CVE-2026-42086 OpenC3 COSMOS: Self-XSS in the Command Sender

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to version 7.0.0, the Command Sender UI uses an unsafe eval function on array-like command parameters, which allows a user-supplied payload to execute in the browser when...

EUVD-2026-27061

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to version 7.0.0, the Command Sender UI uses an unsafe eval function on array-like command parameters, which allows a user-supplied payload to execute in the browser when...

CVE-2026-42086 OpenC3 COSMOS: Self-XSS in the Command Sender

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to version 7.0.0, the Command Sender UI uses an unsafe eval function on array-like command parameters, which allows a user-supplied payload to execute in the browser when...

CVE-2026-42086

OpenC3 COSMOS is affected by a Self-XSS in the Command Sender UI prior to version 7.0.0, caused by an unsafe eval() on array-like command parameters. A user-supplied payload could execute in the victim’s browser when sending a command, potentially allowing an attacker to read or modify data in th...

CVE-2026-42079 PPTAgent: Arbitrary Code Execution via Python eval() of LLM-Generated Code with Builtins in Scope

PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, PPTAgent is vulnerable to arbitrary code execution via Python eval of LLM-generated code with builtins in scope. This issue has been patched via commit 418491a...

CVE-2026-42079

PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, PPTAgent is vulnerable to arbitrary code execution via Python eval of LLM-generated code with builtins in scope. This issue has been patched via commit 418491a...

CVE-2026-42079

PPTAgent (the PPTAgent framework) is affected by CVE-2026-42079 due to an arbitrary code execution flaw: Python eval() executes LLM-generated code with builtins in scope. This vulnerability existed prior to commit 418491a and has been patched in that commit. The issue is triggered locally (attack...

PPTAgent 安全漏洞

PPTAgent is an open-source intelligent presentation generation tool based on large models developed by ICIP-CAS. Previous versions of PPTAgent 418491a contained security vulnerabilities. These vulnerabilities stemmed from issues with the Python eval function when executing code generated by LLM,...

OpenC3 COSMOS 跨站脚本漏洞

OpenC3 COSMOS is an open-source application developed by OpenC3. Versions of OpenC3 COSMOS prior to version 7.0.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from the use of the unsafe eval function by the Command Sender UI when handling array-type command parameter...

Astra Linux – Vulnerability in pillow

In Pillow’s PIL.ImageMath.eval before version 9.0.0, it was possible to evaluate arbitrary expressions, including those that used the Python exec method. A lambda expression could also be used...

Astra Linux – Vulnerability in pillow

Pillow through 10.1.0 allows for arbitrary code execution via the environment parameter. This is a different vulnerability than CVE-2022-22817, which involved the expression parameter...

Astra Linux – Vulnerability in libmodule-scandeps-perl

Qualys discovered that if unsanitized input was used with the Modules::ScanDeps library, before version 1.36, a local attacker could potentially execute arbitrary shell commands by opening a “pesky pipe” e.g., passing “commands|” as a filename or by passing arbitrary strings to the eval function...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

This vulnerability allows local attackers to disclose sensitive information on affected installations of the Linux Kernel 6.0-rc2. An attacker must first gain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific flaw resides within...

CVE-2026-7700

A weakness has been identified in langflow-ai langflow up to 1.8.4. This affects the function eval of the file src/lfx/src/lfx/components/llmoperations/lambdafilter.p of the component LambdaFilterComponent. Executing a manipulation can lead to code injection. The attack may be performed from...

CVE-2026-7700 langflow-ai langflow LambdaFilterComponent lambda_filter.p eval code injection

A weakness has been identified in langflow-ai langflow up to 1.8.4. This affects the function eval of the file src/lfx/src/lfx/components/llmoperations/lambdafilter.p of the component LambdaFilterComponent. Executing a manipulation can lead to code injection. The attack may be performed from...

CVE-2026-7700

A weakness has been identified in langflow-ai langflow up to 1.8.4. This affects the function eval of the file src/lfx/src/lfx/components/llmoperations/lambdafilter.p of the component LambdaFilterComponent. Executing a manipulation can lead to code injection. The attack may be performed from...

EUVD-2026-26838

A weakness has been identified in langflow-ai langflow up to 1.8.4. This affects the function eval of the file src/lfx/src/lfx/components/llmoperations/lambdafilter.p of the component LambdaFilterComponent. Executing a manipulation can lead to code injection. The attack may be performed from...

CVE-2026-7700 langflow-ai langflow LambdaFilterComponent lambda_filter.p eval code injection

A weakness has been identified in langflow-ai langflow up to 1.8.4. This affects the function eval of the file src/lfx/src/lfx/components/llmoperations/lambdafilter.p of the component LambdaFilterComponent. Executing a manipulation can lead to code injection. The attack may be performed from...

CVE-2026-7700

Langflow-ai Langflow up to v1.8.4 is affected by a code injection in the LambdaFilterComponent’s eval function (src/lfx/src/lfx/components/llm_operations/lambda_filter.p). The underlying issue is unsafe evaluation of input, enabling remote exploitation. The CVE indicates the attack can be perform...

Langflow 注入漏洞

Langflow is an open-source visualization framework developed by Langflow for building multi-agent and RAG applications. Versions of Langflow 1.8.4 and earlier have a injection vulnerability, which stems from the function eval in the lambdafilter.p file within the component LambdaFilterComponent...