24 matches found
Authorization Bypass Through User-Controlled Key
Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the FindContainer function. An attacker can gain unauthorized interactive shell access to containers outside their permitted label scope by directly targeting container IDs through th...
CVE-2011-10028
The RealNetworks RealArcade platform includes an ActiveX control InstallerDlg.dll, version 2.6.0.445 that exposes a method named Exec via the StubbyUtil.ProcessMgr COM object. This method allows remote attackers to execute arbitrary commands on a victim's Windows machine without proper validation...
PT-2025-34109 · Undefined · Undefined
The RealNetworks RealArcade platform includes an ActiveX control InstallerDlg.dll, version 2.6.0.445 that exposes a method named Exec via the StubbyUtil.ProcessMgr COM object. This method allows remote attackers to execute arbitrary commands on a victim's Windows machine without proper validation...
CVE-2023-45869
ILIAS 7.25 2023-09-12 allows any authenticated user to execute arbitrary operating system commands remotely, when a highly privileged account accesses an XSS payload. The injected commands are executed via the exec function in the execQuoted method of the ilUtil class...
PYSEC-2023-194
langchainexperimental 0.0.14 allows an attacker to bypass the CVE-2023-36258 fix and execute arbitrary code via the PALChain in the python exec method...
langchain Code Injection vulnerability
An issue in Harrison Chase langchain allows an attacker to execute arbitrary code via the PALChain,frommathpromptllm.run in the python exec method...
langchain vulnerable to arbitrary code execution
An issue in langchain allows a remote attacker to execute arbitrary code via the PALChain parameter in the Python exec method...
CVE-2023-36188
An issue in langchain v.0.0.64 allows a remote attacker to execute arbitrary code via the PALChain parameter in the Python exec method...
CVE-2023-36188
An issue in langchain v.0.0.64 allows a remote attacker to execute arbitrary code via the PALChain parameter in the Python exec method...
Security feature bypass
An issue in langchain v.0.0.64 allows a remote attacker to execute arbitrary code via the PALChain parameter in the Python exec method...
PYSEC-2023-109
An issue in langchain v.0.0.64 allows a remote attacker to execute arbitrary code via the PALChain parameter in the Python exec method...
PT-2023-25472 · Langchain · Langchain
Name of the Vulnerable Software and Affected Versions: langchain version 0.0.64 Description: The issue allows a remote attacker to execute arbitrary code via the PALChain parameter in the Python exec method. This enables the attacker to run malicious code, potentially leading to system compromise...
CVE-2023-36188
CVE-2023-36188 affects LangChain v0.0.64, enabling remote code execution via the PALChain parameter in Python exec. The issue stems from deserialization/execution pathways that process untrusted data and can lead to arbitrary code execution. Affected product: LangChain core library (v0.0.64); imp...
CVE-2023-36188
An issue in langchain v.0.0.64 allows a remote attacker to execute arbitrary code via the PALChain parameter in the Python exec method...
CVE-2023-36188
An issue in langchain v.0.0.64 allows a remote attacker to execute arbitrary code via the PALChain parameter in the Python exec method...
PT-2023-25499 · Langchain · Langchain
Name of the Vulnerable Software and Affected Versions: LangChain versions prior to 0.0.236 Description: The issue allows an attacker to execute arbitrary code because Python code with os.system, exec, or eval can be used. This is possible via the PALChain in the python exec method. Recommendation...
LangChain vulnerable to code injection
In LangChain through 0.0.131, the LLMMathChain chain allows prompt injection attacks that can execute arbitrary code via the Python exec method...
CVE-2023-29374
In LangChain through 0.0.131, the LLMMathChain chain allows prompt injection attacks that can execute arbitrary code via the Python exec method...
CVE-2022-22817
PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be used...
CVE-2022-22817
PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be used...