CVE-2026-42079 PPTAgent: Arbitrary Code Execution via Python eval() of LLM-Generated Code with Builtins in Scope

PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, PPTAgent is vulnerable to arbitrary code execution via Python eval of LLM-generated code with builtins in scope. This issue has been patched via commit 418491a...

An Empirical Security Evaluation of LLM-Generated Cryptographic Rust Code

Developers and organizations are using Large Language Models LLMs to generate security-critical code more frequently than ever, including cryptographic solutions for their products. This study presents an empirical evaluation of cryptographic security in 240 Rust code samples for two crypto...

Watermarking LLM-Generated Datasets in Downstream Tasks

Large Language Models LLMs have experienced rapid advancements, with applications spanning a wide range of fields, including sentiment classification, review generation, and question answering. Due to their efficiency and versatility, researchers and companies increasingly employ LLM-generated da...

Malicious code in omigo-data-analytics (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ae4cfba5955464b4ebdf67da4386ccc25b7431d6dfc11e70146b23c0a8185860 The package looks like a beginning for a further work. In fact, the uploader has shortly published a few similar packages appearing to be e.g. an integration f...

GHSA-RRQQ-FV6M-692M vanna vulnerable to remote code execution caused by prompt injection

In the latest version of vanna-ai/vanna, the vanna.ask function is vulnerable to remote code execution due to prompt injection. The root cause is the lack of a sandbox when executing LLM-generated code, allowing an attacker to manipulate the code executed by the exec function in...

CVE-2024-5826

In the latest version of vanna-ai/vanna, the vanna.ask function is vulnerable to remote code execution due to prompt injection. The root cause is the lack of a sandbox when executing LLM-generated code, allowing an attacker to manipulate the code executed by the exec function in...

CVE-2024-5826

CVE-2024-5826 – vanna-ai/vanna has a remote code execution vulnerability in the vanna.ask function due to prompt injection. The root cause is the absence of a sandbox when executing LLM-generated code, allowing an attacker to manipulate the code executed by the exec function in src/vanna/base/bas...

CVE-2024-5826 Remote Code Execution via Prompt Injection in vanna-ai/vanna

In the latest version of vanna-ai/vanna, the vanna.ask function is vulnerable to remote code execution due to prompt injection. The root cause is the lack of a sandbox when executing LLM-generated code, allowing an attacker to manipulate the code executed by the exec function in...