Lucene search
K

6 matches found

Cvelist
Cvelist
added 2026/05/16 3:26 p.m.42 views

CVE-2021-47952 python jsonpickle 2.0.0 Remote Code Execution via py/repr

python jsonpickle 2.0.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary Python commands by deserializing malicious JSON payloads containing py/repr objects. Attackers can craft JSON strings with py/repr directives that invoke the eval function during...

9.8CVSS0.00696EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/08 9:35 p.m.2 views

CVE-2026-40032

UAC Unix-like Artifacts Collector before 3.3.0-rc1 contains a command injection vulnerability in the placeholder substitution and command execution pipeline where the runcommand function passes constructed command strings directly to eval without proper sanitization. Attackers can inject shell...

8.5CVSS6.2AI score0.00726EPSS
Exploits0References8
OSV
OSV
added 2024/11/05 12:31 a.m.4 views

GHSA-6P55-QR3J-MPGQ AgentScope uses `eval`

In agentscope =v0.0.4, the file agentscope\web\workstation\workflowutils.py has the function iscallableexpression. Within this function, the line result = evals poses a security risk as it can directly execute user-provided commands...

9.8CVSS5.9AI score0.00788EPSS
Exploits1References5
OSV
OSV
added 2024/11/04 11:15 p.m.12 views

PYSEC-2024-262

In agentscope =v0.0.4, the file agentscope\web\workstation\workflowutils.py has the function iscallableexpression. Within this function, the line result = evals poses a security risk as it can directly execute user-provided commands...

9.8CVSS5.8AI score0.00788EPSS
Exploits1References3
Cvelist
Cvelist
added 2024/11/04 12:0 a.m.33 views

CVE-2024-48050

In agentscope =v0.0.4, the file agentscope\web\workstation\workflowutils.py has the function iscallableexpression. Within this function, the line result = evals poses a security risk as it can directly execute user-provided commands...

0.00788EPSS
Exploits1References2
OSV
OSV
added 2021/08/09 9:15 p.m.7 views

PYSEC-2021-119

23andMe Yamale before 3.0.8 allows remote attackers to execute arbitrary code via a crafted schema file. The schema parser uses eval as part of its processing, and tries to protect from malicious expressions by limiting the builtins that are passed to the eval. When processing the schema, each li...

9.3CVSS7.6AI score0.0249EPSS
Exploits0References3
Rows per page
Query Builder