antgrid-server (>=0.0.2 <=0.0.3), kani-tts (=0.0.1) +3 more potentially affected by CVE-2025-23336 via nvidia-pytriton (=0.7.0)

nvidia-pytriton PYPI version =0.7.0 is affected by a known vulnerability. The following packages have a transitive dependency on nvidia-pytriton and may be impacted: - antgrid-server =0.0.2, =0.1.0, =0.1.0rc1, =0.1.0, =0.4.0 Source cves: CVE-2025-23336 Source advisory:...

disable_eval

This is a Ruby gem called "disableeval" that provides a method to protect against eval-related security vulnerabilities. The gem is designed to prevent remote code execution RCE attacks by disabling the eval method and its variants. The gem provides two main components: 1. A Rack middleware that...

CVE-2025-8417

The Catalog Importer, Scraper & Crawler plugin for WordPress is vulnerable to PHP code injection in all versions up to, and including, 5.1.4. This is due to reliance on a guessable numeric token e.g. ?key= 900001705 without proper authentication, combined with the unsafe use of eval on...

CVE-2025-8417

The Catalog Importer, Scraper & Crawler plugin for WordPress is vulnerable to PHP code injection in all versions up to, and including, 5.1.4. This is due to reliance on a guessable numeric token e.g. ?key= 900001705 without proper authentication, combined with the unsafe use of eval on...

CVE-2025-8417

CVE-2025-8417 affects the WordPress plugin Catalog Importer, Scraper & Crawler (versions

CVE-2025-8417 Catalog Importer, Scraper & Crawler <= 5.1.4 - Unauthenticated PHP Code Injection

The Catalog Importer, Scraper & Crawler plugin for WordPress is vulnerable to PHP code injection in all versions up to, and including, 5.1.4. This is due to reliance on a guessable numeric token e.g. ?key= 900001705 without proper authentication, combined with the unsafe use of eval on...

WordPress plugin Catalog Importer Scraper Crawler 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code injection vulnerability exists in...

PT-2025-37127

Name of the Vulnerable Software and Affected Versions: Catalog Importer, Scraper & Crawler plugin for WordPress versions through 5.1.4 Description: The Catalog Importer, Scraper & Crawler plugin for WordPress is susceptible to PHP code injection due to reliance on a guessable numeric token e.g.,...

vulnerable-python-poc-exploit

Отчет по анализу уязвимостей Python приложения vulnerable...

Linux Distros Unpatched Vulnerability : CVE-2022-40871

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dolibarr ERP & CRM =15.0.3 is vulnerable to Eval injection. By default, any administrator can be added to the installation page of dolibarr, and if successfully...

Linux Distros Unpatched Vulnerability : CVE-2017-12964

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There is a stack consumption issue in LibSass 3.4.5 that is triggered in the function Sass::Eval::operator in eval.cpp. It will lead to a remote denial of servi...

Linux Distros Unpatched Vulnerability : CVE-2017-12963

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There is an illegal address access in Sass::Eval::operator in eval.cpp of LibSass 3.4.5, leading to a remote denial of service attack. NOTE: this is similar to...

Linux Distros Unpatched Vulnerability : CVE-2024-42845

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An eval Injection vulnerability in the component invesalius/reader/dicom.py of InVesalius 3.1.99991 through 3.1.99998 allows attackers to execute arbitrary code...

Linux Distros Unpatched Vulnerability : CVE-2017-11555

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There is an illegal address access in the Eval::operator function in eval.cpp in LibSass 3.4.5. A crafted input will lead to a remote denial of service...

Linux Distros Unpatched Vulnerability : CVE-2020-15591

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fexsrv in FEX aka Frams' Fast File EXchange before fex-201609192 allows eval injection for unauthenticated remote code execution. CVE-2020-15591 Note that Nessu...

TOTOLINK A3002R eval function command injection vulnerability

The TOTOLINK A3002R is a wireless router manufactured by China's Gion Electronics TOTOLINK, whose main function is to provide wireless network connectivity for home or small office environments. TOTOLINK A3002R suffers from a command injection vulnerability that stems from the presence of command...

Denial-of-Service attack in pyLoad CNL Blueprint using dukpy.evaljs

Dear Maintainers, I am writing to you on behalf of the Tencent AI Sec. We have identified a potential vulnerability in one of your products and would like to report it to you for further investigation and mitigation. Summary The jk parameter is received in pyLoad CNL Blueprint. Due to the lack of...

vLLM has remote code execution vulnerability in the tool call parser for Qwen3-Coder

Summary An unsafe deserialization vulnerability allows any authenticated user to execute arbitrary code on the server if they are able to get the model to pass the code as an argument to a tool call. Details vLLM's Qwen3 Coder tool parser contains a code execution path that uses Python's eval...

PT-2025-34260 · Unknown +1 · Qwen3 Coder +1

Name of the Vulnerable Software and Affected Versions: vLLM affected versions not specified Description: An unsafe deserialization allows any authenticated user to execute arbitrary code on the server if they are able to get the model to pass the code as an argument to a tool call. The issue...

The Silent, Fileless Threat of VShell

The Silent, Fileless Threat of VShell By Sagar Bade · August 21, 2025 Introduction Linux environments are often seen as bastions of security, favored by developers, sysadmins, and security professionals for their stability, transparency, and resistance to malware. Compared to Windows, the attack...