Lucene search
K

25 matches found

EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42900

PraisonAI pip package praisonaiagents before 1.6.78 contains an unsafe dynamic module loading vulnerability in AgentFlow.resolvepydanticclass src/praisonai-agents/praisonaiagents/workflows/workflows.py. When a workflow step uses a string outputpydantic reference, the framework locates and imports...

8.5CVSS6.3AI score0.00129EPSS
Exploits0References2
CVE
CVE
added 5 days ago6 views

CVE-2026-61437

CVE-2026-61437 : PraisonAI (pip package praisonaiagents) prior to 1.6.78 contains an unsafe dynamic module loading vulnerability in AgentFlow.resolve_pydantic_class. When a workflow step uses a string output_pydantic reference, the framework imports a sibling tools.py from the workflow directory ...

8.5CVSS6.3AI score0.00129EPSS
Exploits0References2
Cvelist
Cvelist
added 5 days ago31 views

CVE-2026-61437 PraisonAI before 1.6.78 Remote Code Execution via tools.py

PraisonAI pip package praisonaiagents before 1.6.78 contains an unsafe dynamic module loading vulnerability in AgentFlow.resolvepydanticclass src/praisonai-agents/praisonaiagents/workflows/workflows.py. When a workflow step uses a string outputpydantic reference, the framework locates and imports...

8.5CVSS0.00129EPSS
Exploits0References2
CVE
CVE
added 2026/05/22 7:28 p.m.166 views

CVE-2026-5843

The CVE describes a vulnerability in Docker Model Runner (macOS) where the MLX-LM backend unconditionally imports and executes arbitrary Python files specified by model_file in a model's config.json via importlib, without a trust_remote_code gate or sandboxing. This enables container-to-host arbi...

8.8CVSS6.4AI score0.00224EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/04/16 1:9 a.m.11 views

GHSA-VP22-38M5-R39R PySpector has a Plugin Code Execution Bypass via Incomplete Static Analysis in PluginSecurity.validate_plugin_code

Summary The plugin security validator in PySpector uses AST-based static analysis to prevent dangerous code from being loaded as plugins. The blocklist implemented in PluginSecurity.validateplugincode is incomplete and can be bypassed using several Python constructs that are not checked. An...

6.9CVSS6.6AI score0.00185EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/04/16 1:9 a.m.9 views

PySpector has a Plugin Code Execution Bypass via Incomplete Static Analysis in PluginSecurity.validate_plugin_code

Summary The plugin security validator in PySpector uses AST-based static analysis to prevent dangerous code from being loaded as plugins. The blocklist implemented in PluginSecurity.validateplugincode is incomplete and can be bypassed using several Python constructs that are not checked. An...

7.8CVSS6.6AI score0.00185EPSS
Exploits1References5Affected Software1
GithubExploit
GithubExploit
added 2026/02/13 1:56 p.m.272 views

Exploit for Uncontrolled Search Path Element in Needrestart_Project Needrestart

CVE-2024-48990 — needrestart Local Privilege Escalation Local...

7.8CVSS5.9AI score0.19924EPSS
Exploits15
EUVD
EUVD
added 2026/02/02 10:36 a.m.4 views

EUVD-2024-27309

A Local File Inclusion LFI vulnerability exists in the '/reinstallextension' endpoint of the parisneo/lollms-webui application, specifically within the name parameter of the @router.post"/reinstallextension" route. This vulnerability allows attackers to inject a malicious name parameter, leading ...

9.6CVSS5.9AI score0.00769EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/02 12:0 a.m.8 views

PT-2026-5649

A Local File Inclusion LFI vulnerability exists in the '/reinstall extension' endpoint of the parisneo/lollms-webui application, specifically within the name parameter of the @router.post"/reinstall extension" route. This vulnerability allows attackers to inject a malicious name parameter, leadin...

9.6CVSS5.9AI score0.00769EPSS
Exploits0References3
OSV
OSV
added 2026/01/09 9:12 p.m.3 views

GHSA-Q5QQ-MVFM-J35X Fickling has Static Analysis Bypass via Incomplete Dangerous Module Blocklist

Fickling's assessment ctypes, importlib, runpy, code and multiprocessing were added the list of unsafe imports https://github.com/trailofbits/fickling/commit/9a2b3f89bd0598b528d62c10a64c1986fcb09f66, https://github.com/trailofbits/fickling/commit/eb299b453342f1931c787bcb3bc33f3a03a173f9,...

9.3CVSS6.2AI score0.00554EPSS
Exploits1References11
Github Security Blog
Github Security Blog
added 2026/01/09 9:12 p.m.10 views

Fickling has Static Analysis Bypass via Incomplete Dangerous Module Blocklist

Fickling's assessment ctypes, importlib, runpy, code and multiprocessing were added the list of unsafe imports https://github.com/trailofbits/fickling/commit/9a2b3f89bd0598b528d62c10a64c1986fcb09f66, https://github.com/trailofbits/fickling/commit/eb299b453342f1931c787bcb3bc33f3a03a173f9,...

9.3CVSS8.7AI score0.00554EPSS
Exploits1References11Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-32166

Malicious code in bioql PyPI...

6.6AI score
Exploits0References1
OSV
OSV
added 2025/10/02 2:28 p.m.4 views

MAL-2025-47886 Malicious code in importlib-resources (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1a22bec72f60bb7cc973586a56fe04d0278d14854c10f0e3ed7b88dc7dc556a9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
Snyk
Snyk
added 2025/10/02 2:28 p.m.1 views

Malicious Package

Overview importlib-metadata is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/10/02 2:28 p.m.5 views

Malicious code in importlib-resources (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1a22bec72f60bb7cc973586a56fe04d0278d14854c10f0e3ed7b88dc7dc556a9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
Snyk
Snyk
added 2025/10/02 2:28 p.m.4 views

Malicious Package

Overview importlib-resources is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.8AI score
Exploits0References2
GithubExploit
GithubExploit
added 2024/11/20 6:41 p.m.374 views

Exploit for Uncontrolled Search Path Element in Needrestart_Project Needrestart

PoC for CVE-2024-48990 in needrestart educational purpose...

7.8CVSS7.9AI score0.19924EPSS
Exploits15
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/11/06 6:46 p.m.4 views

Malicious code in importlib-resource (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0fd6066b0541bd12a7a24cd00cf0cebdc0d82832ae6ead0c90db2589bf50e152 A campaign of probably pentest packages flooding PYPI. Installing the package or importing the module triggers reporting basic info like hostname, path and the...

7.1AI score
Exploits0References1
OSV
OSV
added 2024/11/06 6:46 p.m.4 views

MAL-2024-10737 Malicious code in importlib-resource (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0fd6066b0541bd12a7a24cd00cf0cebdc0d82832ae6ead0c90db2589bf50e152 A campaign of probably pentest packages flooding PYPI. Installing the package or importing the module triggers reporting basic info like hostname, path and the...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/06/25 12:46 p.m.4 views

Malicious code in importlib-metadata (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 35c1ba96ae1a4f623e6b2c175b5745b1a1eaa0c1c04c6022a3eb07c135d2dcdb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References3
Rows per page
Query Builder