Lucene search
K

292 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 12:28 a.m.9 views

CVE-2013-1662

vmware-mount in VMware Workstation 8.x and 9.x and VMware Player 4.x and 5.x, on systems based on Debian GNU/Linux, allows host OS users to gain host OS privileges via a crafted lsbrelease binary in a directory in the PATH, related to use of the popen library function...

6.9CVSS6.9AI score0.04638EPSS
Exploits4References1
Veracode
Veracode
added 2025/05/07 7:26 a.m.8 views

OS Command Injection

aworld is vulnerable to OS Command Injection. The vulnerability is due to improper input sanitization due to unsafe use of subprocess.run and subprocess.Popen in AWorld/aworld/virtualenvironments/terminals/shelltool.py, which allows remote attackers to execute arbitrary operating system commands ...

8.1CVSS7.8AI score0.03164EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2025/04/28 9:30 p.m.9 views

AWorld OS Command Injection vulnerability

A vulnerability was found in inclusionAI AWorld up to 8c257626e648d98d793dd9a1a950c2af4dd84c4e. It has been rated as critical. This issue affects the function subprocess.run/subprocess.Popen of the file AWorld/aworld/virtualenvironments/terminals/shelltool.py. The manipulation leads to os command...

8.1CVSS7.1AI score0.03164EPSS
Exploits1References8Affected Software1
CNNVD
CNNVD
added 2025/04/28 12:0 a.m.3 views

AWorld 命令注入漏洞

AWorld is an easy to build, evaluate, and run generic multi-agent assistance program open-sourced by inclusionAI. AWorld suffers from a command injection vulnerability that stems from incorrect manipulation of the function subprocess.run/subprocess.Popen resulting in os command injection...

8.1CVSS5.5AI score0.03164EPSS
Exploits1References6
OSV
OSV
added 2025/03/24 9:15 a.m.6 views

CVE-2025-2701

A vulnerability classified as critical was found in AMTT Hotel Broadband Operation System 1.0. This vulnerability affects the function popen of the file /manager/network/portsetup.php. The manipulation of the argument SwitchVersion/SwitchWrite/SwitchIP/SwitchIndex/SwitchState leads to os command...

9.8CVSS5.5AI score0.06634EPSS
Exploits1References4
NVD
NVD
added 2025/03/20 10:15 a.m.17 views

CVE-2024-9920

In version v12 of parisneo/lollms-webui, the 'Send file to AL' function allows uploading files with various extensions, including potentially dangerous ones like .py, .sh, .bat, and more. Attackers can exploit this by uploading files with malicious content and then using the '/openfile' API...

8.8CVSS0.01247EPSS
Exploits1References1
CVE
CVE
added 2025/03/20 10:10 a.m.81 views

CVE-2024-9920

CVE-2024-9920 affects parisneo/lollms-webui (v12). The vulnerability occurs in the “Send file to AL” feature, which accepts file uploads with extensions such as .py/.sh/.bat and then can execute them via the /open_file endpoint. Root cause: files are opened with subprocess.Popen without proper va...

8.8CVSS7.1AI score0.01247EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2024/11/21 5:15 p.m.63 views

CVE-2024-52803

LLama Factory enables fine-tuning of large language models. A critical remote OS command injection vulnerability has been identified in the LLama Factory training process. This vulnerability arises from improper handling of user input, allowing malicious actors to execute arbitrary OS commands on...

9.8CVSS0.02273EPSS
Exploits1References3
Cvelist
Cvelist
added 2024/11/21 4:53 p.m.66 views

CVE-2024-52803 LLama Factory Remote OS Command Injection Vulnerability

LLama Factory enables fine-tuning of large language models. A critical remote OS command injection vulnerability has been identified in the LLama Factory training process. This vulnerability arises from improper handling of user input, allowing malicious actors to execute arbitrary OS commands on...

7.5CVSS0.02273EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2024/11/21 4:53 p.m.9 views

CVE-2024-52803 LLama Factory Remote OS Command Injection Vulnerability

LLama Factory enables fine-tuning of large language models. A critical remote OS command injection vulnerability has been identified in the LLama Factory training process. This vulnerability arises from improper handling of user input, allowing malicious actors to execute arbitrary OS commands on...

