Lucene search
K

354 matches found

Cvelist
Cvelist
added 4 days ago29 views

CVE-2026-61437 PraisonAI before 1.6.78 Remote Code Execution via tools.py

PraisonAI pip package praisonaiagents before 1.6.78 contains an unsafe dynamic module loading vulnerability in AgentFlow.resolvepydanticclass src/praisonai-agents/praisonaiagents/workflows/workflows.py. When a workflow step uses a string outputpydantic reference, the framework locates and imports...

8.5CVSS0.00129EPSS
Exploits0References2
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-42900

PraisonAI pip package praisonaiagents before 1.6.78 contains an unsafe dynamic module loading vulnerability in AgentFlow.resolvepydanticclass src/praisonai-agents/praisonaiagents/workflows/workflows.py. When a workflow step uses a string outputpydantic reference, the framework locates and imports...

8.5CVSS6.3AI score0.00129EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-57194

Name of the Vulnerable Software and Affected Versions praisonaiagents versions prior to 1.6.78 Description An unsafe dynamic module loading issue exists in the AgentFlow. resolve pydantic class function. When a workflow step utilizes a string output pydantic reference, the framework imports a...

8.5CVSS6.4AI score0.00129EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/07/07 11:46 a.m.4 views

CVE-2011-10043

Module::Load versions before 0.22 for Perl allow arbitrary modules outside of @INC to be loaded. Module names starting with "::" could be passed to the load function to specify arbitrary module paths. Attackers able to influence module names passed to load could use that bug to execute arbitrary...

9.8CVSS6.1AI score0.00429EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/06/30 1:9 a.m.6 views

CVE-2026-58302

rtapiapp in linuxcnc-uspace in LinuxCNC before 2.9.9 allows privilege escalation. It is installed SUID root and loads shared library modules via dlopen by using a user-supplied module name. Insufficient validation of the module name allows path traversal, enabling an unprivileged local user to lo...

8.4CVSS5.9AI score0.00152EPSS
Exploits0
CVE
CVE
added 2026/06/30 1:9 a.m.19 views

CVE-2026-58302

CVE-2026-58302 affects the LinuxCNC project, specifically the rtapi_app in linuxcnc-uspace prior to version 2.9.9. The binary is installed with SUID root and loads shared library modules via dlopen() using a user-supplied module name. The validation of the module name is insufficient, allowing pa...

8.4CVSS5.9AI score0.00152EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/30 1:9 a.m.7 views

EUVD-2026-40241

rtapiapp in linuxcnc-uspace in LinuxCNC before 2.9.9 allows privilege escalation. It is installed SUID root and loads shared library modules via dlopen by using a user-supplied module name. Insufficient validation of the module name allows path traversal, enabling an unprivileged local user to lo...

8.4CVSS5.9AI score0.00152EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-58302

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - rtapiapp in linuxcnc-uspace in LinuxCNC before 2.9.9 allows privilege escalation. It is installed SUID root and loads shared library modules via dlopen by using...

8.4CVSS6.2AI score0.00152EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/22 11:15 a.m.5 views

atril: evince: xreader: PDF /GoToR action argv injection enables single-click RCE via --gtk-module dlopen

A flaw was found in Atril, Evince and Xreader. A malicious link inside a specially crafted PDF document can cause arbitrary code execution when clicked due to improper quoting of attacker-controlled PDF link-destination fields during remote go-to /GoToR actions. This issue allows an attacker to...

8.4CVSS6.6AI score0.00529EPSS
Exploits1References12
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Module: Fix eshstrndx.shsize=0 OOB access It is trivial to create a module that triggers OOB access with the following code: if info-secstringsstrhdr-shsize – 1 != '\0' Bug: Unable to handle page faults for the address:...

7.1CVSS6.1AI score0.00282EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/16 6:39 a.m.8 views

CVE-2026-47137

A flaw was found in vm2, an open-source virtual machine VM sandbox for Node.js. A remote attacker could bypass a security check designed to prevent the combination of nested environments and disabled module loading. This bypass occurs because a strict equality check for the require option can be...

10CVSS5.8AI score0.00382EPSS
Exploits0References8
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in zsh

In Zsh before version 5.8, attackers who were able to execute commands could regain privileges lost due to the --no-PRIVILEGED option. Zsh failed to overwrite the saved user ID, so the original privileges could be restored by executing MODULEPATH=/dir/with/module zmodload with a module that calls...

7.8CVSS8.2AI score0.00495EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: bpf: Fixed a UAF Use-After-Free issue caused by a race between btftrygetmodule and loadmodule. While working on code to populate the BTF IDs for modules during their initialization, I noticed that by the time the initialization...

7.8CVSS6.3AI score0.00258EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: powerpc64/ftrace: fixed the issue of module loading without patchable function entries. getstubssize assumes that there must always be at least one patchable function entry, which is not always the case modules that export dat...

5.5CVSS6.6AI score0.0014EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerability has been resolved: dm ioctl: This issue is fixed if the listversions function races with the module loading process. listversions will first estimate the required space using the dmtargetiteratelistversiongetneeded, &needed call, and then fill that...

4.7CVSS6.5AI score0.00137EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2026/05/14 8:1 a.m.9 views

jq: stack overflow in module loading on mutual `include`

...

6.8CVSS5.8AI score0.00161EPSS
Exploits1
NVD
NVD
added 2026/05/13 6:16 p.m.13 views

CVE-2026-43998

vm2 is an open source vm/sandbox for Node.js. In 3.10.5, NodeVM's require.root path restriction can be bypassed using filesystem symlinks, allowing sandboxed code to load modules from outside the allowed root directory in host context. Because path validation uses path.resolve which does not...

8.5CVSS0.00722EPSS
Exploits1References4
OSV
OSV
added 2026/05/11 6:16 p.m.5 views

UBUNTU-CVE-2026-44777

jq is a command-line JSON processor. In 1.8.2rc1 and earlier, the ordinary module loader recurses without cycle detection when two otherwise valid modules include each other...

6.8CVSS5.8AI score0.00161EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/05/11 5:23 p.m.10 views

CVE-2026-44777 jq: stack overflow in module loading on mutual `include`

jq is a command-line JSON processor. In 1.8.2rc1 and earlier, the ordinary module loader recurses without cycle detection when two otherwise valid modules include each other...

6.8CVSS5.8AI score0.00161EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.12 views

jq 安全漏洞

jq is a lightweight and flexible command-line JSON processor developed by jqlang. Jq versions 1.8.2rc1 and earlier have security vulnerabilities. These vulnerabilities stem from the fact that the standard module loader does not perform cyclic checks when modules are included within each other,...

6.8CVSS5.8AI score0.00161EPSS
Exploits1References1
Rows per page
Query Builder