2488 matches found
CVE-2024-8953
In composiohq/composio version 0.4.3, the mathematicalcalculator endpoint uses the unsafe eval function to perform mathematical operations. This can lead to arbitrary code execution if untrusted input is passed to the eval function...
Dynamic Variable Evaluation
Overview composio-core is a Core package to act as a bridge between composio platform and other services. Affected versions of this package are vulnerable to Dynamic Variable Evaluation through the eval function in the mathematicalcalculator endpoint. An attacker can execute arbitrary code by...
Composio Eval Injection Vulnerability
In composiohq/composio version 0.4.3, the mathematicalcalculator endpoint uses the unsafe eval function to perform mathematical operations. This can lead to arbitrary code execution if untrusted input is passed to the eval function...
Denial of Service (DoS)
Overview litellm is a Library to easily interface with LLM API providers Affected versions of this package are vulnerable to Denial of Service DoS through the use of ast.literaleval to parse user input. Details Denial of Service DoS describes a family of attacks, all aimed at making a system...
Arbitrary Command Injection
Overview lollms is a python library for AI personality definition Affected versions of this package are vulnerable to Arbitrary Command Injection in the calculate function, which uses the eval function without sufficient protection. An attacker can execute commands on the server by injecting...
CVE-2024-9439
SuperAGI is vulnerable to remote code execution in the latest version. The agent template update API allows attackers to control certain parameters, which are then fed to the eval function without any sanitization or checks in place. This vulnerability can lead to full system compromise...
CVE-2024-8953
In composiohq/composio version 0.4.3, the mathematicalcalculator endpoint uses the unsafe eval function to perform mathematical operations. This can lead to arbitrary code execution if untrusted input is passed to the eval function...
CVE-2024-8953
In composiohq/composio version 0.4.3, the mathematicalcalculator endpoint uses the unsafe eval function to perform mathematical operations. This can lead to arbitrary code execution if untrusted input is passed to the eval function...
CVE-2024-6982
A remote code execution vulnerability exists in the Calculate function of parisneo/lollms version 9.8. The vulnerability arises from the use of Python's eval function to evaluate mathematical expressions within a Python sandbox that disables builtins and only allows functions from the math module...
CVE-2024-8953 Unsafe eval usage in composiohq/composio
In composiohq/composio version 0.4.3, the mathematicalcalculator endpoint uses the unsafe eval function to perform mathematical operations. This can lead to arbitrary code execution if untrusted input is passed to the eval function...
CVE-2024-8953 Unsafe eval usage in composiohq/composio
In composiohq/composio version 0.4.3, the mathematicalcalculator endpoint uses the unsafe eval function to perform mathematical operations. This can lead to arbitrary code execution if untrusted input is passed to the eval function...
CVE-2024-8953
CVE-2024-8953 affects composiohq/composio 0.4.3, where the mathematical_calculator endpoint uses the unsafe eval() function, enabling arbitrary code execution with untrusted input. Multiple connected sources confirm the issue and its impact (potential for code execution, high/severe impact). Reme...
CVE-2024-6982 Remote Code Execution in Calculate Function in parisneo/lollms
A remote code execution vulnerability exists in the Calculate function of parisneo/lollms version 9.8. The vulnerability arises from the use of Python's eval function to evaluate mathematical expressions within a Python sandbox that disables builtins and only allows functions from the math module...
CVE-2024-6982 Remote Code Execution in Calculate Function in parisneo/lollms
A remote code execution vulnerability exists in the Calculate function of parisneo/lollms version 9.8. The vulnerability arises from the use of Python's eval function to evaluate mathematical expressions within a Python sandbox that disables builtins and only allows functions from the math module...
CVE-2024-6982
Parisneo/lollms v9.8 exposes a remote code execution vulnerability in the Calculate function. The flaw stems from evaluating user-supplied expressions with Python eval() inside a sandbox that disables builtins and only permits math.*. An attacker can bypass the sandbox by loading the os module vi...
LiteLLM 资源管理错误漏洞
LiteLLM is a Berri AI open source application. All LLM APIs can be called using the OpenAI format. LiteLLM has a resource management error vulnerability that stems from an insecure parsing of user input in ast.literaleval, which can be exploited by an attacker to cause a denial of service...
VulnCheck KEV: CVE-2025-24893
XWiki Platform contains an eval injection vulnerability that could allow any guest to perform arbitrary remote code execution through a request to SolrSearch...
Linux Distros Unpatched Vulnerability : CVE-2011-1760
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to conduct eval injection attacks and gain privileges via shell metacharacters in the -e...
CVE-2020-19248
SQL Injection vulnerability in PbootCMS 1.4.1 in parsing if statements in templates, resulting in a malicious user's ability to contaminate template content by searching for page contamination URLs, thus triggering vulnerabilities when the program uses eval statements to parse templates...
CVE-2020-19248
SQL Injection vulnerability in PbootCMS 1.4.1 in parsing if statements in templates, resulting in a malicious user's ability to contaminate template content by searching for page contamination URLs, thus triggering vulnerabilities when the program uses eval statements to parse templates...