7.5CVSS8.1AI score0.02273EPSS
Exploits1References3
CVE
CVE
added 2024/11/21 4:53 p.m.72 views

CVE-2024-52803

CVE-2024-52803 affects LLama Factory, where the training process is vulnerable to a remote OS command injection due to insecure use of Popen with shell=True and unsanitized user input. The issue allows an attacker to execute arbitrary OS commands on the host, with impact described as high for con...

9.8CVSS7.9AI score0.02273EPSS
Exploits1References3Affected Software1
Metasploit
Metasploit
added 2024/11/01 6:54 p.m.326 views

Python Execute Command

Execute an arbitrary OS command. Compatible with Python 2.7 and 3.4+. Module Options msf use payload/python/exec msf payloadexec show actions ...actions... msf payloadexec set ACTION msf payloadexec show options ...show and set options... msf payloadexec run module MetasploitModule CachedSize =...

5.9AI score
Exploits0
OSV
OSV
added 2024/06/24 12:15 a.m.9 views

CVE-2024-3121

A remote code execution vulnerability exists in the createcondaenv function of the parisneo/lollms repository, version 5.9.0. The vulnerability arises from the use of shell=True in the subprocess.Popen function, which allows an attacker to inject arbitrary commands by manipulating the envname and...

3.3CVSS8.1AI score0.00446EPSS
Exploits2References1
Github Security Blog
Github Security Blog
added 2024/06/11 8:22 p.m.20 views

document-merge-service vulnerable to Remote Code Execution via Server-Side Template Injection

Impact What kind of vulnerability is it? Who is impacted? A remote code execution RCE via server-side template injection SSTI allows for user supplied code to be executed in the server's context where it is executed as the document-merge-server user with the UID 901 thus giving an attacker...

7.2CVSS8.9AI score0.01031EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2024/05/16 9:15 a.m.41 views

CVE-2024-3126

A command injection vulnerability exists in the 'runxttsapiserver' function of the parisneo/lollms-webui application, specifically within the 'lollmsxtts.py' script. The vulnerability arises due to the improper neutralization of special elements used in an OS command. The affected function utiliz...

8.4CVSS8.8AI score0.01321EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2024/03/20 3:50 a.m.4 views

SUSE CVE-2023-41334

Astropy is a project for astronomy in Python that fosters interoperability between Python astronomy packages. Version 5.3.2 of the Astropy core package is vulnerable to remote code execution due to improper input validation in the TranformGraph.todotgraph function. A malicious user can provide a...

8.4CVSS8.2AI score0.01124EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2024/03/18 6:48 p.m.17 views

CVE-2023-41334

Astropy is a project for astronomy in Python that fosters interoperability between Python astronomy packages. Version 5.3.2 of the Astropy core package is vulnerable to remote code execution due to improper input validation in the TranformGraph.todotgraph function. A malicious user can provide a...

8.4CVSS8.5AI score0.01124EPSS
Exploits1
PyPA
PyPA
added 2024/01/22 1:15 a.m.8 views

PYSEC-2024-9

MetaGPT through 0.6.4 allows the QaEngineer role to execute arbitrary code because RunCode.runscript passes shell metacharacters to subprocess.Popen...

8.8CVSS8AI score0.0096EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/22 12:0 a.m.4 views

CVE-2024-23750

MetaGPT through 0.6.4 allows the QaEngineer role to execute arbitrary code because RunCode.runscript passes shell metacharacters to subprocess.Popen...

9AI score0.0096EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/01/21 12:0 a.m.8 views

PT-2024-20056 · Metagpt · Metagpt

Name of the Vulnerable Software and Affected Versions: MetaGPT versions 0.6.4 and earlier Description: The issue allows the QaEngineer role to execute arbitrary code because RunCode.run script passes shell metacharacters to subprocess.Popen. This enables potential exploitation, but specific detai...

8.8CVSS8.9AI score0.0096EPSS
Exploits1References10
Rows per page
Query Builder