server-gunicorn service to execute user-provided code on the server...

Dynamic Variable Evaluation

Overview composio-core is a Core package to act as a bridge between composio platform and other services. Affected versions of this package are vulnerable to Dynamic Variable Evaluation through the eval function in the mathematicalcalculator endpoint. An attacker can execute arbitrary code by...

PT-2024-8549

Name of the Vulnerable Software and Affected Versions Chamilo LMS affected versions not specified Description The issue is related to the lack of measures to neutralize instructions in dynamically executed code in the Chamilo LMS electronic learning and content management system. Exploitation of...

PT-2024-1066 · Openvpn · Openvpn Connect

Name of the Vulnerable Software and Affected Versions: OpenVPN Connect versions 3.0 through 3.4.6 Description: The issue is related to the failure to neutralize instructions in dynamically executed code. Exploitation of this issue may allow an attacker to execute arbitrary code using the DYLD...

Debian dla-3192 : lava - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3192 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3192-1 [email protected] https://www.debian.org/lts/security/...

Debian DSA-5260-1 : lava - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5260 advisory. - In Linaro Automated Validation Architecture LAVA before 2022.10, there is dynamic code execution in lavaserver/lavatable.py. Due to improper input sanitization, an...

CVE-2022-42902

In Linaro Automated Validation Architecture LAVA before 2022.10, there is dynamic code execution in lavaserver/lavatable.py. Due to improper input sanitization, an anonymous user can force the lava-server-gunicorn service to execute user-provided code on the server...

Input validation

In Linaro Automated Validation Architecture LAVA before 2022.10, there is dynamic code execution in lavaserver/lavatable.py. Due to improper input sanitization, an anonymous user can force the lava-server-gunicorn service to execute user-provided code on the server...

CVE-2022-42902

CVE-2022-42902 affects Linaro Automated Validation Architecture (LAVA); in versions prior to 2022.10, lava_server/lavatable.py allows remote code execution due to improper input sanitization, enabling an anonymous user to cause lava-server-gunicorn to run user-provided code. Debian advisories (DL...

PT-2022-26653 · Linaro · Lava

Name of the Vulnerable Software and Affected Versions: Linaro Automated Validation Architecture LAVA versions prior to 2022.10 Description: The issue is related to dynamic code execution in lava server/lavatable.py due to improper input sanitization. This allows an anonymous user to force the...

Low-rent RAT Worries Researchers

For about the price of a cup of Starbucks latte, a hacker is renting out a remote access trojan designed to backdoor targeted networks. Dubbed as Dark Crystal RAT or DCRat, the malware is being peddled online to hackers in Russian by a lone rookie malware writer with a penchant for cut-rate...