PYSEC-2023-162

An issue in LanChain-ai Langchain v.0.0.245 allows a remote attacker to execute arbitrary code via the evaluate function in the numexpr library...

PYSEC-2023-163

An issue in LanChain-ai Langchain v.0.0.245 allows a remote attacker to execute arbitrary code via the evaluate function in the numexpr library...

CVE-2023-39631

An issue in LanChain-ai Langchain v.0.0.245 allows a remote attacker to execute arbitrary code via the evaluate function in the numexpr library...

Four Must-haves to Strengthen Your Endpoint Security

To combat complexity and achieve optimal security outcomes, there are four key factors an organization should consider when evaluating their endpoint security...

A Framework for Enhanced Security: Continuous Threat Exposure Management (CTEM)

If you're a cybersecurity professional, you're likely familiar with the sea of acronyms our industry is obsessed with. From CNAPP, to CWPP, to CIEM and all of the myriad others, there seems to be a new initialism born each day. In this article, we'll look at another trending acronym – CTEM, which...

a2 (>=0.1.0 <=0.3.17), agentos (>=0.0.5 <=0.0.7) +144 more potentially affected by CVE-2023-30172 via mlflow (>=0.8.2 <=1.9.1)

mlflow PYPI version =0.8.2, =0.1.0, =0.0.5, =0.1.2, =1.0.18.2, =0.0.1, =1.0.41, =1.4.0, =0.2.5, =3.0.0, =0.1.0, =0.2.0, =0.3.5, =0.8.0, =1.0.0 and more Source cves: CVE-2023-30172 Source advisory: OSV:GHSA-WC6J-5G83-XFM6...

CVE-2023-26912

Cross site scripting XSS vulnerability in xenv S-mall-ssm thru commit 3d9e77f7d80289a30f67aaba1ae73e375d33ef71 on Feb 17, 2020, allows local attackers to execute arbitrary code via the evaluate button...

CVE-2023-26912

Cross site scripting XSS vulnerability in xenv S-mall-ssm thru commit 3d9e77f7d80289a30f67aaba1ae73e375d33ef71 on Feb 17, 2020, allows local attackers to execute arbitrary code via the evaluate button...

Cross site scripting

Cross site scripting XSS vulnerability in xenv S-mall-ssm thru commit 3d9e77f7d80289a30f67aaba1ae73e375d33ef71 on Feb 17, 2020, allows local attackers to execute arbitrary code via the evaluate button...

xenv S-mall-ssm 跨站脚本漏洞

S-mall-ssm Small Mall System is a mall system by the China Not So Empty xenv individual developer. A security vulnerability exists in xenv S-mall-ssm, which originated from a vulnerability that allows a local attacker to execute arbitrary code via the evaluate button...

SUSE CVE-2008-0413

The JavaScript engine in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to cause a denial of service crash and possibly trigger memory corruption via 1 a large switch statement, 2 certain uses of watch and eval, 3 certain uses of t...

SUSE CVE-2018-14722

An issue was discovered in evaluateautomountpoint in btrfsmaintenance-functions in btrfsmaintenance through 0.4.1. Code execution as root can occur via a specially crafted filesystem label if btrfs-scrub,balance,trim are set to auto in /etc/sysconfig/btrfsmaintenance this is not the default, thou...

SUSE CVE-2019-13300

ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling columns...

SUSE CVE-2021-42383

A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function...

SUSE CVE-2021-42385

A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function...

CVE-2022-45926

An issue was discovered in OpenText Content Suite Platform 22.1 16.2.19.1803. The endpoint notify.localizeEmailTemplate allows a low-privilege user to evaluate webreports...

PT-2023-27040

Name of the Vulnerable Software and Affected Versions LangChain versions 0.0.245 through 0.0.307 Description The issue is related to incorrect code generation control in the numexpr library of the LangChain framework, allowing a remote attacker to execute arbitrary code via the evaluate function...

WordPress Evaluate plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2022-3753

The Evaluate WordPress plugin through 1.0 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup...

CVE-2022-3753

The CVE-2022-3753 entry concerns the WordPress Evaluate plugin (