Lucene search
K

2229 matches found

Nuclei
Nuclei
added 15 hours ago69 views

Mesop AI Sandbox <= 1.2.2 - Remote Code Execution

Mesop = 1.2.2 contains an unrestricted remote code execution caused by unauthenticated ingestion and execution of base64-encoded Python code in the /exec-py endpoint of ai/testing module, letting attackers execute arbitrary commands on the host, exploit requires HTTP access to the server. id:...

9.8CVSS6.6AI score0.05289EPSS
Exploits0References2
OSV
OSV
added yesterday9 views

ROOT-APP-PYPI-CVE-2025-69224 CVE-2025-69224 in rootio-aiohttp - Patched by Root

Root has patched CVE-2025-69224 in the rootio-aiohttp package for Root:PyPI. Multiple fixed versions available...

6.5CVSS5.2AI score0.00213EPSS
Exploits0
CVE
CVE
added 2 days ago8 views

CVE-2026-62239

FlashAttention (up to 2.8.3.post1) contains a symlink attack in hopper/setup.py: download_and_copy() extracts NVIDIA toolchain archives without validating symlinks or filtering tar members. A local attacker can plant a predictable symlink in the cache to redirect extracted binaries to a chosen lo...

6.6CVSS6.2AI score0.00129EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 5 days ago6 views

CVE-2026-15332

A security flaw has been discovered in zhayujie CowAgent up to 2.1.0. The impacted element is an unknown function of the file channel/channel.py of the component Message Endpoint. The manipulation results in missing authorization. The attack may be launched remotely. The exploit has been released...

6.5CVSS6.2AI score0.00209EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 5 days ago8 views

EUVD-2026-42809

A security flaw has been discovered in zhayujie CowAgent up to 2.1.0. The impacted element is an unknown function of the file channel/channel.py of the component Message Endpoint. The manipulation results in missing authorization. The attack may be launched remotely. The exploit has been released...

6.5CVSS6.2AI score0.00209EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 6 days ago7 views

PT-2026-57043

Name of the Vulnerable Software and Affected Versions rattler cache affected versions not specified py-rattler affected versions not specified Description These components are susceptible to package-cache path traversal when processing package metadata from conda channels. During cache...

5.4CVSS6.1AI score0.00033EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/07/08 2:0 p.m.34 views

CVE-2026-15035 bentoml OpenLLM Model Repository Directory Name common.py async_run_command command injection

A vulnerability was found in bentoml OpenLLM 0.6.30. This affects the function asyncruncommand of the file src/openllm/common.py of the component Model Repository Directory Name Handler. Performing a manipulation of the argument cmd results in command injection. Attacking locally is a requirement...

5.3CVSS0.01338EPSS
Exploits1References7
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-412 Mesop Affected by Unauthenticated Remote Code Execution via Test Suite Route /exec-py

Summary An explicit web endpoint inside the ai/ testing module infrastructure directly ingests untrusted Python code strings unconditionally without authentication measures, yielding standard Unrestricted Remote Code Execution. Any individual capable of routing HTTP logic to this server block wil...

9.8CVSS6.1AI score0.05289EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/26 7:31 p.m.7 views

EUVD-2026-39879

Patool before 4.0.5 contains a path traversal vulnerability in the safeextract function in patoolib/programs/pytarfile.py when running on Python before 3.12, where the iswithindirectory helper uses os.path.commonprefix for character-level string comparison instead of path-level comparison, allowi...

5.4CVSS5.9AI score0.00285EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/26 7:31 p.m.6 views

CVE-2026-29509

Patool before 4.0.5 contains a path traversal vulnerability in the safeextract function in patoolib/programs/pytarfile.py when running on Python before 3.12, where the iswithindirectory helper uses os.path.commonprefix for character-level string comparison instead of path-level comparison, allowi...

5.4CVSS5.9AI score0.00285EPSS
Exploits0References4
CVE
CVE
added 2026/06/26 7:31 p.m.27 views

CVE-2026-29509

Patool before 4.0.5 is vulnerable to a path traversal in the safe_extract() function (patoolib/programs/py_tarfile.py). The is_within_directory() helper uses character-level comparison via os.path.commonprefix(), not path-level checks, allowing a crafted archive member path to bypass containment ...

5.4CVSS5.9AI score0.00285EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/20 6:47 p.m.11 views

Malicious code in request-cache-py (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eafb96e46544cb1351d26caf52bff79055bc205a1f8454737b677fff8fbc6fea request-cache-py impersonates the legitimate requests-cache HTTP caching library. On import requestcachepy, the package's init.py starts a background...

6.1AI score
Exploits0References12
CVE
CVE
added 2026/06/17 9:37 p.m.27 views

CVE-2026-54386

CVE-2026-54386 affects marimo prior to 0.23.9. A reflected XSS in the notebook page arises from improper escaping of single quotes in the file query parameter reflected into an inline JavaScript string. An unauthenticated attacker can craft a link with a payload (notably starting with new ) that ...

6.1CVSS5.1AI score0.00239EPSS
Exploits0References4
Snyk
Snyk
added 2026/06/11 9:0 p.m.12 views

Malicious Package

Overview spl-token-py is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 2026/06/11 9:0 p.m.11 views

Malicious Package

Overview solana-cli-py is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 2026/06/11 9:0 p.m.9 views

Malicious Package

Overview solana-web3-py is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.4AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/08 10:22 p.m.14 views

Malicious code in solana-web3-py (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector af1a2f1a7c7e3bddb9c8d2fcb8a4c86a6755763c94b95b1eddb81f382318c432 Malicious typosquat impersonating the legitimate Solana Python SDK solana / solana-py and the JS @solana/web3.js. The package ships no SDK...

5.6AI score
Exploits0References3
OSV
OSV
added 2026/06/08 10:22 p.m.13 views

MAL-2026-5338 Malicious code in solana-web3-py (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector af1a2f1a7c7e3bddb9c8d2fcb8a4c86a6755763c94b95b1eddb81f382318c432 Malicious typosquat impersonating the legitimate Solana Python SDK solana / solana-py and the JS @solana/web3.js. The package ships no SDK...

5.6AI score
Exploits0References3
OSV
OSV
added 2026/06/08 10:21 p.m.14 views

MAL-2026-5336 Malicious code in solana-cli-py (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 80ee640ddeeacc31a125ec0fcc11dcb5f9a23e18f5ed003ce2dfcb1de8bbe1dd On import solanaclipy, the package's top-level init.py unconditionally invokes report, which harvests standard developer-side secret material and POS...

5.6AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/08 10:19 p.m.13 views

Malicious code in spl-token-py (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e05ba3043dc87365ee0b1dc44cc58243b34b6cdccdf258c5bb9218a06a65d336 On import spltokenpy, the package's init.py collects sensitive files from the installer's machine — /.config/solana/id.json Solana wallet key,...

5.8AI score
Exploits0References3
Rows per page
Query Builder