4 matches found
CVE-2026-7584 Arbitrary Code Execution via Unsafe Deserialization in LabOne Q
The LabOne Q serialization framework uses a class-loading mechanism importcls to dynamically import and instantiate Python classes during deserialization. Prior to the fix, this mechanism accepted arbitrary fully-qualified class names from the serialized data without any validation of the target...
CVE-2026-7584 Arbitrary Code Execution via Unsafe Deserialization in LabOne Q
The LabOne Q serialization framework uses a class-loading mechanism importcls to dynamically import and instantiate Python classes during deserialization. Prior to the fix, this mechanism accepted arbitrary fully-qualified class names from the serialized data without any validation of the target...
PYSEC-2024-192
An issue was discovered in llamaindex before 0.10.38. download/integration.py includes an exec call for import clsname...
Remote Code Execution (RCE)
yoast/wordpress-seo is vulnerable to remote code execution. An SEO Manager is able to execute arbitrary OS commands via a ZIP import through a race condition vulnerability in unzipfile in admin/import/class-import-settings.php...